Gurus,
We have a trial license for NW SSO 2.0 SP05
We have these versions of SAP:
ECC 6.0 EHP6 ABAP AS w NW7.31 SP07
CRM 7.0 EHP2 ABAP AS w NW7.31 SP07
Pure JAVA AS w NW7.02 SP16
All 3 are AIX 6.1 with Kernel 7.21EXT #331
Our PCs are all Windows7 32-bit Enterprise SP1
We use IE10 browser
We use Microsoft AD to authenticate our PCs
Our AD login ID matches our SAP ID
I feel really good about having correctly setup SPnego for ABAP. I think we followed all the steps very closely and correctly:
Not to go into too much detail, but I followed the videos, applied the notes:
1. Install/config Secure Login Library for ABAP (at the AIX server/OS SAP level)
2. Created our AD service user with the setSPN per the video
3. enabled all the SNC/SPnego stuff in RZ10
4. followed all the steps to gen the keytab and PIN, credV2..just like in the video
5. restarted the SAP instance
6. TCODE SPNEGO...added the entry to reflect our AD user / domain that matches our keytab command
7. Installed the secure logon client
8. Rebooted the PC
9. Edited SU01 for our users to add the SNC entry...matching the Kerberos ticket to their SU01...looks good
10. edited SAPGUI logon pad to use SNC
So Logon pad is great...SNC always works.
SPnego for ABAP works awesome in terms of getting me to WEBGUI via IE browser...as well as NWBC via IE browser. No password. SWEET!
But ICWEB...aka Interaction Center webclient is a whole other issue.
when I hit the URL:
I use our typical URL to get direct to our CRM QA instance of ICWEB:
http://ourSAPhostname:ourSAPICM-HTTPport/sap/crm_logon
And I get right to the part where I can select my business role. And that is cool, because normally, before we did SSO, I would have been presented with a typical logon screen.
So I select my business role...just a custom role based off of an Utilities interaction center agent (since we are IS-U)
And them it hits me with a logon screen!
In case you can't read that , it says:
the server XXXX at SAP application server SID/CLIENT requires a username and password
Now, I can keep clicking "cancel" and get to the main screen, where I can work...but that isn't correct. It should just let me in!
And I swear this was all working a few days ago! But now I get this screen and so do all my other users who are testing.
This happens to all the folks, regardless of what PC they use, etc
Sounds crazy but this was working...and now I get this every time!
Help! what do you guys think?
thanks! NICK