Dear All,
We have configured SSO 2.0 product for our Fiori environment. Following the video link Single Sign-On with Kerberos, we have defined a SAPSNCKERB.pse file which only had the keytab entry for our company e.g. SL-USER@ABC.COM ... This entry was also added in SPNEGO in the Fiori ABAP system.
Now we want to enable SSO for our joint venture company XYZ. This company exists in our forest but under a separate domain XYZ.COM. For this, I added the keytab SL-USER@XYZ.COM in the SAPSNCKERB.pse file. I also added the same entry in SPNEGO. The canonical name is also being determined correctly for both.
To test the SSO functionality, we had our company user (who is also seconded to the JV company) log in via our company domain ABC.COM and launch the Fiori launchpad. SSO worked perfectly. Then to test the SSO functionality for the JV company, the same user logged in to the JV domain XYZ.COM and launched the Fiori page. In this case, the Fiori launchpad prompted for the password for JV company XYZ.
How can I get SSO working for the JV company? I did notice that in tcode STRUST, the SNC Cryptolib only has the entry SL-USER@ABC.COM. This has been configured following the above video link. Can this be the reason that SSO does not work for JV Company? If yes, how do I overcome this block?
Looking forward to your valuable assistance.
Kind regards,
Amer.