Spnego on a clustered portal

Hey all,
I am about to embark on a mission to configure kerberos authentication on a clustered portal. Any suggestions?
I'm guessing that it is more or less the same, but registering SPNs for every server in the cluster and ensuring the keytab/conf file is accessible to all servers. Is this correct?
I already managed (with a lot of pain) on a singlehost portal (see this thread: spnego wizard with EP7 / ADS )
Question: should the UPN be in the format
1) [email protected] , or
2) host/[email protected]
if (2), i guess "portalserver" would be the clustered DNS. how would this work if you want to access as single server individually?
Thanks in advance for all the excellent advice.
Regards,
faB
**a little bribe: I award points to the max

Hello,
One thing that was a little odd about the wizard, was that it configured one of my server's JVM to use a UNC name (-Djava.security.krb5.conf=
<SCS>\sapmnt\<SID>\SYS\global\kerberos\ID<>\krb5.conf), and the other a local drive. I changed both to the respective UNC name and it was OK.
You only need the SPN entry for the virtual name (HTTP/virtual.domain.com), unless you want to log onto the servers directly. Then just set multiple SPNs.
My UPN is like [email protected], but from the previous thread, your environment seems to require some inconsistency?

Similar Messages

SPNEGO working but No portal roles display

We want to switch from X.509 to Kerberos authentication on our portal.
We have now implemented a portal with Kerberos Authentication (SPNEGO) and the ABAP system as the UME, Previously, we also use hte ABAP store to create roles which appear as groups on the portal. In other words our user>group assignment is done in ABAP system. On the portal we then only map groups to portal roles
Now however, since implementing Kerberos, the group > role mapping does not appear to be working anymore.
Does anyone have advise on where to look for the problem?
Thanks
Vicky

Hi
Can you check whether the portal roles have been mapped to the ABAP groups?
Regards
Wilhelm

Clustering portal server 7

Hello guys, Quite some time now i've participated in this forum. Please i need information on how to cluster Sun Portal 7, I'm installing on Red Hat Enterprise 3 linux OS. Can anybody help me or direct me to where I can get information. Please let the direction be as specific as possible.

Hi Rajesh,
You can download Portal Server 7.1 U1 at following site for fresh bit install on Solairs sparc and Solaris x86.
http://www.sun.com/download/products.xml?id=465e130d
This contains Localization support for 7 languages also
German , French , Spanish , Simplified Chinese , Traditional Chinese , Japanese , Korea.
For Linux you need to upgrade from previous release for which you can find information in Release Note.
For Windows , zip based installation available for evaluation which will be uploaded soon....
Please refer to Release Note before installation and using Portal Server 7.1u1 at following site:
http://docs.sun.com/app/docs/doc/820-0133
have a nice day.
M.

Portal will not load in web browser

Hello,
I have a clustered portal and the second portal (Ep6 SP2 Patch 29) server in the cluster will not load in a web browser. The portal appears to start correctly and joins the cluster with the other server but when you try to access it in the browser it does not load. The browser just sits there.
I found that if I stop the dispatcher on the second server the portal login page does load minus the images.
Any ideas on what my problem could be?
Thanks,
Keith

Keith,
Make sure the Cluster configuration is right. When did you start seeing this problem?
Host A: Dispatcher->server 0, server 2
Host B: Dispatcher->server 0, server 2
i.e The instance IDs are mapped right.
Also try to hit the individual servers in the cluster the following way.
http://hostname1:50000/irj/portal;sapj2ee_irj=instance_id sends a request to server 0.
http://hostname2:51000/irj/portal;sapj2ee_irj=instance_id sends a request to server 1.
This may give more clues. Unfortunately I don't have access to EP6 SP2 to lookup and tell you the right parameters to look for.
Regards
-Venkat Malempati
Message was edited by: Venkat Malempati

SPNego : FallBack requirement

Hi There,
We are currently setting up SPNego SSO for our global Portal. Everything seems to work fine.
However we want to also accomodate the "unlikely" case of SPNego not working (Say for example user is not using the recommended browser or so)
Our requirement is
1) If the SPNEGO SSO fails for some reason, we should be able to detect this failure and call a page (we can design this page with a certain message)
2) If we are not using SPNEGO at all (which is possible for instance by putting a ?spnego=disabled as an addition to the portal url) then it should call the standard portal logon screen which is the default behaviour
If we try to change the portal logon par file, even case 2 above would show the customized logon screen. So is it someway possible to "CHECK" for a spnego failure and call a customized page?
I guess you would have to play with the login modules? Please provide your valuable suggestions
Thanks
Chan

