on 03-27-2014 5:36 PM
Hi All,
I am having EHP1 for NW 7.3 installed on windows 2008 R2 and I am trying to do SSO with ADS.
I am following the steps as below :
1. Created administrator user user1 and disabled "Use Kerberos DES encryption type for this Account" and checked "Password never expire option"
2. setspn -a HTTP/javahost.mydomain.com user1
3. Logged into javahost:port/nwa
4. Generated Keytab file in Domain server:
ktab -a user1@MYDOMAIN.COM -k keytab
5. Imported the keytab into the JAVA system :
Kerberos Realm--> edit --> Keys--> Update Keys -> uploading keytab file --> browse --> selected file and IMPORT --> Save.
6. Activate the REALM.
7. Adjusted the authentication stack:
EvaluateTicketLoginModule SUFFICIENT
SPNegoLoginModule OPTIONAL
CreateTicketLoginModule SUFFICIENT
BasicPasswordLoginModule REQUIRED
CreateTicketLoginModule REQUIRED
-->Save.
8. Did the settings in the browser, but SSO is not working.
I am getting a error as "No key (etype: 18) for realm".
When I googled I found that the error is due to "AES256-CTS-HMAC-SHA1-96" as attached in SS.
Actually My keytab generates "DES-CBC-MD5","AES128-CTS-HMAC-SHA1-96","RC4-HMAC".
I updated my java policy as per the note and I got "AES256-CTS-HMAC-SHA1-96" .
Now I am getting "Could not validate SPNEGO token.
[EXCEPTION]
java.security.InvalidKeyException: Illegal key size
"
Can you please guide on this?
Regards
G.Partheeban
Hi All,
Thanks ...
Solved this issue by upgrading the SP.
Regards
G.Partheeban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
I got the solution and I got all the LDAP users imported.
But Now my MII menu and other webdynpro pages are throwing error as "500 Internal error"
Failed to process request. Please contact your system administrator.
While processing the current request, an exception occured which could not be handled by the application or the framework.
If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator. To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
For further information about the Web Dynpro error page, error analysis and a description of well-known error situations, see SAP note 1113811.
Correction Hints |
Exception could be caused by the development component: sap.com/xapps~xmii~ui~admin~navigation
Note: The above hints are only a guess. They are automatically derived from the exception that occurred and therefore can't be guaranteed to address the original problem in all cases.
How to solve this any idea?
Regards
G.Partheeban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Samuli,
Created new
Exception occured during processing of Web Dynp... | SCN
Can you please suggest me a solution?
Regards
G.Partheeban
HI All,
Now I am getting the following error as below:
Could not search for user by logon id: p1gnana
[EXCEPTION]
com.sap.security.api.NoSuchUserException: USER_AUTH_FAILED: User account for logonid "p1gnana" not found!
Kerberos principal [p1gnana@VALENET.VALEGLOBAL.NET] cannot be mapped to any local user.
Even I had configured LDAP. But I am not able to?
So please let me know where is the issue.
I think it cannot able to find the user.
Regards
G.Partheeban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Experts,
Can any one help me with this?
Regards
G.Partheeban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would recommend that you to generate the keys with the SPNEGO Wizard (not upload them) to avoid further incompatibility issues. With NW731 you are most likely using SAP JVM 6, the installed Java policy files must support AES256. See SAP KBA 1810884 on how to update the policy files. With NW731 the installed SAP Cryptographic Library should support AES256 so there shouldn't be any need to update it.
User | Count |
---|---|
76 | |
10 | |
10 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.