cancel
Showing results for 
Search instead for 
Did you mean: 

SPNego Configuration not working

Former Member
0 Kudos

Hi,

We are having issues using SPNego even though we have configured as mentioned in the guide attached to the note 1488409.

I don't see component under 'Policy Configuration '"com.sun.security.jgss.accept" at all. Also there is no separate directory structure under usr\sap\j2ee\sys\global\kerberos (I've read somewhere this directory structure is not available with the newer version).

Also when we logon to SPNego wizard it always shows error: "System does not provide a model for authentication management" with a button "Migrate"(this is seen everytime we logon to http://<servername:port>/spnego)

Could you please provide us any suggestions. We are on NW 7.02, J2ee was upgraded but SPNego was never configured before, Windows vista OS(web client) and AD on Windows 2003 server.

Thanks in advance.

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
0 Kudos

Hi,  I have one more question.  Is there impact of Clicking option "Migrate". Doest it disable the existing SSO configuration or it just allows to configure new SSO configuratio.  We are using an 3rd party application for SSO(ADAM) and want to migrate to SPNEGO configuration. And i am seeing an Migrate option in /spnego lonk. I just want to make sure my existing SSO is not disabled when i click on Migrate option.  Thanks Manish

Former Member
0 Kudos

Hi,

Please read the section in the pdf attached to the Note 1488409 - New SPNego Implementation.

Upgrade with the original SPNego

In case the AS Java engine was upgraded from an older version and the original SPNego was configured, meaning

you never used the add-on solution from SAP Note 1457499, follow the instructions in this section.

In order to finish the migration you need to perform several steps:

1. Open the SPNego wizard at http://<host>:<port>/spnego and log on with a user with administrator privileges

2. Hit the “Migrate” button that is displayed at the top of the page

3. SPNego should now work

Thanks

Rishi Abrol

Former Member
0 Kudos

Hi Rishi,   Thanks for your reply. But my question is after clicking on the option "Migrate"  Doest it disable the existing SSO configuration or it just allows to configure new SSO configuration.  Thanks Manish

Former Member
0 Kudos

Hi,

I think you dint read it correctly.

In case the AS Java engine was upgraded from an older version and the original SPNego was configured, meaning

you never used the add-on solution from SAP Note 1457499, follow the instructions in this section.

In order to finish the migration you need to perform several steps:

1. Open the SPNego wizard at http://<host>:<port>/spnego and log on with a user with administrator privileges

2. Hit the “Migrate” button that is displayed at the top of the page

3. SPNego should now work

So if you are not going to active the spnego addon components them it should work. Another thing as you are trying to use third part application so its better to test you test system than production directly or do it over the weekend so that you have lead time to fix it if issues.

Thanks

Rishi abrol

Former Member
0 Kudos

Hi,  I am having exactly the same issue. Did anyone happen to fix it?  Thanks Manish

Former Member
0 Kudos

Hi Manish/Jack,

Please follow the instructions provided in the guide attached to ossnote#1488409. Please make sure you use the latest guide, refer the above note for supported versions.

Below are the brief steps to be followed:

1) Create the below service users - on LDAP

2) Register SPN name in AD of all domains - on LDAP

3) Export LDAP attributes for all domains - on LDAP

4) Generate Keytab files-  http://<servername:port>/spnego

5) Adding the Kerberos realms - http://<servername:port>/spnego

6) Authentication Stack Adjustment - Visual Admin

If required adjust the datasource xml file and upload - Config tool.

Let me know if you have any questions.

-Bob

Former Member
0 Kudos

Hi,

Please provide the patch level that your portal are at.

Some timed user get exception when they click on migrate.

Note 1539743 - NullPointerException in SPNego Wizard

What happens when you click on migrate.

Thanks

Rishi Abrol

Former Member
0 Kudos

Thanks Rishi for the Information. My patch version is higher then 7.01 Sp10. Thanks Manish

Former Member
0 Kudos

Hi Bobby,

We are having the exact same issue, Are you able to provide and detail towards a resultion ?

Thanks

Jack

Former Member
0 Kudos

Hi Bobby,

Is this still an issue?

I'm guessing that you are on 7.02 SP6 or above as that's the pre-requisite?  We have the same environment as you and have configured this according to the Guide first time, without issues. 

Regards,

Graham

Former Member
0 Kudos

Hi Graham,

Thanks for your reply. Yes we are above the required level. I have more concern about the error displayed when we access http://<servername:port>/spnego

Error: "System does not provide a model for authentication management" with a button "Migrate"

Please share your views.

Thanks

Former Member
0 Kudos

Hi Bobby,

this all seems a little strange.  Can you check that the wizard is installed in the system information?  Mine looks like this:

sap.com tc/sec/auth/spnego/wizard

If it's not there, then you will have to deploy this first.

Regards,

Graham

Former Member
0 Kudos

any suggestions or ideas??