Hi All,
I know this thread has been dormant for a while but I can't find any better thread to post my questions to.
And I think it is better to continue the previous thread than creating a new one, since the topic is similar.
Consider these 2 cases/scenarios.
Do you think both will work?
Case 1:
There are 2 domains (forests), Domain A and Domain B.
SAP users are located in Domain A, while AS-JAVA server is located in Domain B.
There isn’t any trust relationship between the 2 domains.
AS-JAVA is using Active Directory (Domain B) as the UME data source.
We run ‘setspn’ in Domain A for the AS-JAVA resource.
We create the Kerberos Realm in AS-JAVA for Domain A.
Would this SSO configuration work?
Case 2:
There are 2 domains (forests), Domain A and Domain B.
SAP users are located in Domain A, while AS-JAVA server is located in Domain B.
There is a One Way Forest Trust (OWFT) between Domain A and Domain B, in which Domain A is the trusted domain, while Domain B is the trusting domain.
AS-JAVA is using Active Directory (Domain B) as the UME data source.
We run ‘setspn’ in Domain B for the AS-JAVA resource.
We create the Kerberos Realm in AS-JAVA for Domain B.
Would this SSO configuration work?
On this scenario, what would be the KPN (principal@REALM)? Is it principal@DomainA or principal@DomainB?
Thanks in advance.
Best Regards.