on 05-10-2014 3:41 PM
Hello Everyone:
We have requirement to implement SSO for one of our customer, I was able to implement SSO with Kerberos mechanism for regular SAP users with the help of very good documents in this blog. I had couple more requirements as part of same project to implement SSO on Kiosk(Shared systems) with below requirement. Can you please advise on how to implement this?
For first step , As there will be no secure login client available on Kiosk machines Shared users will be forced to login with password login but how can the same authentication be used for portal login with out login prompt second time and vice versa.
Is SAP LOGON Ticket implementation between ECC and Portal works for below requirement? I am wondering if this works for requirement 1 ?
Requirement 1 :
User is logged into a kiosk (shared) machine using the Generic ID (domain system user id). User clicks on SAP log on pad on the Kiosk (shared) machine and is prompted to log in using his network ID. User types in his network user ID (i.e.test1) and log into SAP ECC system.User types a URL in the browser (IE 9/10) to access SAP ortal should be able to login without login prompt again.
Requirement 2:
User is logged into a kiosk (shared) machine using the Generic ID (domain system user id).User types a URL in the browser (IE 9/10) to access SAP Portal and is prompted to log in using his network ID. User types in his network user ID (i.e.test1) and log into SAP Portal. User clicks on SAP log on pad on the Kiosk (shared) machine with out login prompt again
Thanks in advance!!!
Dear Everyone:
Any suggestions please?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have helped many companies with kiosk workstation user logon when using Active Directory credentials. However, the requirements are not same as yours. Most companies in my experience want the ECC logon to prompt for Active Directory credentials, and for browser based logon to also prompt for Active Directory credentials. Then, the user only has to remember their domain credentials and doesn't need any SAP password to remember.
However, in your description of customer requirements, you are expecting the ECC logon to allow the user to logon using a web browser without being prompted again, and also allowing browser logon to allow ECC logon without prompting again. This makes your requirements different and more challenging to achieve.
Hi Tim:
Thanks for sharing your experience. I think I need to elaborate my requirement more as my requirement is same as well you described.
In my case as well user is prompted for AD credentials only but not SAP user master credentials in both the cases(LDAP and SAP user master were in synchronized). Its just he/she need to punch in credentials manually for both ECC and portal.
1) User login to Kiosk using shared credentials
2) When user punch AD credentials on logon pad of ECC , He/she should not be asked again credentials for Portal
3) When user punch AD credentials first time for portal system, he/she should not be asked again credentials for ECC system.
Can you please advise on how this can be done?
Thanks a lot .
Ravi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.