Our Enterprise portal(consolidation environment) has Kerberos authentication configured
Portal UME has ABAP datasource and is configured with ADS for Kerberos authentication
Our portal system was migrated to a new server recently and after that the kerberos authentication is broken
The old DNS name of the portal server has been retained.We have one more DNS name for the server.I got the actual physical server name and the DNS name also registered in ADS for the service account used by the portal for kerb authentiation
I removed the kerberos folder from the /usr/sap/SID/SYS/global and ran the SP nego wizard fresh
The service account we use for the kerb authentication is shared by our dev,sandbox and consolidated environment
For the service account we have assoicated all HTTP SPN's .There is only one HOST SPN which is our dev environment
HTTP/cons portal
HTTP/sandbox-portal
host/devportal
HTTP/devportal
While running the consolidation environment kerberos wizard we selected the option Enter Principal and in the Principal name we put the host entry of the development portal
Principal host/devportal
We have also set the krb5principla name attribute in Config tool
In resolution mode step we select KPN prefix as krb5principlaname
KPN suffix as dn
The kerberos wizrd did not throw any error,we were also able to resolve our User ID;s successfully in next step
For the sandbox server also we ran this way and it worked.
After running wizard we restarted j2ee and also went to Visual Admin and selected the spnego for the ticket component
The login modules are
Evaludate Ticket Moduel SUFFICIENT ume.configuration.active=true
SPNego LoginModule OPTIONAL
CreateTicketLoginModule SUFFICIENT ume.configuration.active=true
BasicpasswordLogin Module REQUISITE {}
CreateTicketLoginModule REQUISITE ume.configuration.active=true
However when we access our portal ,just open the portal page in the browser the page says loading and nothing happens.
It does not even pop up for user and password(fall back option is basic authentication)
Looks like kerberos is getting used but something happens internally and the page just hangs.
If we login to portal with users not in Active directory(like J2EE_ADMIN etc) the portal page opens fine.
The trace files do not give much information,we just see a message Kerberos Error(sidadm)--sid stands for system ID of our portal
Why does the sidadm come into picture here?
What may have gone wrong
Looking for your all expert feedback,I need to fix this ASAP.