Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BSP-app (ICM hostname is an alias) does not accept SSO

former_member185925
Explorer

‎08-18-2016 12:59 PM

0 Kudos

Hello!

I have a problem with SSO on an ABAP-system (BSP-app, redirect to JAVA-system -> SPNego to AD -> redirect to BSP-app with logon ticket).

The Setup:

SPNego on SolMan (JAVA) to AD.

Certificate exchange between SolMan JAVA, SolMan ABAP & ECC ABAP.

Trust between SolMan ABAP & ECC ABAP.

Redirect application deployed on SolMan JAVA.

A BSP-application on ECC is using this solution.

Due to historic reasons ECC have a hostname alias in DNS.

The hostname alias is used in parameter icm/host_name_full.

SPNego, SSO and the redirect app works flawless when we are using the ECC real hostname as redirect URL. But when the BSP-app is opening a new window with another BSP service, it is opened with the hostname alias and ECC does not accept the SSO cookie.

If we use the hostname alias as redirect URL we get a ping-pong loop between SolMan JAVA and ECC (ECC does not accept SSO cookie).

Does anyone have any ideas why it does not work with the alias hostname redirect?

1 REPLY 1

former_member185925
Explorer

‎09-07-2016 8:18 AM

0 Kudos

No answers.

We will proceed with the most straight forward action; returning icm/host_name_full to the actual hostnamespending some time on testing instead of troubleshooting.