Skip to Content

Forefront Unified Access Gateway (UAG) and SAP portal

Hi Guys

Do you have experience or knowledge about the integration of UAG as a reverse proxy for SAP Netweaver portal 7.0?

We are trying a setup where the SAP NW portal uses SPNEGO/kerberos authentication (and it is working), but when accessing the SAP NW portal through UAG we get a "HTTP basic authentication" prompt, while SPNEGO login module fails. UAG can be configured to use kerberos contrained delegation, but it does not work for us.

Anyone who have setup UAG - SAP NW portal integration ? Did you succed with any SSO: Which authentication mechanism' did you configure in UAG and i J2EE?

Best regards

Tom Bo

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Jan 03, 2011 at 09:41 PM

    Hi Tom,

    We also use Spnego and have recently tested and got the UAG to allow a SSO to the Portal. I was able to follow the following instructions to get in working order.

    http://blogs.technet.com/b/edgeaccessblog/archive/2010/04/15/sap-netweaver-portal-publishing-with-single-sign-on.aspx

    Hope this helps

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 17, 2010 at 09:02 PM

    Hi Tom,

    I work as a consultant for various customers who seek my companies expertise in Microsoft Forefront security. I published SAP Portal 7.0 for my customers and was able to provide seamless single sign with UAG.

    We configured NTLM authentication in UAG. We then configured SPNEGO and enabled fall back to Basic Authentication on SAP. This should work but you may need to write some authentication modification scripts if you are getting username/password errors.

    In addition, we did strong 2-factor authentication with RSA for one customer. Some of our customers also ask about enabling endpoint detection to do things like, If you dont have an updated antivirus, then you the user cannot download any documents from SAP.

    Thanks!

    Dennis Lee

    Celestix Networks

    Edited by: Dennis Lee CLX on Mar 17, 2010 10:06 PM

    Add comment
    10|10000 characters needed characters exceeded