SSO & SapLogonTicket

Former Member · ‎10-15-2004

Hi there

I just read every paper I could find about SAP and SSO.

There's a lot about Enterprise Portal and backend (and only backend!) authentication via HTTP with the SSo2KerbMap Module.

It's kinda bit of bending of the meaning of SSO if you just mean you don't have to authenticate after creating a SapLogonTicket anymore but you have to login with username/pw to a SAP System at least once to create one.

What I'm trying to say: if I have to login to Windows (or any other OS) and then again to a SAP system, that's not really SSO. I'm missing a kerberos login module so the SapLogonTicket can be created by using the existing kerberos ticket on the windows client and just load the correct user & group information from the AD (LDAP) server. That would be true SSO.

Are there any OS login modules planned in the near future? Anyone?

gregorw · ‎10-18-2004

Hello Jan,

are your SAP ABAP Servers running on Windows 2000 and are they in the same Domain? Then you can use Single Sign-On with Microsoft LAN Manager SSP. The procedure is described in the post installation activities or the Installation guide. For example Web AS 6.40 ABAP at: http://service.sap.com/instguides -> SAP NetWeaver -> Release 04 -> Installation -> SAP Web AS -> Inst. Guide - SAP Web AS ABAP 6.40 on Windows: "Your DB".

When you configure your system as described, you can logon to your Windows System, start SAP GUI, double click on a System and you're logged in.

Don't hesitate to ask further questions.

Regards

Gregor

Former Member · ‎10-18-2004

Hi Jan,

I also agree to your post. Up to now I still have not found a suitable authentication solution for our systems/applications. Our (client/server)landscape is commonly based on a W2K domain. We are running several SAP R/3 systems (>20 incl. DEV, QAS, PRD), web based applications (SAP WAS, Intranet, ITS, etc.) and many others. For accessing the SAP R/3 systems we almost use SAPGUI.

I'd also prefer the solution you described to have exclusively

one

authentication (user/pwd, token, key, card, etc.)

To be honest: Up to know I've not even found a solution for the minority of these applications. I also read many things about SSO, tickets, and so on. But they all only seem to work with browser based access. Also the blogs mentioned in this post didn't help me on.

- Does anybody out there know some authentication methods which may satisfy me?

- Are there any documentations describing this topic on a more common level and not just particular parts (as e.g. Portal authentication, ITS, etc.)?

I'd really appreciate to have this topic handled by SDN.

Regards and thanks for any help

Jürgen

P.S.: Maybe I'll also post a link to this thread in the forums "Technology" and "Netweaver" to arouse a wider discussion...

Message was edited by: Jürgen Mayer

detlev_beutner · ‎10-16-2004

Hi Jan,

please see /people/gregor.wolf3/blog/2004/10/09/integrated-windows-authentication-with-sap-ep-60-sp-3-and-higher-part-2-of-2 and /people/gregor.wolf3/blog/2004/10/08/integrated-windows-authentication-with-sap-ep-60-sp-3-and-higher-part-1-of-2

Hope it helps

Detlev

SSO & SapLogonTicket

Accepted Solutions (0)

Answers (3)

Answers (3)

Re: CPI Mapping condition issue

Re: Question regarding Class and Sub Class Constru...

Re: CF Deployment Error: Error getting tenant t0

Re: ABAP2XLSX delete row

Re: How to configure SAP system in Eclipse ?