Right. You will need to configure your logon module stack to have a fall-back to UID and PW.
When the SPNEgo module fails, the portal will present the logon form (UID and PW).
See the blog series http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/8235. [original link is broken]
Thanks,
Shanti

Error in visual administrator while implementing Spnego authentication sche

hi,
i have under gone all thease steps.
for implementation of SPnego sceme on my portal.
>downloaded SPnego wizad file from note specified.
>unziped it and got .ear files
>deployed those .ear files on my server.
>now went for service user J2ee configuration on visual administrator.
>when i clicked on deploy and start button .
>it asked me to browse file .
>first .ear file was taken sucessfully.
>in second file it give me this error message .
ie>The directory D:\usr\.............\.....\ will be used for extracting the EAR file.the directory content will be deleated. please back up all usefullinformation from it
>shall i click on ok and proceed further or not.
please suggest me what to do.

Hi Sumit Bhargav,
Based on the error message, it seems that the issue is related to NHivernate and MSBuild, but
VS General Question forum discusses the usage issue of Visual Studio IDE such as
WPF & SL designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System
and Visual Studio Editor. In order to check where the issue is, could you please create a new and simple web application without having NHibernate, build it and clean the project?
Whether the web application can be built successfully?
If you get this error when you build or clean any solution, maybe you are experiencing the same issue
described here:
http://stackoverflow.com/questions/26930376/how-to-fix-checkattributes-task-could-not-be-loaded-error-after-installing-v
Please check whether the Microsoft.Web.Publishing.Tasks.dll assembly is located at
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v12.0\Web. If no, please copy it from somewhere else to this path. If you can’t get a copy of this assembly, I suggest uninstalling VS 2013 Update 4 or uninstalling and
reinstalling all VS components.
If the issue only occurs in the web app with NHibernate implement, then this issue is more related to the specific NHibernate implement in ASP.NET. I recommend consulting
your issue on ASP.NET forum: http://forums.asp.net/
Best regards,
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

WLP 8.1 Clustering

Hi,
I was clustering portal 8.1 and started to wonder if I really need services that
are configured as a default. Services like JMS and destinations(cgjmsstore...).
I understand that I need cgPool and datasources but how about others these JMS
related stuff. I cannot not find any documentation about those.
How about applications which comes as a default:
-taxWSApp
-paymentWSApp
-QueueTransportEJB
Do I need these? Or can remove these?
Mike

Mike -
You only need taxWSApp and paymentWSApp deployed if you have configured
them to handle your commerce-based tax and payment services. If you
don't know what I'm talking about, you haven't and you don't need them.
I'm not totally sure, but I think you will need QueueTransportEJB and
the JMS stuff if you are using controls and/or .jws's in your
application. Portal, by itself, doesn't use that EJB or any JMS.
Greg
Mike wrote:
Hi,
I was clustering portal 8.1 and started to wonder if I really need services that
are configured as a default. Services like JMS and destinations(cgjmsstore...).
I understand that I need cgPool and datasources but how about others these JMS
related stuff. I cannot not find any documentation about those.
How about applications which comes as a default:
-taxWSApp
-paymentWSApp
-QueueTransportEJB
Do I need these? Or can remove these?
Mike

Changing Portal URL

Hi All,
we are using SPnego to access the portal
Our url like this 'http://host:448/irj/portal
here i want to hide the port number. instead of above URL i want to use below url 'http://host/irj/portal
My main aim is hiding port number in URL.
How to do this ?
Regards,
Kumar.

Hi Phani,
A reverse proxy is used generally to achieve your requirement.
[simplify Portal URL;
Hope this helps.
Thanks,
Vamshi

SPNego Doubt

Hi !
I've been setting up SSO using the SPNego wizard via http://server:port/spnego for a 740 Portal system.
Using the wizard, I was able to successfully setup SSO for Sandbox & Dev.
For Production, I see the below error when I use the Manual option under Add:
Error during generation of encryption key with type AES256-CTS-HMAC-SHA1-96: Illegal key size. Check the crypto policy file in use and also SAP Note 1240081
If I use the Keytab option under Add, I'm able to proceed successfully & SSO also works fine on Production.
In Dev & Sandbox I see 4 keys; whereas, Production does not show me the AES256 key.
Is there something amiss with my Production box, that the first option does not work ?
SP's levels are the same...SP 7...even SAP JVM...
Kindly help advise.......
Thanks a lot !
saba.

