SPNEGO Token based SSO support is one of the best things to happen for the ABAP Server.
Though we had it for the JAVA Server, it was missing on the ABAP Server. With SAP Single Signon product licensing, this feature can be enabled and used on the SAP ABAP Server
Important Details on this Feature:
- SPNEGO can be enabled and the token can be used for SSO for browser based access to the ABAP Server. With the increased use of FIORI as the SAP UI technology, this is one of the best fit solutions with minimal realization effort for Internal access Scenarios.
- Either SNCWIZARD / SPNEGO transaction can be used for setting up SPNEGO on the Server. Best is to use SNCWIZARD
- SNC names to be maintained for the user accounts which can be used by the ABAP Server though SAPGUI logon with Kerberos tokens or through browser using SPNEGO tokens . This means irrespective of the access point being SAPGUI client or browser, the SNC name maintenance is required for the user accounts when we use Kerberos/SPNEGO tokens
One of the important detail, which will be handled in this blog, is on the SPNEGO Troubleshooting on the ABAP Server. The SPNEGO transaction in ABAP comes with an easy to use troubleshooting option which will be explained as below
STEP 1: Call Transaction SPNEGO
STEP 2: Select GOTO => SPNego Tracing. Post this select “Activate User Trace”
STEP 3: User Tracing will be activated and will be displayed and the same information will be displayed at the bottom of the SAPGUI screen. We can now access the browser and execute our SPNEGO scenario
STEP 4: Once our scenario is complete, we can go back to the SPNEGO tracing section and select 3. Show user trace. This will list the details which is gathered by the system as part of the SPNEGO tracing
STEP 5: We get the option to select the user to Analyze from the trace logs and also the date and Time. This will help us to go to the almost exact log Details
STEP 6: The stepwise call and execution for the user account selected will be displayed. Clicking on each line item will provide the detailed analysis with respect to that particular session and Step.
Please find below the SPNEGO specific notes, which will help us in the troubleshooting process
https://service.sap.com/sap/support/notes/1732610
https://service.sap.com/sap/support/notes/1819808
Hope this helps some of you who are working on this topic on the ABAP Server