on 11-18-2013 5:23 PM
I successfully configured SSO for Business Objects 4.1 Platform using http://scn.sap.com/docs/DOC-26314. SSO is working on internet explorer. It still prompts for user name and password in Chrome. Is there anything else to be done?
Hi,
Google Chrome does not accept Kerberos ticket so the SSO configuration is not working on this web browser.
Prerequisite is Internet explorer or Mozilla.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Here are the notes we have for configuring Firefox and Chrome config for SSO with Kerberos
A. To configure Mozilla Firefox (Version 15 and above only) for SSO:
1. Open Mozilla Firefox
2. In the URL field type in "about:config" and hit the enter key
3. Accept the warning
4. It will open the configuration console of Firefox
5. In the search bar type in "network.negotiate-auth.delegation-uris"
6. Double click and it will open one window
7. Type "http://hostname " here which should be the FQDN of the server you want to access via SSO.(you can do multiple entries separated by a comma)
Example: http://sapqbw.insummit.com,http://sapportal.insummit.com,http://sapdbw.insummit.com,http://sapcrmd.i...
8. Click OK
9. Now in the search bar type "network.negotiate-auth.trusted-uris"
10. Double click
11. Type "http://hostname " here which should be the FQDN of the server you want to access via SSO.(you can do multiple entries separated by a comma)
12. Click OK
13. Restart the Firefox
14. Open your website
15. SSO should be working now
B. To configure Google Chrome for SSO:
1. run regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome on a workstation that has Google Chrome installed, if it isn’t there you need to create the key
2. add the string value AuthNegotiateDelegateWhitelist
3. Enter the value either http://*insummit.com (to allow all hosts in your domain, or the FQDN and hostname of each URL separated by a semicolon
4. i.e. your webapps URLs are http://dev-bi.insummit.com and http://bi.insummit.com add the following http://*dev-bi.insummit.com; http://*bi.insummit.com
5. If you have multiple or many Chrome clients please consult your AD admin to see if he can deploy this setting via group policy to save on all the manual registry edits
Lee Lewis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Lee:
Thanks for your answer. It's quite complete.
I apologize for replying back into such old case; however I don't feel like opening another case for the same issue. The update question is:
1.- Do you know the matching registry key ( HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome ) to make Chrome work in Windows 10 instead of a Windows 7 PC?
We got an environment where Windows 7 and Windows 10 PC coexist and the SSO works in Windows 7 machines after your suggested changes; however can't do in a Windows 10 machine simply because the Key Three doesn't exist.
Any hints?
Regards
Reinaldo Nunez
User | Count |
---|---|
87 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.