SAP Knowledge Base Article - Preview

2162289 - Netweaver Java SPNego configuration with ABAP user store

Symptom

  • Configuration of  SAP AS Java to use SPNEGO. The KERBEROS token received (in webdiagtool trace) has a userprincipalname,
  • The user data source of the engine is ABAP and need to have different user IDs in LDAP server and ABAP system,
  • How to do the user mapping in new SPNEGO wizard,
  • In ABAP system SPNego works under SNC mapping but this does not apply to the java stack,
  • Error below is found in webdiagtool trace.
07:22:20:089 Error J2EE_GUEST HTTP Worker....core.server.jaas.SPNegoLoginModule Could not validate SPNEGO token.

[EXCEPTION]

com.sap.engine.services.security.authentication.umapping.UserMappingNoSuchUserException: 
No user with user attributes [[namespace=com.sap.security.core.usermanagement, name=snc name, value=miller@example.com, isCaseSensitive=false]] found
 
at com.sap.engine.services.security.authentication.umapping.UserMappingServiceImpl.getUserByUserAttributes(UserMappingServiceImpl.java:149)
 
at com.sap.security.core.server.jaas.spnego.util.SPNEGOUserMappingUtil.searchUser(SPNEGOUserMappingUtil.java:106)


Read more...

Environment

  • User data source of SAP AS Java is ABAP,

  • User IDs in LDAP server and ABAP user data source are different,

  • New SPNEGO wizard is used.(SAP Note:1488409 - New SPNego Implementation) SAP NetWeaver Web AS 2004 (6.40) SP27

  • SAP NetWeaver Web AS 2004S (7.00) SP23
  • SAP NetWeaver Web AS 2004S EhP1 (7.01) SP08
  • SAP NetWeaver Web AS 2004S EhP2 (7.02) SP06
  • SAP NetWeaver Web AS 710 SP1
  • SAP NetWeaver Web AS 711 EhP1 (7.11) SP10
  • SAP NetWeaver Web AS 720 SP2
  • SAP NetWeaver Web AS 730 SP1
  • SAP NetWeaver Web AS 731 SP1
  • SAP NetWeaver Web AS 740 SP1

Product

SAP NetWeaver 2004 ; SAP NetWeaver 7.0 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver Composition Environment 7.1 ; SAP NetWeaver Composition Environment 7.2 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 1 for SAP NetWeaver Composition Environment 7.1 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

SPNEGO, wizard, configuration, user, mapping, ABAP, user, datasource, data source, KDC, SNC, sncname, attribute, kerberos email dataSource, Configuration_abap.xml, user, principalname, SPNEGO, User, Mapping LDAP, "USER principal", KPN , KBA , BC-JAS-SEC-LGN , Logon, SSO , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.