Dear Saba,
Hope you are doing good.
Nice to hear from you again.
Normally following note 1240081 should have fixed this issue. Both local_policy.jar and US_export_policy.jar files contain the unlimited versions. Please ensure that when you store new JCE files in the path sapjvm_N/jre/lib/security/, the old jar file are not presnt there, not even with new xtensions. Please move them to a different directory.
Also, the JVM location should be /usr/sap/<SID>/J<nr>/exe/sapjvm_6/jre/lib/security
even though the files will be present at:
/usr/sap/<SID/SYS/exe/jvm/
Once this is done, re-run the SPNEGO wizard again. If the issue still persists, kindly run the web diag tool as outlined in SAP Note No. 1332726.
Hope this helps.
Kind Regards,
Hemanth
SAP AGS

Requesting License key for NW04s Cluster Portal

hi,
We have installed NetWeaver 04s Clustered portal. (1CI + 1DI ).
While requesting the License key with SAP, do we have to follow the same method (as that of stand-alone) for Clustered NW04s portal also?
OR is there any other method ?
Which System Name we have to specify Node01 or Node 02 ? or both ?
Is there any specific SAP note for clustered Portal Licensing ?
Regards
Sunil Kulkarni

Hi Sunil,
Check this weblog:
Enterprise Portal 6.0 licensing behavior in a hardware cluster installation
Greetings,
Praveen Gudapati
p.s. Points are always welcome for helpful answers

Portal 7 Multi Domain authentication (AD)/ISA 2006 KCD SSO

I am new to SAP portal etc. I have read posts and want some more clarification and pointers.
Basically want to achieve SSO.
We have Portal 7 on Red Had Linux in a thid party data center with SAP ECC/BI etc at backend.
Active directory is windows 2003 forest which has three domains suppose
domain A (for internal employees),
domain B (for internal employees),
and domain C (for suppliers).
assume all domains have bidirectional windows trust.
Scenario 1
We want to authenticate both domain A and domain B user to Portal.
a) Can we do this by using integrated windows authentication and SPNEGO.
b) Does SPNEGO works with multidomain scenario.
c) Do I have to point to Global Catalog or separate KDC for each domain in portal.
d) Does the windows trust matter between domain A and domain B for SPNEGO to work. To me it seems that the trust shoudn't matter if we SPNEGO is using separate KDC for each domain. If going to Global catalog than it might matter.
d) All SPNEGO configuration are on Portal regardless of underlying of OS. Mine is red hat linux.
Scenario 2
We want to bring domain C to access portal also. Since domain C is for suppliers we will authenticate them using Basic authentication over SSL on ISA 2006 reverse proxy and than use Kerberos constrained delegation (KCD) to pass them to portal. so to achieve SSO.
1) if portal is using SPNEGO for this domain C than will it work.
2) I have to check whether ISA 2006 can do multi domain KCD if I change my design where i push all domain A, Domain B and domain C user to go through ISA server reverse proxy before going to portal.
Thanks for helping out.
triwhdxk
Moved by moderator to the correct forum
Edited by: Hilit Fisch on May 25, 2009 1:55 PM

Hi Gaetano
I tried to set back the "uniqueid" in the XML to samaccountname.
Also, i changed the spnego to go only to domain.pt (gs.domain.pt is a child domain).
In the 1st tests this worked perfectly, but we still to do some testings with this config.
When i get confirmation, ill reply here.
Thank you.
PS:. we thought on defining the abap user for each user, but there are a lot of users...
we'll try this config, and if it doesn't work, probably, thats what we'll do.
Edited by: Joaquim Pereira on Feb 12, 2009 5:45 PM
Everything seams to be working now. setting back the uniqueid to samaccountname and configuring spnego to go to only 1 domain solved the issue.
I just need to test which change did the trick.
Edited by: Joaquim Pereira on Feb 13, 2009 1:02 PM

Using WSRP in a clustered consumer and producer environment.

