Hello,
We are facing some issues with kerberos authentication (using SAML2). We are switching from an identity provider server (Site A) to another (Site B)
The Identity provider configuration is: NW AS Java 7.4 + SAML2 and IDM federation ( with SPNego).
The Service provider is an Abap server.
Authentication Stack is kerberos followed by Login/Password (PasswordProtectedAuthentication using https).
Redirection to Idp is working fine but kerberos does not work and we go to the login password form. After checking traces we have this message.
"NTLM token found in authorization header during SPNego authentication"
I think it is an issue with the server aliases or the Active directory Service user So no kerberos token was generated. But we are unable to find the issue.
This is my spn configuration:
- Service user (Site A): SAPServiceSSP
- Service user (Site B): SAPServiceSSPRA
- setspn -l SAPServiceSSP
SAP/SAPServiceSSP
HTTPS/<Site A alias >.domain.com
HTTP/<Site A alias>.domain.com
HTTP/<sp alias>.domain.com
HTTPS/<sp alias>.domain.com
- setspn -l SAPServiceSSPRA
HTTPS/<Site B alias >.domain.com
HTTP/<Site B alias>.domain.com
SAP Secure login client is correctly installed and Kerbors works fine with the other systems and the old configuration (Idp from site A).
Thank you and regards,
Mehdi.