Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Portal UME in SAP NW SSO Rel 1 - Secure Login

Go to solution
Former Member

‎08-26-2011 9:16 AM

0 Kudos

Hello,

If we use the "Secure Login" component of the "SAP NW SSO" product to setup single sign-on from AD to SAP portal - what should the portal UME data source point to - AD, CUA or some other database?

The documents on "Secure Login" describe about the installation of the Secure login client, server and library. But I could not find any information on what the portal UME data source should be for this setup.

Thanks and Regards,

Reena

1 ACCEPTED SOLUTION

Go to solution
tim_alsop
Active Contributor

‎08-26-2011 9:20 AM

0 Kudos

Hi,

The "Secure Login" product from SAP is not for portal authentication - it is for SAP GUI logon using SNC interface.

Thanks,

Tim

7 REPLIES 7

Go to solution
tim_alsop
Active Contributor

‎08-26-2011 9:20 AM

0 Kudos

Hi,

The "Secure Login" product from SAP is not for portal authentication - it is for SAP GUI logon using SNC interface.

Thanks,

Tim

Go to solution
Former Member
In response to tim_alsop

‎08-26-2011 9:54 AM

0 Kudos

Hello, Thanks. But as per the documentations from SAP, it also supports SSO to Portal. Here is the exact statement from the documents on Secure Login available here:

http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/d0a0ff07-5a63-2e10-8ab6-a6db0a3db73d [original link is broken]

"Secure Login also provides single sign-on for Web browser access to the SAP Portal (and other HTTPS-enabled Web applications) via SSL."

Go to solution
tim_alsop
Active Contributor
In response to tim_alsop

‎08-26-2011 10:17 AM

0 Kudos

Hi,

The Secure Login library is an SNC library and SNC is not used for Web logon.

The Secure Login Client is an application installed onto Windows workstation, which includes an SNC library.

The only way you could use Secure Login Client for Web authentication, is if you used it to generate a certificate and then used x.509 certificate based authentication. This would require the use of a PKI or use of the Secure Login Server infrastructure product which would generate a certificate for the user when requested by the Client.

Thanks,

Tim

Go to solution
Former Member
In response to tim_alsop

‎08-26-2011 10:36 AM

0 Kudos

Yes, so the product does support SSO to SAP portal.

Using the Secure Login Server ( along with the Secure Login Web Client required for authentication via Web-Browsers), do you know what the portal UME should point to?

Thanks in advance.

Regards,

Reena

Go to solution
mvoros
Active Contributor
In response to tim_alsop

‎08-26-2011 10:46 AM

0 Kudos

Hi,

in that caseauser will get a certificate for some username (I guess this depends on config for secure server). So user with this name needs to exist in UME. So you have multiple options how to get those users into UME. ABAP stack or AD should work.

Cheers

Go to solution
tim_alsop
Active Contributor
In response to tim_alsop

‎08-26-2011 10:51 AM

0 Kudos

Yes, it seems so, but it requires a big decision in your company to use client certificates for authentication. Most companies don't do this, and they use the credentials already issued when a user logs into their workstation, namely Kerberos credentials - these credentials are supported by most browsers, so the HTTP negotiate protocol can be used to authenticate the user to SAP - no need to install any client software since the browser already supports this protocol for AD user authentication. Also, this would mean you DO NOT need to buy the SAP Secure Login Client and Secure Login Server products.

Thanks,

Tim

Go to solution
Former Member
In response to tim_alsop

‎08-26-2011 11:02 AM

0 Kudos

Thanks Martin and Tim. I guess this answers my question.

Regards,

Reena