We're currently in the design phase of a remote portlet project where our clustered portal will consume portlets from a different clustered portal. I've read the "Inside WSRP" found on dev2dev:
http://dev2dev.bea.com/pub/a/2005/03/inside_wsrp.html?page=4
Will the portal producer cluster need to be front-ended by something which load-balances the SOAP traffic across the managed servers in the portal producer cluster? We've been doing some testing with the iisproxy and it doesn't seem to work properly. Does this mean that we will need to front-end the portal producer cluster with another mechanism to LB?
Thanks!

Can you also check if the http cookies returned via initCookieResponse
are included in all the subsequent requests to the producer.
Subbu
flat wrote:
Below you can find request and response messages.
Please note that the same portlet works fine when deployed in a single server domain without Clustering.
Request (Wed Mar 01 08:35:23 CET 2006)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="urn:oasis:names:tc:wsrp:v1:types">
<env:Body>
<ns0:initCookie>
<ns0:registrationContext xsi:nil="1"/>
</ns0:initCookie>
</env:Body>
</env:Envelope>
Response (Wed Mar 01 08:35:23 CET 2006)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<urn:initCookieResponse xmlns:urn="urn:oasis:names:tc:wsrp:v1:types"/>
</soapenv:Body>
</soapenv:Envelope>
Request (Wed Mar 01 08:35:23 CET 2006)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="urn:oasis:names:tc:wsrp:v1:types">
<env:Body>
<ns0:getMarkup>
<ns0:registrationContext xsi:nil="1"/>
<ns0:portletContext>
<ns0:portletHandle>portlet_struts_11_bea_base</ns0:portletHandle>
</ns0:portletContext>
<ns0:runtimeContext>
<ns0:userAuthentication>wsrp:none</ns0:userAuthentication>
<ns0:portletInstanceKey>74_14374_74_14186_14218</ns0:portletInstanceKey>
<ns0:namespacePrefix>__ns74_14374_74_14186_14218_</ns0:namespacePrefix>
<ns0:templates>
<ns0:defaultTemplate xsi:nil="1"/>
<ns0:blockingActionTemplate>wsrp_rewrite?wsrp-urlType=blockingAction&wsrp-navigationalState={wsrp-navigationalState}&wsrp-interactionState={wsrp-interactionState}&wsrp-mode={wsrp-mode}&wsrp-windowState={wsrp-windowState}&wsrp-fragmentID={wsrp-fragmentID}/wsrp_rewrite</ns0:blockingActionTemplate>
<ns0:renderTemplate>wsrp_rewrite?wsrp-urlType=render&wsrp-navigationalState={wsrp-navigationalState}&wsrp-mode={wsrp-mode}&wsrp-windowState={wsrp-windowState}&wsrp-fragmentID={wsrp-fragmentID}/wsrp_rewrite</ns0:renderTemplate>
<ns0:resourceTemplate>wsrp_rewrite?wsrp-urlType=resource&wsrp-url={wsrp-url}&wsrp-requiresRewrite={wsrp-requiresRewrite}/wsrp_rewrite</ns0:resourceTemplate>
<ns0:secureDefaultTemplate xsi:nil="1"/>
<ns0:secureBlockingActionTemplate><![CDATA[wsrp_rewrite?wsrp-urlType=blockingAction&wsrp-secureURL=true&wsrp-navigationalState={wsrp-navigationalState}&wsrp-interactionState={wsrp-interactionState}&wsrp-mode={wsrp-mode}&wsrp-windowState={wsrp-windowState}&wsrp-fragmentID={wsrp-fragmentID}/wsrp_rewrite]]></ns0:secureBlockingActionTemplate>
<ns0:secureRenderTemplate>wsrp_rewrite?wsrp-urlType=render&wsrp-secureURL=true&wsrp-navigationalState={wsrp-navigationalState}&wsrp-mode={wsrp-mode}&wsrp-windowState={wsrp-windowState}&wsrp-fragmentID={wsrp-fragmentID}/wsrp_rewrite</ns0:secureRenderTemplate>
<ns0:secureResourceTemplate>wsrp_rewrite?wsrp-urlType=resource&wsrp-secureURL=true&wsrp-url={wsrp-url}&wsrp-requiresRewrite={wsrp-requiresRewrite}/wsrp_rewrite</ns0:secureResourceTemplate>
