SAP Knowledge Base Article - Preview

3467240 - SSO login not working in AS Java - Authorization header received is not SPNEGO token


The NetWeaver AS Java is configured for Kerberos Authentication. Kerberos authentication fails for some or all clients due to the browser sending a NTLM token and not a SPNego token which is required for successful authentication

After collecting Authentication trace as per SAP Note 1045019 example 3, resulted trace shows:

User: <...>
IP Address: <...>
Authentication Stack:*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd
Authentication Stack Properties:
        policy_domain = /webdynpro/resources/
        realm_name = Upload Protected Area
Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1.             SUFFICIENT  ok          false      false      true      
2.                     OPTIONAL    ok          exception  true       true       Authorization header received is not SPNEGO token: Basic <user name>:<secure content>
3.   REQUISITE   ok          true       true       true      
4.               OPTIONAL    ok          true       true       true      
Central Checks                                                                                                exception             Missing new password
Logon policies are disabled



SAP NetWeaver Application Server Java using SPNego/Kerberos/LDAP authentication


SAP NetWeaver Application Server for Java all versions


LDAP, directory server, AD, ADFS. Windows, Windows AD, active directory, directory service , KBA , BC-JAS-SEC-LGN , Logon, SSO , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.