New SPNego login module – just around the corner
Almost always when Single Sign-On is required to Java SAP applications, the SPNego login module is the answer. After the SPNego Wizard was introduced some years ago it got really simple to configure the AS Java for Single Sign-On (See Note 994791 – SPNego Wizard and Configuring and troubleshooting SPNego — Part 1). When the AS Java was connected to an ABAP System it was possible to do the required mapping and SSO worked (Configuring SPNego with ABAP datasource — Part 2Configuring SPNego with ABAP datasource — Part 2). Even in scenarios where SSO to ABAP systems was required, the SPNego login model could easily be used to authenticate and create SAPLogon Tickets that would be accepted by the backend system (Single Sign On to BSP pages, Single Sign On to SAP NetWeaver Enterprise Search 7.2 Using Integrated Windows Authentication).
With Windows 7 and Windows 2008 R2 (and upcoming Vista SP3) there were some issues with the DES encryption that was required by the SPNego login module, but was no longer active by default. The reason for requiring DES encryption in the login module was that the APIs from Suns and IBMs Java 1.4.2 do not allow any other form of encryption. So the only workaround – if you wanted to use the SPNego login model – was to reactivate the DES encryption on Windows 7 and Windows 2008 R2 (see Note 1396724 – SPNEGO fails with Windows 7 and Windows Server 2008 R2 and SSO with SPNego not working on Windows 7 / Windows 2008 R2). Of course this was only a workaround and our development was working on a real solution. Update:
The new Login Module for 640 and 700 is here. Go to https://service.sap.com/sap/support/notes/1457499 and download the attached ZIP files. It also includes a PDF with installation instructions!