</ns0:templates>
</ns0:runtimeContext>
<ns0:userContext>
<ns0:userContextKey>wsrp:minimal</ns0:userContextKey>
</ns0:userContext>
<ns0:markupParams>
<ns0:secureClientCommunication>false</ns0:secureClientCommunication>
<ns0:locales>en-us</ns0:locales>
<ns0:mimeTypes>text/html</ns0:mimeTypes>
<ns0:mimeTypes>text/xml</ns0:mimeTypes>
<ns0:mimeTypes>text/vnd.oracle.mobilexml</ns0:mimeTypes>
<ns0:mode>wsrp:view</ns0:mode>
<ns0:windowState>wsrp:normal</ns0:windowState>
<ns0:clientData>
<ns0:userAgent>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) RPT-HTTPClient/0.3-3</ns0:userAgent>
<ns0:extensions>
<oracle:GenericExtension xmlns:oracle="http://xmlns.oracle.com/portal/wsrp/v1">
<ns0:NamedString name="X-Oracle-Device.MaxDocSize">
<ns0:value>0</ns0:value>
</ns0:NamedString>
<ns0:NamedString name="X-Oracle-Device.Class">
<ns0:value>pcbrowser</ns0:value>
</ns0:NamedString>
<ns0:NamedString name="X-Oracle-Device.Secure">
<ns0:value>false</ns0:value>
</ns0:NamedString>
<ns0:NamedString name="X-Oracle-Device.Orientation">
<ns0:value>landscape</ns0:value>
</ns0:NamedString>
</oracle:GenericExtension>
</ns0:extensions>
</ns0:clientData>
<ns0:markupCharacterSets>utf-8</ns0:markupCharacterSets>
<ns0:validNewModes>wsrp:view</ns0:validNewModes>
<ns0:validNewWindowStates>wsrp:normal</ns0:validNewWindowStates>
<ns0:validNewWindowStates>wsrp:maximized</ns0:validNewWindowStates>
<ns0:validNewWindowStates>wsrp:minimized</ns0:validNewWindowStates>
</ns0:markupParams>
</ns0:getMarkup>
</env:Body>
</env:Envelope>
Response (Wed Mar 01 08:35:23 CET 2006)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<urn:getMarkupResponse xmlns:urn="urn:oasis:names:tc:wsrp:v1:types">
<urn:markupContext>
<urn:mimeType>text/html; charset=UTF-8</urn:mimeType>
<urn:markupString><![CDATA[<html>
<head>
<title>Ricerca soggetti (esempio)</title>
<base href="http://10.102.98.20:10080/struts11Bea/moduloBase/ricerca.jsp">
</head>
<body>
</body>
</html>]]></urn:markupString>
<urn:locale>en</urn:locale>
<urn:requiresUrlRewriting>false</urn:requiresUrlRewriting>
</urn:markupContext>
<urn:sessionContext>
<urn:sessionID>GFT7LcLT1vmPHDvWTWM28TpWhkG1DW8tsl31Npxvph2mZjg29KNg!-4321636!-1133063828</urn:sessionID>
<urn:expires>3600</urn:expires>
</urn:sessionContext>
</urn:getMarkupResponse>
</soapenv:Body>
</soapenv:Envelope>
Request (Wed Mar 01 08:35:36 CET 2006)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="urn:oasis:names:tc:wsrp:v1:types">
<env:Body>
<ns0:performBlockingInteraction>
<ns0:registrationContext xsi:nil="1"/>
<ns0:portletContext>
<ns0:portletHandle>portlet_struts_11_bea_base</ns0:portletHandle>
</ns0:portletContext>
<ns0:runtimeContext>
<ns0:userAuthentication>wsrp:none</ns0:userAuthentication>
<ns0:portletInstanceKey>74_14374_74_14186_14218</ns0:portletInstanceKey>
<ns0:namespacePrefix>__ns74_14374_74_14186_14218_</ns0:namespacePrefix>
<ns0:sessionID>GFT7LcLT1vmPHDvWTWM28TpWhkG1DW8tsl31Npxvph2mZjg29KNg!-4321636!-1133063828</ns0:sessionID>
</ns0:runtimeContext>
<ns0:userContext>
<ns0:userContextKey>wsrp:minimal</ns0:userContextKey>
</ns0:userContext>
<ns0:markupParams>
<ns0:secureClientCommunication>false</ns0:secureClientCommunication>
<ns0:locales>en-us</ns0:locales>
<ns0:mimeTypes>text/html</ns0:mimeTypes>
<ns0:mimeTypes>text/xml</ns0:mimeTypes>
<ns0:mimeTypes>text/vnd.oracle.mobilexml</ns0:mimeTypes>
