>

> Thanks for your reply.
> 
> Our Os is Windows NT.
ok, then you can use the SNC libraries provided by SAP as it sounds like they will be what you need for SAP GUI SSO. For BSP pages  you would use the SPNEGO login module from SAP, included in NetWeaver 2004 or 2004s.
> 
> And we are not looking to use SSO via active directory - do u think that wud be more feasible option ?

Yes, very much. Any other approach would be insecure and problematic.

I recommend that you get your Basis team to implement this, and then your users will enjoy SSO benefits for both SAP GUI and also for Web access to your applications (including BSP applications).

Thanks,

Tim

So, you want SSO but you don't want SSO This is confusing.

Is this correct:

1. User logs onto BSP application, and gets asked for userid and password

2. User logs onto SAP using SAP GUI and gets SSO

3. User logs onto SAP GUI and then logs onto BSP application from SAP GUI link, and gets authenticated without logging in again.

If above is correct, which userid and password do you want to use ? I assume you want to use Active Directory userid and password so that the user uses same login password for their workstation as they do when logging onto SAP applications.

I know how to implement all of above using third party software, but I am not sure if all of these requirements are possible using off-the-shelf functionality from SAP. I am especially not sure about option 3.

Thanks,

Tim

I am not sure if it is possible to get SAP ABAP AS to issue an SSO2 ticket after a user has logged into SAP using SAP GUI. The approach I was suggesting instead, is to allow user to be authenticated to ABAP AS with the same secure method, regardless of whether they access it via browser or via GUI. This is what I have seen other customers do with similar requirements to yours.

Maybe somebody else can confirm if it is possible to issue an SSO2 ticket when a user is logged on via SAP GUI ? I cannot think technically how this might be possible, but I might be surprised ...

Thanks,

Tim

Hi Tim,

Tim Alsop wrote:

For BSP applications, I assume a web browser is used to access the application, and for other applications SAP GUI will be used. What you are asking for is very common, and often asked on this forum. Can you confirm if the user logged onto worstation is logged onto an Active Directory domain account ? Also, can you mention what operating system your SAP systems are running on ? With this information I will explain to you the options available.

Thanks,
Tim

I have a very similar requirement, as u mentioned,

Our user is logged on to Active Directory Domain Account and we are using Windows.

Can u please help me with the step by step process in order to achieve this requirement.

Below is my scenario:

We don't have an EP portal. We have created a BSP application that serves as a launchpad for various applications. Now once the user logs into the workstation and tries to use our application, they are prompted to enter their R3 user id password which is something they don't like.

1. Is it possible to use the application without entering username and password. (SSO functionality -     here the domain user id is same as their R3 user id).

2. If at all they are prompted to enter their user id and password, then it should be their workstation       user id and password.

Kindly guide.