Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User authentication using Microsoft AD with SapGui - ECC server with Suse Linux

Former Member

‎01-20-2014 5:21 PM

0 Kudos

Hello everybody,

There is a documentation or a guide about the configuration of SapGui authentication using MS AD instead of using standard user repository?

I have found some documentations, but all them are about a ECC server system in Microsoft Windows. Is it possible make the configuration without use a third party software?

Thanks in advance,

Renato Lima.

13 REPLIES 13

Former Member

‎01-20-2014 6:21 PM

0 Kudos

Hi Renato

sorry to be a pain but, sapgui is the presentation server of a ecc server and ad is microsoft's directory server, what's the third party sw?

Let me know

cheers

a

tim_alsop
Active Contributor
In response to Former Member

‎01-20-2014 6:37 PM

0 Kudos

Andrea,

He is looking for an SSO solution that uses AD as an authentication server (via. SNC interfaces). There are many of these available, either from SAP or from SAP partners. Looks like he wants one for free since he said he doesn't want to buy third party s/w.

Renato,

If you don't want to spend money on a product, you can build your own using open source Kerberos libraries. Other SAP customers have done this. I personally wouldn't recommend it, but you can if you wish.

Thanks,

Tim

Former Member
In response to Former Member

‎01-20-2014 7:51 PM

0 Kudos

HI Both

apologies for my silly question

It appears i have to book again the adm100

later

a

Former Member

‎01-21-2014 8:01 AM

0 Kudos

Hi,

Just some additional info to what Tim already said above.

There is actually a whitepaper from realtech available on this topic.

However keep please keep in mind, this is not officially supported and if using the native libs from the linux distributions, you may run into trouble, as they are sometimes not complete or do not work.

Kind regards,

Patrick

tim_alsop
Active Contributor
In response to Former Member

‎01-21-2014 8:06 AM

0 Kudos

Also, it is worth mentioning that the cost of the software might be ZERO, but if it is not supported and it stops working, there is a cost of downtime and user productivity on your critical SAP systems, since users won't be able to logon if it stops working. This is why customers generally prefer to buy products that are SAP certified and supported.

Former Member
In response to Former Member

‎01-21-2014 8:16 AM

0 Kudos

Or they buy SAP NetWeaver SSO 2.0 😉

tim_alsop
Active Contributor
In response to Former Member

‎01-21-2014 8:20 AM

0 Kudos

Yes, SAP NW SSO 2.0 product is SAP certified and supported. There are other products from SAP partners that are also SAP certified and supported. The details described in the Realtech doc would mean that the implementation is NOT SAP certified and NOT supported.

Former Member
In response to Former Member

‎01-21-2014 8:58 AM

0 Kudos

Hi Tim,

with regards to the realtech doc, this is why I mentioned the lack of support.

BTW: SAP NW SSO 2.0 isn't certified, as it is not a partner product but an SAP product. SAP only certifies partner products, that's why I added it to your list.

Former Member
In response to Former Member

‎01-21-2014 9:25 AM

0 Kudos

OMG SAP that mention realtech?!? I thought it was banned!

Former Member
In response to Former Member

‎01-21-2014 10:03 AM

0 Kudos

Regardless of the costs and support, it is highly recommendable to have a tested failover plan in case the SSO goes down in real life, such as a password reset self-service which can be redirected to or mailed as info.

This takes the immediate risk out of any alternate authentication mechanism, in the unlikely event of loss of cabin pressure...  🙂

Cheers,

Julius

Former Member
In response to Former Member

‎01-21-2014 10:49 AM

0 Kudos

And how exactly would you set this up? I have skimmed the SAP SSO documentation but didn't see it (I wasn't reading it carefully, though). Any ad-hoc ideas?

Former Member
In response to Former Member

‎01-21-2014 11:21 AM

0 Kudos

Hello Mylene,

Nice to hear from you again!

There is no password self-service within SAP SSO. It is something separate and independent of whatever SSO solution is deployed.

What I meant is that it generally makes a lot of sense for a plan B such as a redirect to automatically drop from the overhead area to that you can carry on working if needed. This means that the risk of cost and support delays for failure in any SSO is less.

Cheers,

Julius

Former Member
In response to Former Member

‎01-21-2014 11:38 AM

0 Kudos

Hello Julius,

nice to see you, too (also, beautiful floppy ears).

I concurr, this seems a most sensible arrangement, if you want to avoid being crucified by wandering mobs of users unable to login.

I was just speculating whether SAP SSO 2.0 delivered something like a password self-service - I know you have it as a part of IdM (the expense!) or some more or less dignified 3rd party companies (who have terrible problems handling such a self-service on both: SAPGui accessed systems and BEX and portals ...).

I will now stop derailing this thread. Sorry, Renato.