cancel
Showing results for 
Search instead for 
Did you mean: 

SSO Best Pratice

Former Member
0 Kudos

Hi,

Could anyone give some input regading best pratice for establishing SSO to ITS.

In our setup we do not have an SAP portal in our environment but an IIS with a few direct links til ITS services on ECC.

We use Active directory. How can we avoid that users get prompted for logiin when accessing ITS Services?

Accepted Solutions (1)

Accepted Solutions (1)

former_member194364
Active Contributor
0 Kudos

Hi Bruce,

Can you clarify if you are using the ITS 6.20 Standalone or the Integrated ITS 6.40/7.00??

From your description I believe you will need to use X.509 certificates

you can find more information online in SDN in the Security forum.

You wont be able to use "SAP Logon ticket" for SSO implementation.

This solution works with an SAP Portal > ITS.

Can use the two parameters:

login/create_sso2_ticket =2

login/accept_sso2_ticket =1

But if you are only talking about one ITS system without portal, it is not

possible as there is NO ticket issuer system (SAP Portal)!

So, the only possible solution I can see it SSO implementation with

X.509 certificate (SSL),

See also note Number:

[1257108 Collective Note: Analyzing issues with Single Sign|https://service.sap.com/sap/support/notes/1257108]

and review the following documentation:

http://help.sap.com/saphelp_nwpi71/helpdata/en/

b1/07dd3aeedb7445e10000000a114084/frameset.htm

You also can visit the following SCN blogs:

/people/andre.fischer/blog/2010/03/31/single-sign-on-technologies-supported-by-the-sap-netweaver-application-server-as-a-service-provider-in-microsoft-based-environments

and

/people/andre.fischer/blog/2010/05/27/single-sign-on-for-sap-netweaver-leveraging-x509-certificate-auto-enrollment-in-microsoft-active-directory

Regards,

Oisin

Former Member
0 Kudos

You also probably can use a 3rd party SSO solution if you're working with the ITS. Probably can keyword "single sign-on" in the SAP Ecohub Portal for a list of vendors.

I think you can use x.509 for SNC as well as SSL but you should verify that.

Answers (0)