2011 May 16 5:43 AM
Hi All
We're on NW Portal 7.0 SP23.
We have Kerberos authentication setup where:
Prod-Portal is connected to Prod-LDAP, SSO works fine on Primary-DOMAIN and
QA-Portal is connected to QA-LDAP and SSO works fine on Secondary-DOMAIN.
When a user existing in Prod-LDAP logs in to Primary-DOMAIN and access Prod-Portal, SSO works fine.
Similarly, when a user existing in QA-LDAP logs into Secondary-DOMAIN and accesses QA-Portal, SSO works fine.
If we want to enable SSO for QA-Portal on the Primary-DOMAIN, (in addition to other configuration) do we need to change our UME to point to Primary-LDAP and/instead of Secondary-LDAP, considering that the user names in Primary-LDAP and Secondary-LDAP are the same? (Secondary-LDAP is a subset of Primary-LDAP)
I think we do, but want to find out if there is any other way.
Thanks
Manoj
2012 Aug 09 10:22 AM
Hello Manoj,
I just came to your entry. We are in the same situation of enabling two domains into one portal.
Also we do have same users in both LDAP.
Did you solve your configuration?
How did you proceed?
kind regards
Darijo
2012 Aug 10 11:49 AM
Hi Darijo
Sorry, the requirement then was low priority and I didn't get a chance to try it out. I do hope you find a solution, and when you do, I hope you share.
Thanks
Manoj
2012 Aug 10 4:19 PM
2012 Aug 13 12:05 PM
Hi Darijo,
the SPNego module of SAP NetWeaver Java server supports in general multitiple domains. I just checked in in a test system but I cannot tell you right know, in which SP this was implemented.
So for the use case above: You can create a keytab entry for an additional domain entry at the SPNego moduule. But his works only if the users names in the Q and P system are the same. Otherwise you will have a user mapping issue.
Configuration SPNego module:
Mapping mode -> Principal only
Source -> Logon ID
Best Regards
Matthias