Support Center > Search Results > SecureKnowledge Details
SSO Kerberos Authentication is not triggered in Mobile Access Web Application when 'SPNegoTokenRequested' header is being sent by the internal Web Server Technical Level
Symptoms
  • SSO Kerberos Authentication is not triggered in Mobile Access Web Application when the following http headers are being sent from the Web Server:
    set-cookie: SPNegoTokenRequested & set-cookie: sap-usercontext
  • The internal web server is SAP NetWeaver Application, and has a preference for HTTP authentication and in case it fails is will display a web form for manual authentication.
  • The Security Gateway is not triggering a request for a ticket from the Active Directory.
  • After a few milliseconds a web form is shown asking for manual authentication.
Cause

The Mobile Access Gateway attempts to connect with the 'SPNegoTokenRequested' token and is not sending the next HTTP packet with the Kerberos ticket.
The web server expects that the next received request to be sent with the Kerberos ticket, and since the ticket was not sent, the web server assumes we cannot perform Kerberos authentication, and displays a web form.


Solution
Note: To view this solution you need to Sign In .