Hi Experts
We are trying to implement SAP NetWeaver Single Sign-on X.509 Certificate Based Authentication.
We have followed the Best Practice Guide and also the Secure Login Server, Secure Login Library and Secure Login Client guides.
We have the follwoing scenario:
Windows Domain "A" contains:
MS Active Directory (just to manage SAP Servers)
SAP ABAP Servers with Secure Login Library installed
NO Secure Login Clients
Windows Domain "B" contains:
MS Active Directory (managing users and computers / servers etc)
SAP Java Secure Login Server
SAP ABAP Servers with Secure Login Library installed
SAP Java Servers
PC's with Secure Login Client installed
There is no trust relationship between the Windows Domains.
Secure Login Clients need to single sign on to SAP systems in both Windows Domain "A" and "B"
So far we have have Secure Login Clients being able to single sign-on to SAP Servers in Domain "B" - this is working fine.
However we have not been able to configure Secure Login Clients to be able to single sign-on to the SAP systems in Domain "A"
We have setup SPNego with a realm for each Domain and we have a service account in each Domain with Service Principla Name both referencing the Java Secure Login Server.
When we configure SNC on SAP ABAP servers in Domain "A" with certificate exported from Secure Login Server into SNC node of STRUST and set the snc/identity/as to the CN, the servers do not start?
Please could you advise how we can get the above scenario working?
Thanks in advance
Mark