Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SPNEGO doesn't work when basicauthentication set in authschemes.xml

srinivas_cheruku
Explorer

‎2009 Sep 14 2:11 PM

0 Likes
1,220

Hi,

We found that the SPNEGO authentication works fine for portal when using form based authentication, but SPNEGO doesn't work when authschemes.xml changed to use HTTP basic authentication e.g. the browser popup screen is shown instead of authenticating using SPENGO.

The authschemes.xml changed to use basicauthentication instead of uidpwdlogon as follow:

<authscheme-refs>

<authscheme-ref name="default">

<authscheme>basicauthentication</authscheme>

</authscheme-ref>

<authscheme-ref name="UserAdminScheme">

<authscheme>uidpwdlogon</authscheme>

</authscheme-ref>

</authscheme-refs>

When I checked the HTTP trace, the response contains header "WWW-Authenticate=Basic" and not "WWW-Authenticate=Negotiate". Though "WWW-Authenticate=Negotiate" is set by the SPNEGO loginmodule, looks like the SAP logon application is resetting the WWW-Authenticate header back to "Basic" as basic authentication is used instead of form based authentication.

Any ideas on making SPNEGO work with HTTP basic authentication would greatly appreciated.

Thanks,

Srini

6 REPLIES 6
Read only

Wolfgang_Janzen
Product and Topic Expert
Product and Topic Expert

‎2009 Sep 14 8:49 PM

0 Likes
1,100

Apples and pears are simply not the same ...

As you have posted correctly, the server sends out different header fields ("WWW-Authenticate=Negotiate" vs. "WWW-Authenticate=Basic") expecting the http client to react accordingly. Sorry, but if Basic Authentication is demanded by the server you cannot simply answer with SPNEGO (and vice versa).

Read only

tim_alsop
Active Contributor
In response to Wolfgang_Janzen

‎2009 Sep 14 8:59 PM

0 Likes
1,100

Woflgang,

Is it possible to configure the portal authschemes so that when logging onto the portal you can decide to use basic auth, or spnego auth, perhaps by using a different portal login url ?

Thanks,

Tim

Read only

Former Member
In response to Wolfgang_Janzen

‎2009 Sep 14 9:04 PM

0 Likes
1,100

I think redirects are a problem here.

Perhaps you noticed in the past days that it was difficult to logon to SDN...

Cheers,

Julius

Read only

tim_alsop
Active Contributor
In response to Wolfgang_Janzen

‎2009 Sep 14 11:12 PM

0 Likes
1,100

Julius,

I am not clear what you mean - are you suggesting that this can be solved using redirects ?

Thanks,

Tim

Read only

Former Member
In response to Wolfgang_Janzen

‎2009 Sep 15 6:10 AM

0 Likes
1,100

Hi Tim,

Sorry, my mistake then - I thought you were suggesting redirects.

Cheers,

Julius

Read only

srinivas_cheruku
Explorer
In response to Wolfgang_Janzen

‎2009 Sep 15 10:14 AM

0 Likes
1,100

Thanks. I think it makes sense that the authentication set at server level overrides the authentication at loginmodules.