cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP SSO using existing PKI (Microsoft Certificate Server)

Go to solution
dan_pfingsten2
Participant

on ‎10-13-2014 5:30 PM

0 Kudos

Am looking to implement SAP SSO leveraging an existing PKI.  The PKI is a Microsoft Certificate Server.

SAP SSO would be used for SAP GUI for Windows, portal, NWBC.

According to the SSO install guide, it appears that the Secure Login Client is required but that the Secure Login Server is not required in this case of an existing MS Cert Server.  And the MS Cert Server could be used for x.509 certificates.

In looking through the install guide and blogs, I'm not seeing anything specific along these lines (install SSO w/MS Cert Server), would appreciate any direction towards existing document/blogs on how to do this.

Does anyone have any thoughts on this one?

thanks.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Chenyang
Contributor
‎10-13-2014 10:58 PM

Hi Dan,

Your understanding is correct. You do not need SSO server as long as you have certificates on both end user and ABAP server sides. The purpose of SSO server is only to help to convert the authentication result into a certificate.

Cheers

Chenyang Xiong

Show replies
Show replies
dan_pfingsten2
Participant
‎10-14-2014 2:59 PM
0 Kudos

Thanks for the confirmation at a high level.

But what I'm looking for and haven't seen, is any guide/blog documentation around this.  I've seen the blog about SSO with Kerberos Integration, and SSO with certs out of the box using Secure Login Server.

Maybe a document exists but if so I have not seen it. But is there a guide/blog for implementing the scenario of Secure Login Client with an external PKI like MS Cert Server?

Chenyang
Contributor
‎10-14-2014 9:43 PM
0 Kudos

Hi Dan,

The configuration for X.509 certificate based SSO between SAP GUI and SAP ABAP is fairly straight forward. Once SSO client installed, you can find your certificate from the SSO client UI directly. The rest steps are exactly the same as a scenario with a SSO server.

You can follow this implementation guide below.

http://scn.sap.com/docs/DOC-40145

Cheers,

Chenyang

dan_pfingsten2
Participant
‎10-15-2014 8:17 PM
0 Kudos

Thanks much.  Will give this a try.

Former Member
‎06-28-2016 8:06 AM
0 Kudos

Hi Dan,

do you find a step-by-step documentation or a solution if you use a MS PKI instead of the SAP SSO Login Server?

Thanks in advance.

Cheers,

Mike

former_member200373
Participant
‎06-28-2016 8:25 AM
0 Kudos

Hi Mike,

what exactly are you looking for?

Using existing MS PKI / ADCS user certificates is quite easy. You just use them. You can also get your SNC or TLS servers certified by ADCS, using PKCS#10/7 certificate signing request and response files.

Or are you asking for a guide how to roll-out user certificates using ADCS? This should rather be a blog or guide of Microsoft.

Another alternative is planned for a new version of SAP SSO Secure Login Server: Remote CA integration support.

-- Stephan

Former Member
‎06-28-2016 8:45 AM
0 Kudos

Hi Stephan,

we already setup a MS PKI and the roll-out of user certificates works. We want to enable X.509 certificates for ABAP and JAVA servers for client and server-to-server communication. We just need to know what steps are necessary on ABAP/JAVA and the important one what kind of certificate needs to be created on the MS PKI.

Thanks in advance.

Mike

dan_pfingsten2
Participant
‎06-28-2016 5:18 PM
0 Kudos

No, a step-by-step guide or any other detailed document was never found for using a MS PKI along with the SAP SSO Solution.  Would be interested in any findings as there is still interest here in considering that type of implementation.

Answers (0)

Ask a Question