cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NWBC & Kerberos

Go to solution
Murali_Shanmu
Active Contributor

on ‎04-12-2013 12:06 PM

0 Kudos

Hi,

I am trying to find a clean way of setting up Kerberos with NWBC. I have seen few discussion on SSO with NWBC and noticed different suggestions based on the current infrastructure which is already available at client place.

In my landscape, I have an NW Portal 7.3 and an SAP ERP system. Kerberos is already setup for the Portal and SSO is established between Portal and ERP. Hence, when a user logs into PC, they can launch the Portal and access backend ERP applications without the need to re-authenticate.

Now, NWBC comes into picture and the client wants to use it to access the ERP system. I am aware of  Kerberos setup on the SAPGUI which could allow access to ERP system. Since the users would not be using the SAPGUI  logon pad, where do I make the SNC settings? Do we need to make any changes to the logon Procedure for the NWBC service in SICF ?

I also came across an interesting blog by Andre Fischer where he mentions "The SAP NetWeaver Business Client supports Windows Integrated Authentication as the initial authentication if the SAP NetWeaver Portal services infrastructure used is configured to use the SPNego Login Module". I am not quite sure how to achieve this.

Can someone please share their experience.

Cheers,

Murali

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-02-2013 1:20 PM
0 Kudos

As has been mentioned elsewhere in this thread, NetWeaver SSO 2.0 (now in ramp-up) supports SPNego Kerberos authentication from NWBC to the back-end ERP.

Show replies
Show replies
julieplummer20
Product and Topic Expert
Product and Topic Expert
‎10-22-2013 11:31 AM
0 Kudos

Hi everyone,

Nicholas is correct. See this blog for more details:

http://scn.sap.com/community/netweaver-business-client/blog/2013/06/07/authentication-and-single-sig...

Also the NW SSO SCN Space:

http://scn.sap.com/community/netweaver-sso

Answers (3)

Answers (3)

darren_martin
Explorer
‎06-10-2015 6:59 PM
0 Kudos

NetWeaver SSO 2.0 at $52 a license is the equivalent of stealing in my opinion.  SAP should be ashamed for charging for the ability to provide single sign on to it's applications. 

The client base needs to push back and make SAP give it away for free !

Show replies
Show replies
Former Member
‎06-10-2015 10:34 PM
0 Kudos

Great point.  Just to share, there are 3rd party products, of course.  One that is economical and that offers lots of additional benefits in the authentication space is from CyberSafe (https://products.cybersafe.com/).  I'm in the process of implementing that now and it's been a great experience.

Former Member
‎04-25-2013 10:48 PM
0 Kudos

Hi Murali,

I came across these guides the other day, they may help you out:

http://scn.sap.com/docs/DOC-40178

I agree it is a bit confusing - that blog from is from 2007, so may be a bit out of date. I think in it he refers to the scenario where the NWBC is connecting to a portal first and therefore uses the SPNEGO configuration on the portal (J2EE) to enable the SSO from the desktop. If you try to connect directly to your ABAP system first you can't do SSO unless you use the new feature in NW SSO 2.0 that enables SPNEGO on the ABAP stack (this is shown in the link above).

I admit I have been confused by this too!

Hth,
Simon

Show replies
Show replies
Murali_Shanmu
Active Contributor
‎04-26-2013 7:20 AM
0 Kudos

Thanks Simon.

I have seen those video's earlier. I believe it should be possible according to

But again customers would have to go through the pain of setting up NW SSO 2.0 and certificates.

Cheers

Murali.

guillaume-hrc
Active Contributor
‎05-02-2013 9:51 AM
0 Kudos

Hi,

Are we talking about NWBC for Desktop or NWBC for HTML ?

I have read some litterature about this and I think there is no SSO through Kerberos for NWBC for HTML for the moment.

Besides, the blog you are referring to applies to the NW SSO solution.

http://help.sap.com/nwsso10/

Check the comments of this blog:

http://scn.sap.com/people/andre.fischer/blog/2010/03/31/single-sign-on-technologies-supported-by-the...

Best regards,

Guillaume

Murali_Shanmu
Active Contributor
‎05-02-2013 11:05 AM
0 Kudos

Thanks. I am looking for an option for SSO between NWBC Desktop and ERP saystem.

Damean
Active Contributor
‎04-16-2013 7:57 PM
0 Kudos

Murali

   I am about as confused in this subject. When I first started exploring NWBC SSO; I read the following paragraph and jump to the conclusion that NWBC could support login to SAPGUI for Windows via SNC. I thought it's just a matter of tweaking the parameter (i.e. Logon description with SNC[LOGDESC][LOGDYN]). Regrettably, after many combination of failures, I give up on that subject. Hopefully somebody could help shed some light here.

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/6f/5b450ec1564316b2d95558678a484d/content.htm

I will be testing another method using SAP Logon tickets (procedure below) and SAML2. But I think the outline procedure should be quite similar.

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/d0/dc33c460a243929b7ec120f55af101/frameset.htm

HTH

Show replies
Show replies
Murali_Shanmu
Active Contributor
‎04-26-2013 7:22 AM
0 Kudos

Thanks Damean-BF, Please keep me posted with your finding. Cheers

Damean
Active Contributor
‎06-03-2013 9:13 PM
0 Kudos

Murali

   Just FYI ... Our NWBC Single Sign On using SAML2 is a success. We're in the process of rolling it out to our PRD system. After I get through with the rendering issues (Ref: OSSN# 1736212), rest of the process is actually pretty straightforward. Of course, it all depends on which software provider that is used in the backend.

Cheers

Damean

Murali_Shanmu
Active Contributor
‎06-03-2013 10:51 PM
0 Kudos

Good to know that you managed to achieve it via SAML2. Thanks for the update.

Ask a Question