Show TOC Start of Content Area

Function documentation Wizard-based Configuration for Kerberos Authentication  Locate the document in its SAP Library structure

Use

You can use the SPNego configuration wizard to enable SPNego authentication for all users belonging to a Kerberos Realm to log on transparently to the AS Java with Single Sign-On.

Integration

Kerberos authentication on the AS Java uses Kerberos infrastructural functions that are integral part of the Microsoft Windows 2000 and higher operating systems (OS).

For information about the integration of non-Windows server components in the Microsoft Kerberos Infrastructure, see the documents available from the Microsoft Developer Network (MSDN) at msdn.microsoft.com.

For more information about the Kerberos authentication protocol and required systems landscape and infrastructure, see Kerberos V5 Administrator’s Guide, available from web.mit.edu.

Prerequisites

The wizard supports configuration of the AS Java for Kerberos authentication with SPNego for the following system environments:

SAP NetWeaver Application Server Java Release:

      AS Java 640 SP 15 or higher

Java Development Kits (JDKs):

      Sun JDK 1.4 and higher

      IBM JDK 1.4 and higher

Windows Kerberos Environment:

      Microsoft Windows Server 2000 Active Directory

      Microsoft Windows Server 2003 Active Directory

Features

There are two ways to start the wizard:

      As a standalone application from a Web browser using the following URL: http(s)://<host>:<port>/spnego.

      In the SAP NetWeaver Administrator by following the path System Management Configuration SPNEGO Configuration Wizard.

The wizard supports you in meeting the configuration prerequisites for the Kerberos infrastructure that you use. For information specific to the configuration options in each step of the wizard you can also use the Info buttons to display additional information.

The wizard configures only AS Java instances that are in running state during the wizard execution. If at a later stage you find that you need to configure instances that were not running or you add new instances that need to be configured you can run the wizard again.

Activities

For a step-by-step guide to using the Kerberos configuration wizard, see the following sections:

...

       1.      Step 1: Prerequisites

       2.      Step 2: Kerberos Realm

       3.      Step 3: Resolution Mode

       4.      Step 4: Policy Configuration

       5.      Step 5: Confirmation

 

 

End of Content Area