Kerberos authentication issue
-
Friday, December 28, 2012 4:21 PM
Hi
I have below issue of my client application Kerberos authentication. See below issue history..
Cleint is trying to setup SSO using Windows integrated authentication for one of our SAP Enterprise Portal applications.
The browser has to talk to the AD server and send a Kerberos token to the J2EE engine for the authentication to happen. But in client case a NTLM token is being passed which is failing the SPNEGO authentication process.- Edited by Mr. Raj Monday, December 31, 2012 5:00 PM
All Replies
-
Tuesday, January 01, 2013 3:34 PM
See below links if it is helpful.
Using Kerberos Authentication for Single Sign-On
http://help.sap.com/saphelp_nw04/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/content.htmSingle Sign On to the J2EE Engine from Windows
http://wiki.sdn.sap.com/wiki/display/EP/Single+Sign+On+to+the+J2EE+Engine+from+Windows6558573 Kerberos Ticket Based SinglesignOn With SAP J2EE Engine doc
http://ebookbrowse.com/6558573-kerberos-ticket-based-singlesignon-with-sap-j2ee-engine-doc-d135829019Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.- Proposed As Answer by VenkatSP Wednesday, January 02, 2013 2:11 AM
- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Wednesday, January 09, 2013 1:52 AM
-
Wednesday, January 02, 2013 10:05 AMModerator
Hi
I have below issue of my client application Kerberos authentication. See below issue history..
Cleint is trying to setup SSO using Windows integrated authentication for one of our SAP Enterprise Portal applications.
The browser has to talk to the AD server and send a Kerberos token to the J2EE engine for the authentication to happen. But in client case a NTLM token is being passed which is failing the SPNEGO authentication process.
What SSO solution/apps you are using for SSO? Also, there is nothing can be done from the AD side to allow apps to either use NTLM/Kerberos except disabling the option via GPO, but you need to check with the vendor of the app.
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.- Proposed As Answer by i.biswajith Wednesday, January 02, 2013 10:42 AM
- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Wednesday, January 09, 2013 1:52 AM
-
Thursday, January 03, 2013 10:53 PM
Hi Awinish and Sandesh
I got below link exact my requirment...
http://scn.sap.com/people/holger.bruchelt/blog/2009/11/05/sso-with-spnego-not-working-on-windows-7-windows-2008-r2
Can you please check and guide me if its OK?
-
Friday, January 04, 2013 12:01 AM
Also while I am applying the group policy to "enabling DES encryption types for Kerberos" on one windows 2008 R2 server, then after applying the policy, this server is not able to communicate with domain controllers which are 2008 R2 also.
See below link for the policy configuration:
http://technet.microsoft.com/en-us/library/dd560670(WS.10).aspx
.png)
