Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SAP GUI SSO through SAP Router

Former Member
0 Kudos

Hello Experts,

We are trying to implement SAP SSO by enabling SNC through Kerberos. Our users & SAP servers are in different domains.

And to implement SSO, we need to establish trust between two domains.

We don't want to establish trust due to security & company policy.

Now, I have question regarding an alternate solution which is through SAP Router. Currently  SAP Router cannot be accessed from active directory before asking infrastructure team to open firewall, I would like to know if this solution is feasible.

So my question is; If I have setup SSO using Kerberos in the scenario where active directory users' domain & SAP server domain have no trust; Will accessing SAP servers through SAP Router for SSO will work?

2 REPLIES 2

tim_alsop
Active Contributor
0 Kudos

Hi,

SAP router is securing communication at network transport layer, and has nothing to do with user authentication.

Why can't you setup one-way trust between domain used by SAP servers, and domain which users authenticated ? If you don't then a user's credentials cannot be trusted. The use of trust is very important for security reasons, so I am not understanding why your company thinks trust is against policy. Can you explain this policy and reasons ?

Thanks,

TIm

tim_alsop
Active Contributor
0 Kudos

It looks like you already asked about trust in previous thread - see http://scn.sap.com/thread/3305817