- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- SSO on WAS 6.20 (unix) using kerberos and Windows ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SSO on WAS 6.20 (unix) using kerberos and Windows Active Directory (AD)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2009 12:28 PM
Hi Gurus!!
We are looking for the way to implement the Single Sign On in our R/3 Systems installed on unix of the Active Directory (obviously windows) users using Microsoft Kerberos.
I'm not able to find a documentation about this arquitecture.
Can somebody help me?
Is any documentation related with this topic?
Did Somwbody configure this kind of SSO?
Thank you very much in advanced,
Edorta Ramos
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2009 7:52 PM
Hi,
Search in the blogs you will get step by step guides which will automatically authenticate web as with Active directory. standard sap feature supports the same. I have configured from SAP running on sunsolaris and windows active directory. Also you can search in SAP help with the keyword "Directory services"
Regards,
Gowrinadh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2009 12:32 PM
>
> Can somebody help me?
yes, I can help.
> Is any documentation related with this topic?
Yes, but not documented on SAP websites because you need a product from a SAP partner, unless you want to develop something yourself and support it yourself using open source Kerbeross code.
> Did Somwbody configure this kind of SSO?
Yes, many companies use this kind of SSO. The company I represent just does this with our products.
>
> Thank you very much in advanced,
> Edorta Ramos
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2009 12:40 PM
Could you tell us how can we configure it?
Thanks in advanced,
Edorta Ramos
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2009 7:50 PM
Please let me know more about open source Kerbeross code, any references will be highly appreciated.
Regards,
Gowrinadh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2009 7:52 PM
Hi,
Search in the blogs you will get step by step guides which will automatically authenticate web as with Active directory. standard sap feature supports the same. I have configured from SAP running on sunsolaris and windows active directory. Also you can search in SAP help with the keyword "Directory services"
Regards,
Gowrinadh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2009 7:26 AM
Thank you for your references guys,
I'm reading a lot of documentation. Here I read that I need to use SNC on WAS for SSO from sapgui...
http://help.sap.com/saphelp_nw04/helpdata/en/43/4c363ac31e30f3e10000000a11466f/frameset.htm
And now I have a doubt, our app server is Unix, frontend clients on windows and Active Directory on Windows server. Where must be installed Kerberos sw? on unix server? on windows server? does not it matter?
THX
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2009 8:39 AM
Ramos,
Yes, SNC is required for SAP GUI SSO and/or SAP GUI network security.
If your AS is on UNIX, then you should use an SNC library provided by a SAP partner, since SAP do not provide any product/library for UNIX or Linux. Alterntatively you can try to build your own library by compiling the open source Kerberos library, but I don't recommend this approach.
Thanks,
Tim
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2009 9:03 AM
Hi Tim,
First of all, thanks for your reply,
What do you refer with AS? Application Server or Authentication Service (part of KDC of Kerberos)?
We talked with architecture team about this matter.
Our landscape is the next one:
Windows server with Active Directory, Microsoft Kerberos installed on windows too, frontend client (SAPGUI) on windows and Application Server (SAP System) on Aix.
So, can we "kerberize" our SAP system on Unix if the KDC is installed on Windows?
If we colud, what gssapi must we use? Must we use a SAP Partner SW?
We are a bit unexperienced in those matters.
THXS a lot,
Edorta Ramos
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2009 9:13 AM
Ramos,
I should have made it clearer. When I referred to AS, I was referring to the SAP ABAP AS (e.g. application server). Of course the KDC (e.g. Microsoft Active Directory) has an AS service as well...
yes, you can Kerberos enable (Kerberize) the SAP ABAP AS and SAP GUI using Kerberos libraries for Windows and AIX. As I mentioned already, since AIX is involved you should consider evaluating and buying SAP certified SNC libraries available from a SAP partner. Your first place to look is in SAP EcoHub (click link at top of this SDN forum to enter EcoHub) and search for SNC or Kerberos.
You asked about gssapi library - as I have said a few times, there is no gssapi (e.g. SNC library) provided by SAP for UNIX or Linux, so if you are using AIX you need to look elsewhere (e.g. SAP partner) and the SAP partner will also provide the compatible/supported library for the Windows workstations as well so you get a complete solution from the vendor.
Thanks,
Tim
- SAP Managed Tags:
- Security
