We have a question regarding the possibility to have the SSO on Multiple Domain/Forest…
Today we have a Domain DOM1, and we need to switch to a new Domain DOM2, and of course the SSO should be working for Both of them as the users will be members from both Domain.
I was able to find several KBs but it looks like that this is possible only if we have a 2-way Forest Trust, and unfortunately this is not our case (we have only 1 way trust between DOM2 and DOM1)
Any ideas, recommendations ? Did someone found a workaround ?
As per the official SAP documents it is required to have the two way trust between two domains.
The Krb5.ini mentioned by JohnBClark is right and helps enabling SSO.
In the same file you can mentioned CA Paths as well where you can define the Connectivity flow between 2 forest. But I guess having 2 way Forest trust is necessary for SSO.