08-26-2011 9:16 AM
Hello,
If we use the "Secure Login" component of the "SAP NW SSO" product to setup single sign-on from AD to SAP portal - what should the portal UME data source point to - AD, CUA or some other database?
The documents on "Secure Login" describe about the installation of the Secure login client, server and library. But I could not find any information on what the portal UME data source should be for this setup.
Thanks and Regards,
Reena
08-26-2011 9:20 AM
Hi,
The "Secure Login" product from SAP is not for portal authentication - it is for SAP GUI logon using SNC interface.
Thanks,
Tim
08-26-2011 9:20 AM
Hi,
The "Secure Login" product from SAP is not for portal authentication - it is for SAP GUI logon using SNC interface.
Thanks,
Tim
08-26-2011 9:54 AM
Hello, Thanks. But as per the documentations from SAP, it also supports SSO to Portal. Here is the exact statement from the documents on Secure Login available here:
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/d0a0ff07-5a63-2e10-8ab6-a6db0a3db73d [original link is broken]
"Secure Login also provides single sign-on for Web browser access to the SAP Portal (and other HTTPS-enabled Web applications) via SSL."
08-26-2011 10:17 AM
Hi,
The Secure Login library is an SNC library and SNC is not used for Web logon.
The Secure Login Client is an application installed onto Windows workstation, which includes an SNC library.
The only way you could use Secure Login Client for Web authentication, is if you used it to generate a certificate and then used x.509 certificate based authentication. This would require the use of a PKI or use of the Secure Login Server infrastructure product which would generate a certificate for the user when requested by the Client.
Thanks,
Tim
08-26-2011 10:36 AM
Yes, so the product does support SSO to SAP portal.
Using the Secure Login Server ( along with the Secure Login Web Client required for authentication via Web-Browsers), do you know what the portal UME should point to?
Thanks in advance.
Regards,
Reena
08-26-2011 10:46 AM
Hi,
in that caseauser will get a certificate for some username (I guess this depends on config for secure server). So user with this name needs to exist in UME. So you have multiple options how to get those users into UME. ABAP stack or AD should work.
Cheers
08-26-2011 10:51 AM
Yes, it seems so, but it requires a big decision in your company to use client certificates for authentication. Most companies don't do this, and they use the credentials already issued when a user logs into their workstation, namely Kerberos credentials - these credentials are supported by most browsers, so the HTTP negotiate protocol can be used to authenticate the user to SAP - no need to install any client software since the browser already supports this protocol for AD user authentication. Also, this would mean you DO NOT need to buy the SAP Secure Login Client and Secure Login Server products.
Thanks,
Tim
08-26-2011 11:02 AM