on 10-15-2004 2:42 PM
Hi there
I just read every paper I could find about SAP and SSO.
There's a lot about Enterprise Portal and backend (and only backend!) authentication via HTTP with the SSo2KerbMap Module.
It's kinda bit of bending of the meaning of SSO if you just mean you don't have to authenticate after creating a SapLogonTicket anymore but you have to login with username/pw to a SAP System at least once to create one.
What I'm trying to say: if I have to login to Windows (or any other OS) and then again to a SAP system, that's not really SSO. I'm missing a kerberos login module so the SapLogonTicket can be created by using the existing kerberos ticket on the windows client and just load the correct user & group information from the AD (LDAP) server. That would be true SSO.
Are there any OS login modules planned in the near future? Anyone?
Hello Jan,
are your SAP ABAP Servers running on Windows 2000 and are they in the same Domain? Then you can use Single Sign-On with Microsoft LAN Manager SSP. The procedure is described in the post installation activities or the Installation guide. For example Web AS 6.40 ABAP at: http://service.sap.com/instguides -> SAP NetWeaver -> Release 04 -> Installation -> SAP Web AS -> Inst. Guide - SAP Web AS ABAP 6.40 on Windows: "Your DB".
When you configure your system as described, you can logon to your Windows System, start SAP GUI, double click on a System and you're logged in.
Don't hesitate to ask further questions.
Regards
Gregor
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jan,
I also agree to your post. Up to now I still have not found a suitable authentication solution for our systems/applications. Our (client/server)landscape is commonly based on a W2K domain. We are running several SAP R/3 systems (>20 incl. DEV, QAS, PRD), web based applications (SAP WAS, Intranet, ITS, etc.) and many others. For accessing the SAP R/3 systems we almost use SAPGUI.
I'd also prefer the solution you described to have exclusively
one
authentication (user/pwd, token, key, card, etc.)To be honest: Up to know I've not even found a solution for the minority of these applications. I also read many things about SSO, tickets, and so on. But they all only seem to work with browser based access. Also the blogs mentioned in this post didn't help me on.
- Does anybody out there know some authentication methods which may satisfy me?
- Are there any documentations describing this topic on a more common level and not just particular parts (as e.g. Portal authentication, ITS, etc.)?
I'd really appreciate to have this topic handled by SDN.
Regards and thanks for any help
Jürgen
P.S.: Maybe I'll also post a link to this thread in the forums "Technology" and "Netweaver" to arouse a wider discussion...
Message was edited by: Jürgen Mayer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jan,
please see /people/gregor.wolf3/blog/2004/10/09/integrated-windows-authentication-with-sap-ep-60-sp-3-and-higher-part-2-of-2 and /people/gregor.wolf3/blog/2004/10/08/integrated-windows-authentication-with-sap-ep-60-sp-3-and-higher-part-1-of-2
Hope it helps
Detlev
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the responses.
I had a look at the weblog links Detlev provided.
Unfortunately this won't work in a scenario where one has standalone java clients as they need to have the JAAS subject locally. And you're always dependant on a redundant production environment IIS installation just for forwarding a login request.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.