on 02-19-2015 4:24 PM
Hello,
I do have a basic question about selecting the "best" strategy for implementing Single Sign On at least for our SAP systems (ABAP & JAVA) or at least to understand the difference, benefits and limitations.
I have gone thru a lot of documents and also the short videos here in the community about "SAP (Netweaver) Single Sign On 2.0" and do like this approach.
Our SAP Account Executive - who also recommended this forum to get useful information - told me that "SAP Single Sign On 2.0" would require additional licenses while the classic/included SSO does not.
I know from other customers that SSO with SPNEGO works "out of the box" for JAVA systems without additional licenses.
I'm just wondering where the difference or limitations are and which part causes the additional licenses.
Requirements from our side is that this SSO solution should cover ABAP and JAVA systems (no 3rd party systems required, just optional) and must work with GUI and web.
Thanks, for your help,
Michael
The most common and easiest way (especially if your users logon to their workstations using Active Directory credentials) is to use SNC for SAP GUI users who logon to ABAP systems, and SPNEGO for web based access to ABAP and JAVA systems. As you mentioned, the SPNEGO JAVA functionality is free, but other logon methods would require a product to be licensed, either using the SAP SSO product or a SAP SSO product from a SAP partner.
Thanks
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Tim,
thanks for the answer.
So, if I understand this correctly
As we want to use SSO for SAP Business Suite apps only (no cloud, no non-SAP)
- using Kerberos
- for all SAP apps (ABAP & JAVA)
- no additional servers
- Encryption
and using our AD credentials
we can use SNC for GUI and SPNEGO for web based apps.
These would not require additional licences, correct?
I assume that the Secure Login Server for SAP Single Sign On 2.0 (for also non-SAP apps) is the part that will require extra licenses. As we don't need this we should be good to start.
Please let me know if I'm still on the right way 😉
Thanks,
Michael
Michael,
Your summary is correct apart from the last part when you mention licensing. As I mentioned, the only part which is free is SPNEGO JAVA. For SPNEGO on ABAP and SNC for SAP GUI SSO with Kerberos, you need a license for an SSO product, either the SAP product or a SAP SSO product from an SAP partner.
Thanks
TIm
Hello Michael,
As mentioned by Tim, for User based SSO with X.509 or Kerberos, like SNC for SAP GUI or RFC clients you need to pay license for an SSO product.
Please, find for more details the note that explains the license requirement for the CommonCryptoLib (SAP Single Sign-On product): 1848999 - Central Note for CommonCryptoLib 8 (replacing SAPCRYPTOLIB)
Regards,
Donka Dimitrova
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.