Skip to Content
avatar image
Former Member

"NTLM token found in authorization header during SPNego authentication"

Hi,

I'm configuring SPNEGO and after open the broser a windows appear asking for login ID and Password but then the Portal principal page appears asking again for login ID and password.

In webtool I found this error:

"NTLM token found in authorization header during SPNego authentication".

Here seems to be the solution but I have doubts about it

http://wiki.sdn.sap.com/wiki/display/JSTSG/(SIM)Problems-P67

u2022Check if the AS Java SPNego service user Service Principal Name (SPN) is unique throughout the LDAP repository.

If there is another user with same SPN in MS ADS the KDC cannot provide Kerberos token for the J2EE web service to Internet Explorer.

I have 3 LDAP and I created the user sapjsf in each one. This could be the cause?

Do I have to create differents users? sapjsf, sapjsf2, sapjsf3? intead of sapjsf only

Any clue?

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Jan 04, 2012 at 12:46 PM

    HI,

    The above information is correct in finding the solution as recieving ntml tokens instead of kerberos tokens is a result of either an AD or browser configuration issues.

    When you created your service user on the domains (SAPJSF) in your case you would have set some SPN's to that user, the spn that you set can only be unique to that user. Also you need to check all the releative browser configurations. KBA 1649110. Discusses the issue in more detail.

    Kind regards,

    Cathal

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 06, 2012 at 03:00 PM

    1649110 - SPNego for Kerberos Authentication NTLM token received in authorization header

    Add comment
    10|10000 characters needed characters exceeded