<ns0:mode>wsrp:view</ns0:mode>
<ns0:windowState>wsrp:normal</ns0:windowState>
<ns0:clientData>
<ns0:userAgent>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) RPT-HTTPClient/0.3-3</ns0:userAgent>
<ns0:extensions>
<oracle:GenericExtension xmlns:oracle="http://xmlns.oracle.com/portal/wsrp/v1">
<ns0:NamedString name="X-Oracle-Device.MaxDocSize">
<ns0:value>0</ns0:value>
</ns0:NamedString>
<ns0:NamedString name="X-Oracle-Device.Class">
<ns0:value>pcbrowser</ns0:value>
</ns0:NamedString>
<ns0:NamedString name="X-Oracle-Device.Secure">
<ns0:value>false</ns0:value>
</ns0:NamedString>
<ns0:NamedString name="X-Oracle-Device.Orientation">
<ns0:value>landscape</ns0:value>
</ns0:NamedString>
</oracle:GenericExtension>
</ns0:extensions>
</ns0:clientData>
<ns0:navigationalState/>
<ns0:markupCharacterSets>utf-8</ns0:markupCharacterSets>
<ns0:validNewModes>wsrp:view</ns0:validNewModes>
<ns0:validNewWindowStates>wsrp:normal</ns0:validNewWindowStates>
<ns0:validNewWindowStates>wsrp:maximized</ns0:validNewWindowStates>
<ns0:validNewWindowStates>wsrp:minimized</ns0:validNewWindowStates>
</ns0:markupParams>
<ns0:interactionParams>
<ns0:portletStateChange>readOnly</ns0:portletStateChange>
<ns0:interactionState>action=%2FmoduloBase%2Fabout%26module=%2FmoduloBase</ns0:interactionState>
</ns0:interactionParams>
</ns0:performBlockingInteraction>
</env:Body>
</env:Envelope>
Response (Wed Mar 01 08:35:36 CET 2006)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault xmlns:urn="urn:oasis:names:tc:wsrp:v1:types">
<faultcode>urn:InvalidSession</faultcode>
<faultstring>The given session ID [GFT7LcLT1vmPHDvWTWM28TpWhkG1DW8tsl31Npxvph2mZjg29KNg!-4321636!-1133063828] is invalid or the session corresponding to this ID has expired.</faultstring>
<detail>
<urn:InvalidSession/>
<urn1:FaultDetail xmlns:urn1="urn:bea:wsrp:ext:v1:types">
<urn1:created>2006-03-01T08:35:36.558+01:00</urn1:created>
<urn1:trace>com.bea.wsrp.faults.InvalidSessionException: The given session ID [GFT7LcLT1vmPHDvWTWM28TpWhkG1DW8tsl31Npxvph2mZjg29KNg!-4321636!-1133063828] is invalid or the session corresponding to this ID has expired.
 at com.bea.wsrp.producer.handlers.markup.SessionIdFilter.validateSession(SessionIdFilter.java:106)
 at com.bea.wsrp.producer.handlers.markup.SessionIdFilter.doFilter(SessionIdFilter.java:72)
 at com.bea.wsrp.producer.handlers.AbstractServiceHandler.preprocess(AbstractServiceHandler.java:139)
 at com.bea.wsrp.producer.handlers.AbstractServiceHandler.service(AbstractServiceHandler.java:73)
 at com.bea.wsrp.producer.handlers.markup.MarkupServiceHandler.service(MarkupServiceHandler.java:262)
 at com.bea.wsrp.producer.WsrpServer.processServiceRequest(WsrpServer.java:299)
 at com.bea.wsrp.producer.WsrpServer.service(WsrpServer.java:198)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006)
 at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
 at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6718)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
 at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
 at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3764)
 at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
 at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
 at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)</urn1:trace>
</urn1:FaultDetail>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

