Common SPNEGO Implementation Issues
Below are few issues and their workaround during the SPNEGO Configuration on SAP EP 7.0 SP14 & Microsoft LDAP Server which I faced:
1) You still get the login page even after complete SPNEGO Installation and configuration. Reason is: There is a Kerberos bug with all JDK versions after JDK 1.4.2_14/15/16/17 but there is a simple work around for this JDK Versions. But if you are doing a fresh installation do it with latest i.e. JDK 1.4.2_18 in this the Kerberos Regression bug is solved. The workaround for the other JDK versions is
Login to your Visual Admin, then go to –>Security Provider –>com.sun.security.jgss.accept –>Krb5LoginModule
Add a Parameter isInitiator and Value false. Save it and take a bounce of J2EE.
2) DataSource File: When you are setting Up the UME to use the corporate LDAP as the new datasource, Please download the Krb5.xml files from the SAP Note – 994791. For example – Download the dataSourceConfiguration_ads_readonly_db_with_krb5.xml
Start SPNEGO Wizard using help from
3) After SPNEGO configuration is completed the usual problem is trying to get portal login page for some UME user’s as the LDAP user get’s logged in directly.
There are workaround here:
– To edit the host file on the server and add an entry with hostname different then your local host. In this case your existing portal URL will be : http://portalhostname/irj/portal then now you can open a login page with http://newhostname/irj/portal This will help you but you will have to give remote access to the portal server for few user whom you want to have the login page.
– Another option is available for creating a Redirecting .JSP Page with new URL. Deploy this through an .ear file on portal. Go to Visual Admin and in Security Provider –> Policy configuration …find the new file and add the following:
EvaluateTicketLoginModule SUFFICIENT ume.configuration.active=true
CreateTicketLoginModule OPTIONAL ume.configuration.active=true
After this click on Security Roles and add Everyone to the DefaultSecurity role.
Above three points are the issues that I faced during my SPNEGO Portal Configuration and I have collected this materials and workaround from SAP Forums, help.sap.com and of my best knowledge. This blog is to consolidate the general issues that people are raising in the Portal Implementation Forum.