cancel
Showing results for 
Search instead for 
Did you mean: 

Single sign on for ERP and Java stack

Former Member
0 Kudos

Hi All,

We have a ERP 6.0 ehp6 and NW Java 7.3 systems.

Requirement is to show SSO capabilities of ERP and NW Java individually. (please note that this is Not about SSO between ERP and NW Java)

We want to configure SNC for ERP so that users can directly login using SSO and similarly SSL for NW java.

We don't want to integrate with Windows AD or use any LDAP.

Please let me know how can this be achieved. And most importantly does certificates we create in Strust in abap and keystore in java sufficient to achieve this.

Thank you.

Accepted Solutions (1)

Accepted Solutions (1)

yakcinar
Active Contributor
0 Kudos

Hello Siva,

AD or LDAP user is prerequisite for SSO. Wiithout using aa user from and LDAP you cannot configure SSO.

Step 1: Prerequisites - User Authentication and Single Sign-On - SAP Library

Prerequisites

●  Create and configure on the Active Directory Servers (ADS), which act as a Kerberos Domain Controllers (KDC),  a service user for the AS Java.

○  The password of the user must never expire.

○  The user must be enabled to use DES encryption.

●  On the ADS for each Kerberos Realm, register with the ADS service user a Service Principal Name (SPN) for every DNS name that can be used to access the AS Java with Kerberos authentication.


●  Prepare the UME configuration file for Kerberos authentication. The UME configuration file must contain attribute mapping for resolving the user id of the authenticated user principal name in the Kerberos Realm. You can add new mappings or use a pre-configured UME configuration file. For more information, see Configuring the UME.


Regards,

Yuksel AKCINAR

Former Member
0 Kudos

Thank you Yuksel.

As per advise I am concluding that we need to configure SNC for ERP and SSL for NW JAVA using Kerberos certificates and they Must be mapped with Windows AD.

Please let me know how do we acquire certificates required for SNC and SSL ?

Regards.

Answers (1)

Answers (1)

donka_dimitrova
Contributor
0 Kudos

Dear Siva,

You can implement single sign-on based on X.509 client certificates for AS ABAP (SNC) and for AS JAVA (SSL) using the Secure Login Server of our SAP Single Sign-On product (license required).

See here chapter 1.1.3.2 Workflow with X.509 Certificate Request Using Secure Login Server:

http://help.sap.com/download/sapsso/secure_login_impl_guide_en.pdf 

Regards,

Donka Dimitrova