cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Implementation of SSO using SPNego with X.509 certificate

Go to solution
manna_das
Contributor

on ‎03-06-2013 12:02 PM

0 Kudos

Hello Hemanth,


We have implemented SSO using LDAP with X.509 certificate. It works absolutely fine. But the client says that he don't want to login again in client, so now we are changing it to SPNego with X.509 certificate, we did all the settings required for SPNego but we are getting the error attached in the screenshot. can you help us in this regard?


Thanks in advance.


Kind Regards

Manna Das

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

manna_das
Contributor
‎03-08-2013 7:02 AM
0 Kudos

Anybody can help us ?

We have Win Server 2008 and NW 7.3

Thanks & Regards

Manna Das

Show replies
Show replies
manna_das
Contributor
‎03-29-2013 5:18 AM
0 Kudos

Thanks guys for the help .

We have solved the issue by upgrading Secure Login Client to 1.4 version and Secure login library also.

and changed the UserMapping as Mapping Mode > Principal@Realm and Source > Virtual User under SPNego Tab in NWA.

Kind Regards

Manna Das

Former Member
‎04-29-2013 3:02 PM
0 Kudos

Hi Manna Das

If possible kindly could share the document in SAP SDN. so that it will be helpful for everyone.

Regards

Pankaj

manna_das
Contributor
‎04-30-2013 6:14 AM
0 Kudos

Hello Sai,

Document on which functionality you want LDAP and x.509 aur Win AD to x.509?

Kind Regards

Manna Das

Former Member
‎04-30-2013 10:45 AM
0 Kudos

Hi Manna

Thanks for your reply.I am looking for LDAP and x.509.

Regards

Pankaj

manna_das
Contributor
‎04-30-2013 12:25 PM
0 Kudos

Hello Pankaj,

follow exactly the following link and videos to configure SSO with LDAP and x.509, apart from this you have to keep in mind below points

  1. install secure login client version 1.0 support package 4, patch level 2,
  2. In windows AD go to properties of the user and in ServicePrincipalName give fully qualified domain name ex : HTTP/servername

http://scn.sap.com/docs/DOC-40179

http://scn.sap.com/community/netweaver-sso/blog/2012/08/17/how-to-configure-sap-netweaver-single-sig...

Let me know if you face issues.

Kind Regards

Manna Das

Former Member
‎04-30-2013 1:16 PM
0 Kudos

Hi Manna

Thanks for your valuable information.Sure will get back to you.if i face issues..

Regards

Pankaj

Former Member
‎05-06-2013 8:58 PM
0 Kudos

Hi Manna

We have to perform :SSO Configuration in Between MS Active Directory and SAP JAVA.

Configuration between  Windows 2008R2  Active directory  and SAP JAVA 7.01

and SSO will be kerberos based.Where JAVA stack runs on AIX 6.1.

I hope we  can follow the SPNEGO configuration, am i right?.Please give ur inputs and prerequistes for this.

Regards

Pankaj


manna_das
Contributor
‎05-07-2013 9:33 AM
0 Kudos

Hello Pankaj,

this is ok and SAP JAVA 7.3 required and also pls check the prerequistes:

Kind Regards

Manna Das

Former Member
‎05-07-2013 2:35 PM
0 Kudos

HI manna

Thanks for your reply

1. I need  to perform SSO configuration between Windows 2008 R2 Active Directory and SAP JAVA 7.01 where my JAVA System is in AIX 6.1

2. SSO can be Kerberos based or any ticket based.

3. User mapping should be there between user of JAVA stack and ADS. (i.e. Java system has    username which is different from active diretcory username).

4. SAP JAVA stack runs on AIX 6.1 with ESS running on it and LDAP server is MS Active directory 2008 R2.

Please share the link guide i am trying to find for AIX based one..

From

Pankaj

manna_das
Contributor
‎05-08-2013 5:21 AM
0 Kudos

Hi Pankaj,

here is the link, check if this is helpful for you

https://www.realtech.com/wJapan/pdf/SAP_Single_Sign-On_und_Secure_Connections_via_SNC_Adapter_basier...

ftp://ftp.sap.com/pub/icc/bc-snc40/SNC_User_Guide.pdf

https://service.sap.com/sap/support/notes/150380

But Pankaj somewhere I have read this "If you have SAP on AIX or any other Unix or Linux, then you need to use a product from a SAP partner"


Kind Regards

Manna Das

Former Member
‎05-08-2013 8:41 AM
0 Kudos

Hi Manna

Thanks for reply.The links which you had mentioned  for ABAP stack. I am looking for JAVA STACK SAP NETWEVAER PORTAL 7.01.

i am following  these links below mentioned.i hope this will work for me.If you also have any related to java stack plz share..

http://help.sap.com/saphelp_nw73/helpdata/en/4a/3f5530efa0044ee10000000a42193

7/content.htm


http://help.sap.com/saphelp_nw73/helpdata/en/21/bff93c7dcd458e9d71539a6d50dbb

e/content.htm

http://help.sap.com/saphelp_nw73/helpdata/en/f4/1978c3a37a441b87a89d61c1a0868

9/frameset.htm

FROM

PANKAJ

manna_das
Contributor
‎05-08-2013 9:24 AM
0 Kudos

Hi Pankaj,

Check this link

http://scn.sap.com/thread/1958781

the above links are not working

KR,

Manna Das

Answers (2)

Answers (2)

manna_das
Contributor
‎03-08-2013 7:02 AM
0 Kudos

This message was moderated.

Show replies
Show replies
Former Member
‎03-06-2013 5:27 PM
0 Kudos

I'm not Hemanth, if you want to address a certain individual use a proper communication method (between you and that individual).

Regarding the topic of the discussion, see the attached link. If you want to use SPNEGO, you can't use Secure Login Web Client.

http://scn.sap.com/message/13852149

Show replies
Show replies
manna_das
Contributor
‎03-07-2013 4:10 AM
0 Kudos

Hello Samuli,

Thanks for the reply and sorry for the specific name mentioned there .

If it is not possible then how in the following videos the person has done it? http://scn.sap.com/docs/DOC-40179. Moreover one more thread is there where same scenario is implemented http://scn.sap.com/thread/3290127.

We have followed step by step. But still unable to succeed.

Can anyone help us in this regard?

Thanks in advance

Kind regards

Manna Das

Former Member
‎03-07-2013 5:55 AM
0 Kudos

I don't know exactly what you have done and what you are trying to achieve but both AS JAVA and AS ABAP are happy to accept X.509 certificates without SPNEGO. Even without the Secure Login Client.

Ask a Question