on 08-27-2013 11:59 AM
Hi,
I want to configure SSO with SUP 2.1.3 (next months I will have SMP but now I would like to know with SUP, I don't know if there are any differences).
I know there are a lot of documents regarding on how to do this, but it's still not clear to me if they are talking about login only to SUP or if doing that you are able to call the SAP backend using the same credentials instead of a hardcoded user.
So my landscape has the following components:
- Mobile Devices
- SUP 2.1.1
- Active Directory were the users have they windows password (the only now they know)
- Enterprise Portal which is referencing to AD, so all the users present in AD are also in EP.
- Different SAP Backends (ECC, CRM…)
Now my question is, should my SUP security configuration be configured to use users from AD or from EP? I would like to use AD but then I'm not sure if AD can provide the tokens/tickets to log on to the backend system.
And then I would know the tasks to be performed in order to achieve this. I know I have to create the security configuration pointing to the user store and assign it to the domain and package, but what do I have to do in the AD/EP? Do I have to create a new group in AD and assign the mobile devices users to this group? Do I have to create certain roles in AD? And then assign these roles to the newly created group?
I'm sorry because last days I've been coming with so many questions. I think the documentation is good but to fully understand it you need some more knowledge than mine (in this case about LDAP, AD, EP and SSO…).
HI Marçal,
The LDAPLogin module which is currently available with SUP/SMP is does not provide the SSO token. So you have to use the HTTPLoginAuthenticationModule from SUP/SMP
Kind Regards,
Amey
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Following are the available security profiles we can use in SMP.
• No Security Provider
A NoSec provider offers pass-through security for Unwired Server, and is intended for use in development environments or for deployments that require no security control. Do not use this provider in production environments— either for administration, or device user authentication.
• LDAP Security Provider
(Not applicable to Online Data Proxy) The LDAP security provider includes authentication, attribution, and authorization providers. Add an LDAP provider to a security configuration to authenticate administrator logins (on the "admin' security configuration on the "default" domain) or device user logins (any custom security configuration for that purpose).
• NTProxy Security Provider
(Not applicable to Online Data Proxy) NTProxy — sometimes known as native Windows login — is an Unwired Server provider that integrates with existing Windows login security mechanisms. Add an LDAP provider to a security configuration to authenticate administrator logins (on the "admin" security configuration on the "default" domain) or device user logins (any custom security configuration for that purpose).
• SAP SSO Token Security Provider
The SAPSSOTokenLoginModule has been deprecated and will be removed in a future release. Use HttpAuthenticationLoginModule for SAP SSO2 token authentication.
• Certificate Security Provider
Use the Unwired Server CertificateAuthenticationLoginModule authentication provider to implement SSO with an SAP enterprise information system (EIS) with X.509 certificates.
• HTTP Authentication Security Provider
Use HttpAuthenticationLoginModule provider to use Basic authentication to enable automatic application registration. This provider is required when registration is set to automatic. It can also be used to enable SSO into SAP servers in place of the deprecated SAPSSOTokenLoginModule.
Ref:
You can use AD if it is available in your enterprise. You can create the users in AD same as SAP users and keep it as a login provider.
- Midhun VP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Midhun,
I already know the security profiles available. I just want to know the following:
Thanks.
Hi,
Please follow the below link to configure sso using x509 certificate
Regards,
lekhak Patil
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.