Symptom
- You configure your SAP AS Java to use SPNEGO. The KERBEROS token received (in webdiagtool trace) has a userprincipalname.
- The user datasource of the engine is ABAP and you have different user IDs in LDAP server and ABAP system.
- You need to do the user mapping in new SPNEGO wizard. ABAP user attribute “SNC” is chosen to do the user mapping and it fails.
- Error below is found in webdiagtool trace:
07:22:20:089 Error J2EE_GUEST HTTP Worker....core.server.jaas.SPNegoLoginModule Could not validate SPNEGO token.
[EXCEPTION]
com.sap.engine.services.security.authentication.umapping.UserMappingNoSuchUserException:
No user with user attributes [[namespace=com.sap.security.core.usermanagement, name=snc name, value=miller@example.com, isCaseSensitive=false]] found
at com.sap.engine.services.security.authentication.umapping.UserMappingServiceImpl.getUserByUserAttributes(UserMappingServiceImpl.java:149)
at com.sap.security.core.server.jaas.spnego.util.SPNEGOUserMappingUtil.searchUser(SPNEGOUserMappingUtil.java:106)
Read more...
Environment
-
User data source of SAP AS Java is ABAP.
-
User IDs in LDAP server and ABAP user data source are different.
-
New SPNEGO wizard is used. (1488409 - New SPNego Implementation)
-
- SAP NetWeaver Web AS 2004 (6.40) SP27
- SAP NetWeaver Web AS 2004S (7.00) SP23
- SAP NetWeaver Web AS 2004S EhP1 (7.01) SP08
- SAP NetWeaver Web AS 2004S EhP2 (7.02) SP06
- SAP NetWeaver Web AS 710 SP15
- SAP NetWeaver Web AS 711 EhP1 (7.11) SP10
- SAP NetWeaver Web AS 720 SP2
- SAP NetWeaver Web AS 730 SP1
- SAP NetWeaver Web AS 731 SP1
- SAP NetWeaver Web AS 740 SP1
Product
SAP NetWeaver 2004 ; SAP NetWeaver 7.0 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP NetWeaver Composition Environment 7.1 ; SAP NetWeaver Composition Environment 7.2 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 1 for SAP NetWeaver Composition Environment 7.1 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0
Keywords
SPNEGO wizard configuration user mapping ABAP user datasource data source KDC SNC sncname attribute kerberos email dataSourceConfiguration_abap.xml userprincipalname SPNEGOUserMapping LDAP "USER principal" KPN , KBA , BC-JAS-SEC-LGN , Logon, SSO , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.