3346384 - SPNego SSO doesn't work with Service Principal Names (SPNs) defined with a Port in the Service Account

Symptom

SPNego SSO is expected to work when accessing a hostname with a non-standard port (80/443), where the formed Service Principal Name would be in the following format:

HTTP/<hostname>:<port> e.g. HTTP/example.domain.com:43000

On the Active Directory service account, the SPN is registered with the port appropriately, but the SSO doesn't work.

Environment

Chromium-based browsers (Such as Microsoft's Edge and Google's Chrome);

Product

SAP NetWeaver Application Server for ABAP all versions ; SAP S/4HANA all versions ; SAP Single Sign-On all versions

Keywords

spnego, spnego sso, kerberos, port, spn, service principal name, 443, 80, no-default ports, ad, active directory, EnableAuthNegotiatePort , KBA , BC-SEC-LGN-SPN , SPNego for ABAP , BC-IAM-SSO-SL , Secure Login , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.