Skip to Content

Below are few issues and their workaround during the SPNEGO Configuration on SAP EP 7.0 SP14 & Microsoft LDAP Server which I faced:

 

1) You still get the login page even after complete SPNEGO Installation and configuration. Reason is: There is a Kerberos bug with all JDK versions after JDK 1.4.2_14/15/16/17 but there is a simple work around for this JDK Versions. But if you are doing a fresh installation do it with latest i.e. JDK 1.4.2_18 in this the Kerberos Regression bug is solved. The workaround for the other JDK versions is

 

Login to your Visual Admin, then go to –>Security Provider –>com.sun.security.jgss.accept –>Krb5LoginModule

Add a Parameter isInitiator and Value false. Save it and take a bounce of J2EE.

 

 

2) DataSource File: When you are setting Up the UME to use the corporate LDAP as the new datasource, Please download the Krb5.xml files from the SAP Note – 994791. For example – Download the dataSourceConfiguration_ads_readonly_db_with_krb5.xml

Start SPNEGO Wizard using help from

 

http://help.sap.com/saphelp_nw04s/helpdata/en/45/40a18e773a7527e10000000a114a6b/frameset.htm

 

3) After SPNEGO configuration is completed the usual problem is trying to get portal login page for some UME user’s as the LDAP user get’s logged in directly.

 

There are workaround here:

 

– To edit the host file on the server and add an entry with hostname different then your local host. In this case your existing portal URL will be : http://portalhostname/irj/portal then now you can open a login page with http://newhostname/irj/portal This will help you but you will have to give remote access to the portal server for few user whom you want to have the login page.

 

– Another option is available for creating a Redirecting .JSP Page with new URL. Deploy this through an .ear file on portal. Go to Visual Admin and in Security Provider –> Policy configuration …find the new file and add the following:

 

EvaluateTicketLoginModule       SUFFICIENT  ume.configuration.active=true

BasicPasswordLoginModule       REQUISITE

CreateTicketLoginModule          OPTIONAL    ume.configuration.active=true

 

After this click on Security Roles and add Everyone to the DefaultSecurity role.

 

 

Above three points are the issues that I faced during my SPNEGO Portal Configuration and I have collected this materials and workaround from SAP Forums, help.sap.com and of my best knowledge. This blog is to consolidate the general issues that people are raising in the Portal Implementation Forum.

 

Regards.

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Hüseyin Bilgen
    Hi,
    As I’ve recently posted in forums (and unfortunately couldn’t get any response), When SPNEGO activated, DEploying Portal Application PAR’s from NWDS is impossible.
    This is another problem I couldn’t find any solution. Still generating PAR file, and uploading via Administraiton Console on Support page.
    (0) 
  2. Vijayakumar Velayutham
    I have configured SPNego in our NW2004s DualStack.
    But the issue when the LDAP user open the Portal URL, he supposed to logged into portal automatically instead login page is getting displayed.

    Please assist me rectifying this issue.

    Kind regards,
    Vijay

    (0) 

Leave a Reply