08-18-2016 12:59 PM
Hello!
I have a problem with SSO on an ABAP-system (BSP-app, redirect to JAVA-system -> SPNego to AD -> redirect to BSP-app with logon ticket).
The Setup:
SPNego on SolMan (JAVA) to AD.
Certificate exchange between SolMan JAVA, SolMan ABAP & ECC ABAP.
Trust between SolMan ABAP & ECC ABAP.
Redirect application deployed on SolMan JAVA.
A BSP-application on ECC is using this solution.
Due to historic reasons ECC have a hostname alias in DNS.
The hostname alias is used in parameter icm/host_name_full.
SPNego, SSO and the redirect app works flawless when we are using the ECC real hostname as redirect URL. But when the BSP-app is opening a new window with another BSP service, it is opened with the hostname alias and ECC does not accept the SSO cookie.
If we use the hostname alias as redirect URL we get a ping-pong loop between SolMan JAVA and ECC (ECC does not accept SSO cookie).
Does anyone have any ideas why it does not work with the alias hostname redirect?
09-07-2016 8:18 AM
No answers.
We will proceed with the most straight forward action; returning icm/host_name_full to the actual hostnamespending some time on testing instead of troubleshooting.