Re: SSO Help
Tim,I am not sure if I understood you. What kinda configurations will allow the users to authenticate using their AD to my NW Portal? Thanks,Karan
View ArticleSPnego and SNC with AES-256 keys
SCN pals, We have SPnego / SNC setup on both our NW7.31SP07 and NW7.40SP07 systems. We used the basic steps outlined in the videos:http://scn.sap.com/docs/DOC-40178 But one thing that I have noticed,...
View ArticleRe: SPnego and SNC with AES-256 keys
Tim, I appreciate the response! So I guess I need to get with the AD guys at my company to figure out what they can do. Another question related. My "tgt" is below. it's always AES 256. Is that...
View ArticleRe: SPnego and SNC with AES-256 keys
It is common to have more than on TGT in the cred cache. This is because the flags are different. You will see that one of them has forwarded flag set.
View ArticleRe: SPnego and SNC with AES-256 keys
Tim, Do you know if those TGT's come from AD or SAP?
View ArticleRe: SPnego and SNC with AES-256 keys
From AD, since AD is a Kerberos authentication server (KDC) and issues Kerberos tickets.
View ArticleRe: SPnego and SNC with AES-256 keys
Hey Tim, OK, that's where I am missing something. if the TGTs for me are always AES-256, then why would the Server: SAP/SA-AGC-ABAP-SID@ MY-DOMAIN.COM and Server: HTTP/my-hostname.my-domain.com@...
View ArticleRe: SPnego and SNC with AES-256 keys
AD uses different encryption types for issuing a TGT compared to when it issues a service ticket. Thats why.
View ArticleRe: SPnego and SNC with AES-256 keys
OK, got ya, So I guess that when I got the AD person to set this: If I get my AD administrator to click the button for my user SA-AGC-ABAP-SID@MY-DOMAIN.COM that says "This account support Kerberos AES...
View ArticleRe: SPnego and SNC with AES-256 keys
There should be no reason why clicking the option on the user in AD to make it use AES wouldn't work, especially if the implementation of Kerberos being used is 100% standard and implemented correctly....
View ArticleRe: SPnego and SNC with AES-256 keys
OK, that makes sense. Yeah, once we click that button in AD for the user for AES 256, the SNC and SPnego cease to work. Same thing if we do AES128. but klist command DOES show that the service...
View ArticleRe: SSO and SAML issue with Fiori
Haider, Hopefully you found the solution by yourself. I had exact same problem yesterday at a customer's place for back-channel communication between ADFS 3.0 and SAP, just like yours. It ended up...
View ArticleSSO cts import issue
Hi All, I am facing issue while importing CTS from QA to PROD in SSO Portal. Whenever i transport the changes from QA to PROD in first attempt all changes does not move properly and even no error is...
View ArticleRe: SPnego on ABAP -- SICF services - Alternative Logon Procedure
According to: Standard Logon Order - Connectivity - SAP Library SPNEGO is enabled as part of the standard logon procedure. That's for NW 7.4, and might not apply to older versions. And it is working...
View ArticleRe: GSS-API(maj) SAP SSO btw SAP on linux and MAD
The domain should be in upper case in snc/identity/as param value.e.g. ...@DSPL.COM
View ArticleRe: GSS-API(maj) SAP SSO btw SAP on linux and MAD
Hello Amit, The document you share suggests that the Domain should be in all caps, try changing the parameter to snc/identity/as = p:CN=SAP/SAPServiceIDS@DSPL.COM Regards,Siddhesh
View ArticleClik here to view.
Re: GSS-API(maj) SAP SSO btw SAP on linux and MAD
Thanks Tim and Siddhesh for ur swift replyI tried ur suggestion and did the changes but again the system is not coming up plz find the dev_w0 file snap for the help..and suggest how to add file so that...
View Article