EP Administration Project

hi all,
I want to know the sites where i can get the EP-Admin Projects for testing my skills in this domain.If anybody knows plz help me.
bye
pradeep

Sathish,
First of all welcome to EP Administrators world.
Enterprise Portal Administration contains the below tasks:
1.SAP Enterprise Portal installation.
2. Database Installation for EP.
3. SAP WebAs installation.
4. EP upgradation (versions 5.0 ->6.0 -> 7.0)
5. IIS Configuration.
6. SPNego Configuration.
7. Windows Kerberos Authentication.
8. Service Pack upgradation (SP10->SP11 etc..)
9. UME Configuration settings.
10. Active Directory Configuration
11. Visual Admin/Config tool Configurations
12. JVM Parameter settings
13. Solution Manager Settings/Configurations.
14. Wiley tool Installation/Configuration.
15. Portal performance management.
16. iView Creation for BW report
17. Role Assigning/Creation
18. Creating Groups/Worksets/Pages/iViews/roles/layouts and maintenence
19. Knowledge management and Collaboration installation/upgradation
20.Optimizing Network traffic
21. load balancer setup
22. DNS configuration
23.Installation of MSCS Clustering Portals
24.Secure Socket layer Management like turn off ssl between IISproxy and sap j2ee engine.
25.Configuration of Universal Worklist.
and so on...
I think I have given almost 75% of the job that EP Administrators do.
If you need more clarification please let me know.
Regards,
Karthick Eswaran

How to configure Login Modules Stack for Kerberos/LDAP

Hello collegues,
currenty we are working on UME configuration for the following use case.
Clustered portal instance NW2004s running on AIX should be able to authenificate two groups of users.
The first one is described by LDAP Data Source (Sun Directory Server) and using some artificial unique userID. Based on this userID, the SSO Ticket is created to get acces to the backend R/3 system. The LDAP schema has an "userdomain" attribute in it.
The new group using ADS. These users are happy using it, because they have windows-based authentification and don't forced to type any credentials during login.
There are plenty of blogs decribing how to connect ADS (even as a second DataSource) to UME.
There are two unsolved problems:
1. ADS account attributes does not have the userID needed to get an SSO Ticket
2. LDAP DataSource has no ADS password and can not be used for Kerberos authentification.
What could be a solution for this case? I am sure we need an extra login module which enrich the Subject (user, which is already authentificated by SPNego module) with userID, selected from LDAP DataSource based on user attributes.
Is there any other solution? May be I can mix some attributes in a DataSource configuration file?
Best regards
Sergej Naimark

Hi Frank,
did you configure the SSO for an individual policy configuration or did you edit and save the changes the ticket policy config? I ask, b/c if you applied the changes to the individual policy config then the SSO with certificates will be used only when you access the applications for that policy config.
You can also double check the login module flags - perhaps the authentication check doesn't reach the ClientCertLM at all.
Since you followed the help portal instruction I assume you've enabled strong crypto - it is required for client cert SSO. Ano easily committed mistake is to also not use the HTTPS port in the access URL.
Let me know if this helps...
Yonko

Time Based Publishing - Not Working

Hello SAP KM Gurus-
I had configured Time Based Publishing to work on our clustered portal. Everything worked fine until we went to a central instance / dialog set-up. Now Time Based Publishing no longer works and I can't seem to get it to work no matter what I do. I have so far: scheduled the job on only one instance (as per the clustering guidelines in SAP Library), turned it on with properties with the repository (and for the folder I wish to use) and have checked to make sure the service is okay in KM Configuration. However, it seems like the job never comes by to hide the documents b/c they just show up for Read users no matter what I change. As I stated before, this was working fine until we went to the new configuation.
I've checked SAP Notes with no luck. Anyone have any idea why this is not working? I'm fresh out.
Any help greatly appreciated...
Jim

Hello Anjali-
Thanks for your post. Yes, I have checked that. Here are my settings - I have Check Valid From assigned to one instance running on the Central Instance and Check Valid To assigned to the other instance (we have two instances on each server) as per the help docs. In component monitor, tbp is coming up green and the properties it is State-Ok. On the repositories, I have both tbp and properties assigned and when I enable tbp I can get the lifecycle tab for the documents. It appears as if everything is set up right. However, the read users can see the documents just fine when they shouldn't. It seems as if the Check Valid From and Check Valid To jobs just never run.
Is there anyway I can see if the jobs have run and what the schedule was? The tbp report also showing nothing... Does it look like I'm doing anything wrong above. I'm on EP 14/KM 14 by the way...
Thanks for your help-
Jim

Spnego on a clustered portal

Similar Messages

Maybe you are looking for