on 11-24-2009 8:18 AM
Hi Experts,
I am facing problem when i am trying to create a WebdynproABAP component view in SE80 tcode.
It gives a pop up for password entry.
As we have SSO implemented in the SAP system we dont have any password.
I think the issue is with SSO as it works for other things except webdynpro view.
Please help me on this.
Regards,
Nik
Hi,
>As we have SSO implemented in the SAP system we dont have any password.
If you use snc based SSO for sapgui access, it does not give you SSO for HTTP access (webdynpro).
We had the same problem for BSP applications and had to recreate a password and disable sapgui SSO for users neeeding both sapgui and BSP access.
We have now a project to implement SPNEGO SSO through the portal for HTTP access.
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Olivier, hi Nik,
here is my quick guide to implementing SPNego SSO. Maybe it could be helpful...
SSO with JAVA AddIn on SAP WebAS NS2004s Configuring SPNego with ABAP
datasource
Written by Gerd Schuster
References: SAP note 994791
Create a user like j2ee-SID in the ADS and make sure that the settings
Password never expired and
Use DES encryption types for the account
are set. In the following screenshot I will use j2ee-q2b, j2ee-p2b as the service-user.
Then run the setspn command to assign trhe ServicePrincipalName to the user. This
was the URL that you use to access the J2EE engine.
setspn -A HTTP/hostname.domain.de domain_dej2ee-SID
Registering ServicePrincipalNames for CN=j2ee-q2b,OU=System-Accounts,...
HTTP/hostname
Updated object
A short ldifde revals some important parameters that we are going to use later:
SAMAccountName: j2ee-SID
userPrincipalName: j2ee-SID @domain.de
servicePrincipalName: HTTP/hostname
now start the configtool and add the krb5principalname as an additional UME attribute.
cd /usr/sap/SID/DVEBMGSxx/j2ee/configtool
./configtool.sh
go to "cluster-data", "instance_IDxxxxx", "server_IDxxxxxxx", "services",
"com.sap.security.core.ume.service" mark ume.admin.addattrs and set the custom
value krb5principalname
Restart ABAP and Java instance.
Create a user like j2ee-SID in the UME
Assign the Roles SAP_BC_JSF_COMMUNICATION and
SAP_BC_JSF_COMMUNICATION_RO to the user j2ee-SID
Now we can start the SPNego wizard. hostname.domain.de:port/spnego
Kerberos Realm: DOMAIN.DE
KDC-Host: domaincontroller.somain.de:88
Make sure that the KPN Prefix is set to uniquename wich is defined in the ABAP
dataSourceConfiguration file.
Auflösungsmodus: Präfix-basiert
KPN-Präfix: uniquename
KPN-Suffix: dn
Testauflösungsmodus, enter the J2EE user name e.g. j2ee-Q2B.
Kerberos Principal Name j2ee-Q2B @DOMAIN.DE will be resolved in
user j2ee-Q2B in UME
After the testing the resolution mode continue with the next step. I prefer to create
a new template and assign this template later on to my ticket component.
*password Fallback aktivieren
*SSO mit SAP-Anmeldetickets aktivieren
That's it.
Assign the spnego template we created to the ticket component via Visual Administrator.
cd /usr/sap//DVEBMGSxx/j2ee/admin
./go
Logon with user j2ee_admin, go to SID, Server, Services, Security Provider. On the
right side clickticket. Switch to edit mode. Authentication template: spnego
Regards
Gerd
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.