05-18-2009 10:14 AM
I have the following scenario. I am running SAP BW 3.5 web reports and I want to set up single sign on to those web reports without using portal. I am running on windows platform and have already configured the sapgui sso functionality. However I also want sso functionality for the bex web. Can anyone tell me if and how this has been done and point me to the right direction.
05-18-2009 12:11 PM
Hi,
If you have activated the Java stack on you BW 3.5 system, it is possible using the spnego method.
Please refer to help.sap.com to know precisely how to set the configuration.
Regards,
Olivier
05-18-2009 12:11 PM
Hi,
If you have activated the Java stack on you BW 3.5 system, it is possible using the spnego method.
Please refer to help.sap.com to know precisely how to set the configuration.
Regards,
Olivier
06-15-2009 7:15 PM
Does anyone know if there's SPNEGO equivalent that can be implemented on the ABAP stack for BSP apps?
Thanks,
Kiran
06-15-2009 7:20 PM
There are only tricks and 3rd party products.
The ABAP login module stack is not configurable like the Java stack.
Cheers,
Julius
05-03-2010 9:43 AM
Hi Julius,
Do you know whether it is possible run 3.5 queries via SSO without the portal with the User Authentication and Single Sign-On improvements in EHP2?
regards,
John Marelich
05-03-2010 12:50 PM
The only safe supported way of doing this is using a PKI. The unsafe way involves SAP Login Tickets which can also be issued by an ABAP stack. I would not call either way third party or trick.
05-03-2010 1:00 PM
You DO NOT need a PKI to solve this need. Instead, you can use the Java stack, configure the BW service in SICF transaction to redirect to the Java stack, where SPNEGO (e.g. Negotiate protocol) is used to authenticate the user, then redirect back to the app on ABAP stack along with the SSO2 ticket issued by Java stack. This is standard, secure and very common method of solving this problem and it DOES NOT require the overhead of a PKI.
Thanks,
Tim
05-03-2010 4:03 PM
Hi Tim,
the original poster specified that he didn't want to use the portal and I assumed that that included the java stack. Most here will agree that one can use Login Tickets for that, but I wouldn't call them secure...
btw. how are you?
Regards,
Sietze
05-03-2010 4:28 PM
>
> Hi Tim,
>
> the original poster specified that he didn't want to use the portal and I assumed that that included the java stack. Most here will agree that one can use Login Tickets for that, but I wouldn't call them secure...
If you are going to make claims that SSO2 tickets are NOT SECURE, then please make sure that you give examples and facts to explain why SSO2 tickets are not secure. Anyway, this is going off topic, since it is not related to the question asked by the customer in this thread.
>
> btw. how are you?
I am very well thanks.
>
> Regards,
> Sietze
05-16-2010 10:00 PM
Well, in the future there will be a 3rd way: using SAML 2.0 and an Identity Provider (IdP) which is capable of supporting "Windows Integrated Authentication" (e.g. SAP IDM 7.2 or Microsoft ADFS 2.0) in conjunction with an NWAS ABAP 7.02 (or subsequent releases) which is acting as SAML Service Provider (SP).