on 08-10-2011 4:11 PM
Hi ,
We are deploying a new applications to the iphone. It will be delived as a BSP using safari on the iphone.
User will authenticate with our VPN servers and to do this they will be required to enter a username and password every time.
When they call the BSP from our ECC6 system, we don't want then to have to authenticate again i.e. we are looking for SSO.
Currently users use Kerberos keys and ther Active directory accounts with SSO to the ECC6 system but kerberos is not supported on the iphone.
Anyone encounter this issue or know of a way of activating SSO between an iphone and SAP Webas.
Thanks
Jim
Hello,
I had the same problem and solved it as follows: You can generate a x.509 certificate file at your Active Directory DC (e.g. via http://DCservername/certsrv) and save the certificate as a .pfx file. Then, simply rename the file suffix to .p12 which is the file format for Safari (and Firefox).
Now you have two possibilities to transfer the certificate to your Apple device. Simply send it via email and install the attached file or use Apple's iPhone Configuration Utility (OK, if you've Sybase Afaria, you have a third option).
Hope this helps,
Herwig
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jim,
I have looked into this myself. We use SONICWALL Aventail Connect VPN servers. With those, I have spoken to the consultants that specialise in Aventail and they can configure a multitude of SSO options between the VPN server and the SAP systems. I am no expert with Aventail and I don't know what VPN server you use, but I know with Aventail it is theoretically possible (we have yet to action this). When you access a service via Aventail, it automatically requests authentication based on your AD credentials and optionally (based on config) a SecureID pin (if you want two factor authentication). Then it is up to configuration of the Aventail service to achieve SSO with your SAP system. From my thinking, if you have a SAP Portal or NetWeaver Java WAS you could route the calls via that, since the Java stack has more options for authentication (you could even code an authentication module there if necessary). Once you have a SSO cookie in your browser it can communication freely with your BSP.
Hope this helps.
Rgds
John
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.