cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Fiori Portal Single Sign on with windows Active Directory

Former Member

on ‎03-09-2016 8:43 AM

0 Kudos

Hi Dear,

we are going to configure SSO on SAP Fiori with windows Actvie Directory Server here is my setup

  • SAP NW Gateway : Suse Linux
  • SAP ECC : Suse Linux
  • Active Directory : windows 2012 server


My question is

  1. am i need to purchase any additional plugin for GW and ECC server to enable sso or it is available i default system
  2. Is there any step by tep guide or document available please share link
  3. i have another issue as our active directory user name is greater then 12 character , can it cause our SSO configuration or SSO allow more then 12 character to login fiori portal    

Please share your experience

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

donka_dimitrova
Contributor
‎03-09-2016 8:58 AM
0 Kudos

Hello Rizwan,

You can implement SSO based on Kerberos/SPNEGO for SAP Fiori using the SAP Single Sign-On product (license required).

Regards,

Donka Dimitrova

Show replies
Show replies
Former Member
‎03-09-2016 9:27 AM
0 Kudos

Hi Donka,

Thanks for your reply we have license of ECC and Fiori am i need separate license for SSO products if yest then do you estimate budget for this license ? and please share any docs ?

Thanks

donka_dimitrova
Contributor
‎03-09-2016 9:33 AM
0 Kudos

Hello Rizwan,

The license of the SAP Single Sign-on is separate and you have to discuss the license cost with the SAP sales representative responsible for your company or the SAP office in your region.

See here the implementation guide:

http://help.sap.com/download/sapsso/secure_login_impl_guide_en.pdf

Regards,

Donka Dimitrova

Former Member
‎03-09-2016 9:46 AM
0 Kudos

Hi Donka,

Thanks and sorry for my inquiry about sso licences budget. can you please let confirm my third point regarding user name length for fiori portal as if you know about it  ?

donka_dimitrova
Contributor
‎03-09-2016 10:04 AM
0 Kudos

Hello Rizwan,

There is a recommendation to not use SNC names longer than 80 characters.

See a sample SNC name: p:CN=MICROSOFTUSER@DEMO.LOCAL

Regards,

Donka Dimitrova

Former Member
‎05-16-2016 11:31 AM
0 Kudos

HI Donka,

Sorry for late reply as i was on leave. thanks for your detail. Can yo please recommend what we will use for our landscape

  • SAP NW Gateway : Suse Linux
  • SAP ECC : Suse Linux
  • Active Directory : windows 2012 server

and what i need to do is as below

First : Purchase license of SSO

Second :  Setup Secure login server

Third : Install SAML/Kerborose / X509 add on on SAP GW server

am i right or anything any need please guide me and share and cookbook / guide for step by step 

Thanks regards 

Rizwan

donka_dimitrova
Contributor
‎05-16-2016 12:11 PM
0 Kudos

Hello Rizwan,

Once you get the SAP Single Sign-On license you can choose between different SSO scenarios: SAML / X.509 / Kerberos/SPNEGO. The Secure Login Server will be necessary only if you decide to use the X.509 client certificates. If you decide to go for SAML, you have to use the SAML Identity Provider. When you choose SAML, you will be able to benefit also from the Mobile SSO solution we offer with the SAP Single Sign-On that is also available for SAP Fiori Client, the native mobile app for Fiori.

Here are the guides but you have to decide firt which technology you want to use for SSO:

Enabling the SAML Identity Provider - Identity Provider for SAP Single Sign-On and SAP Identity Mana...

Mobile Single Sign-On for SAP Fiori - Step-by-Step Guide

http://help.sap.com/download/sapsso/secure_login_impl_guide_en.pdf 

Regards,

Donka Dimitrova

Former Member
‎05-16-2016 12:25 PM
0 Kudos

Hi Donka,

Thanks for your quick reply , one more thing can you please what is major reasons for choosing SSO methods. I means on what reason i'll choose method eithor for cost saving or feature benefits.

Please advise us solution which is cost effective and fulfill modern days requirement for SAP Fiori.

for example what is difference between SAML and Kerberose / Spengo

Again thanks and sorry for basic questions

Thanks,

Rizwan

donka_dimitrova
Contributor
‎05-16-2016 12:49 PM
0 Kudos

Hello Rizwan,

All these 3 solutions are coming with one and the same license. The difference is that with Kerberos SSO for example, you will not be able to offer secure authentication from outside corporate network because the Kerberos technology is valid only for the intranet, you will not be able also to apply strong authentication like two-factor authentication or risk-based authentication, you will not be able to use our Mobile SSO, and other. With SAML you will be able to achieve Mobile SSO and all the other capabilities.

If you want we can organize a presentation of the SAP Single Sign-On product and we will be able to explain these three supported scenarios for you and your team. If you are interested just send me a message on donka.dimitrova at sap.com.

Regards,

Donka Dimitrova

Ask a Question