SAP Knowledge Base Article - Preview

2162289 - Netweaver Java SPNego configuration with ABAP user store

Symptom

  • You configured your SAP AS Java to use SPNEGO.  The KERBEROS token received (in webdiagtool trace) has a userprincipalname.
  • The user datasource of the engine is ABAP and you have different user IDs in LDAP server and ABAP system.
  • You need to do the user mapping in new SPNEGO wizard.
  • On your ABAP system SPNego works as you have SNC mapping but this does not apply to the java stack.
  • Error below is found in webdiagtool trace:
07:22:20:089 Error J2EE_GUEST HTTP Worker....core.server.jaas.SPNegoLoginModule Could not validate SPNEGO token.

[EXCEPTION]

com.sap.engine.services.security.authentication.umapping.UserMappingNoSuchUserException: 
No user with user attributes [[namespace=com.sap.security.core.usermanagement, name=snc name, value=miller@example.com, isCaseSensitive=false]] found
 
at com.sap.engine.services.security.authentication.umapping.UserMappingServiceImpl.getUserByUserAttributes(UserMappingServiceImpl.java:149)
 
at com.sap.security.core.server.jaas.spnego.util.SPNEGOUserMappingUtil.searchUser(SPNEGOUserMappingUtil.java:106)

Read more...

Environment

  • User data source of SAP AS Java is ABAP.

  • User IDs in LDAP server and ABAP user data source are different.

  • New SPNEGO wizard is used. (1488409 - New SPNego Implementation)

    • SAP NetWeaver Web AS 2004 (6.40) SP27
    • SAP NetWeaver Web AS 2004S (7.00) SP23
    • SAP NetWeaver Web AS 2004S EhP1 (7.01) SP08
    • SAP NetWeaver Web AS 2004S EhP2 (7.02) SP06
    • SAP NetWeaver Web AS 710 SP15
    • SAP NetWeaver Web AS 711 EhP1 (7.11) SP10
    • SAP NetWeaver Web AS 720 SP2
    • SAP NetWeaver Web AS 730 SP1
    • SAP NetWeaver Web AS 731 SP1
    • SAP NetWeaver Web AS 740 SP1

Product

SAP NetWeaver 2004 ; SAP NetWeaver 7.0 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP NetWeaver Composition Environment 7.1 ; SAP NetWeaver Composition Environment 7.2 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 1 for SAP NetWeaver Composition Environment 7.1 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

SPNEGO wizard configuration user mapping ABAP user datasource data source KDC SNC sncname attribute kerberos email dataSourceConfiguration_abap.xml userprincipalname SPNEGOUserMapping LDAP "USER principal" KPN , KBA , BC-JAS-SEC-LGN , Logon, SSO , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.