on 08-20-2014 7:24 PM
Is there a licensing involved when using NTLM SSO specifically documented in this URL Single Sign-On with Microsoft NT LAN Manager SSP - User Authentication and Single Sign-On - SAP Lib...?
Is there documentation anywhere referencing licensing or no licensing using this SSO method?
If there is licensing involved, are there any free SSO licensing schemes available for SAPGUI?
Thanks
Regards,
Mel Calucin
Donka,
Thanks for your concern. In an all Microsoft Windows SAP environment, I don't think this is much of a concern. But my question is -- "Is there a monetary cost in terms of SAP licensing? Basically, is it free?".
Thanks.
Mel Calucin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Mel,
I hope you noticed the note in the documentation: "The Microsoft NTLM SSP only provides authentication based on a challenge-response authentication scheme. It does not provide data integrity or data confidentiality protection for the authenticated network connection."
If your company could afford to focus only on SSO and not to care about integrity and confidentiality of the business data, then it will be ok - this solution doesn't require licence but you have to make sure you implement mitigation for this risk.
On the other side we strongly recommend to our customers to protect their business data and to use the SNC Client encryption in combination with SSO for SAP GUI that is available via our SAP Single Sign-On product because the risk is not always coming from outside the corporate network. There are a lot of researches that show the security risks available also internally.
I hope this will help you in your research for an SSO solution to SAP GUI for your project.
Best regards,
Donka Dimitrova
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Donka,
Thanks for the quick reply.
OK. How about Single Sign-On with Microsoft Kerberos SSP - User Authentication and Single Sign-On - SAP Library? Is this free? It looks like it takes care of the network encryption:
"The Microsoft Kerberos Security Service Provider (SSP) provides secure authentication plus encryption of the network communication. In contrast, SSO with Microsoft NTLM SSP, as described in the next section, does not provide encryption of the network communication."
Thanks.
Mel Calucin
Hello Mel,
This scenario relies mostly on 3rd party components not controlled by SAP. As a result, SAP's support is strictly limited to SAP's side of the code which calls external products according to the definition of the GSS-API v2 interface specification (rfc-2743, rfc-2744) with the constraints published as part of SAP's BC-SNC interoperability certification. More details you will be able to find in the SAP note: http://service.sap.com/sap/support/notes/150380 .
And again we strongly recommend for your scenario the solution we offer with SAP Single Sign-On product.
Best regards,
Donka Dimitrova
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.