cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with Cross-domain SSO, NTLM and ITS to R/3

Former Member
0 Kudos

Hello,

We are using EP 6.0.13.0 on a Windows environment. We have an ITS running WebGUI/ESS/MSS in another domain and that is the same domain where the R/3 and BI systems reside. We have configured NTLM authentication using IIS web server 6.0 and the IISProxy 1.6.2. We have configured SSO with the backends using the same ID as in the MS-ADS. Almost everything works fine.

The problem is that when we use the NTLM logon VIA the IIS to the portal, and then navigate to a WebGUI service transaction we are prompted for login. When we refresh the portal screen and try again - it works.

We have configured the mdc.hosts and are using the sendSAPSSO2Cookie.asp to generate the cross-domain logon ticket.

I have read that ITS may require the PAS be set up but I thought that was only used when you are going directly to the ITS (leveraging the NTLM authentication) - not when you are going through the portal.

Does anyone have some experience using ALL of the SSO features (i.e. SSO, cross-domain support, ITS, windows integrated authentication)?

We have though about the relax option for the domain but it does not apply as our domains are:

SERVER1.domain1.com and SERVER2.domain2.com

... so relaxing would not help unless we relaxed to the ".COM" which is unreasonable.

My regards,

Judson Maizels

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi JUDSON

well i'll give one easy solution

make a alias under host file reside in winnt\system32\drivers\etc directory which has same domain name

i.e

SERVER1.domain1.com server1.mydomain.com

SERVER2.domain2.com server2.mydomain.com

it's works in my schenario we have a same system landscape

as you

regards,

kaushal

Former Member
0 Kudos

Hi Kaushal,

Thanks for the option; we have thought about it but we will have problems when we introduce front-end SSL (browser to web servers, terminating on the IIS). The problem will be "Security Warning" - "The name on the certificate does not match the name of the web site..." and all users will see this pop-up.

Are there any options to get it to work without modifying the local HOSTS or local DNSCACHE (aliasing)?

Thanks again, for the option,

Judson

Answers (0)