5.6 Configuring the SAP Portal for Kerberos Authentication

  1. Add the following attributes to the default read-only datasourceConfiguration file:

    • kbr5principalname

    • kpnprefix

    • dn added to the user definition and mapped to the ADS attributes

    The SAP Portal UME Identity Store must be configured as an Active Directory Server (ADS) with Kerberos attributes added. For more information, see SAP Note 994791.

  2. Run the SPNego Wizard on the portal:

    1. For the Kerberos Principal Name, select Enter Principal.

    2. Specify the samAccountName of the user created for the Identity Server in Section 5.3.3, Creating a User Store for the Active Directory Domain.

    3. Specify the password for this user.

    4. Deselect Basic Password Fallback.

    5. Complete the wizard.

  3. Restart the J2EE* SAP server.

  4. Assign the SPNego Authentication Template to the Security Provider > ticket component through the J2EE Visual Admin Tool on the portal J2EE server.

  5. Restart the portal J2EE server.