on 04-03-2016 12:04 PM
Hi Friend
Need youradvise
We have 2 different domains without trust between the domain
SAP system is inDoaminA
Usersisin Domain B.
And we want to configure SSO for the users in domain B to the SAP system in domain A
Please help me what is the best way to configure the SSO.
And if you have documentation
Regards
Naor
Hello Naor,
You can achieve SSO for SAP systems using the SAP Single Sign-On product (license required).
If you want to implement SSO for scenarios that include SAP GUI for Windows, SAP Business Client for Windows etc. You can choose between Kerberos SSO and X.509 Client Certificates SSO.
More details you will be able to find here in the implementation guide:
http://help.sap.com/download/sapsso/secure_login_impl_guide_en.pdf
Here you will be able to find also some other content specially about the Kerberos SSO scenario:
Kerberos/SPNEGO for SAP AS ABAP in a Multi Domain Environment.
If you want to implement SSO for scenarios that include web application, you can benefit also from implementing the SAML based SSO or to implement Kerberos SSO or X.509 Client Certificates:
See the details here:
Identity Provider for SAP Single Sign-On and SAP Identity Management - SAP Library
Regards,
Donka Dimitrova
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Donka,
Thanks for your help.
But the different domains is the main issue here, do you know what is the best way to do it ?
What about that:
https://wiki.scn.sap.com/wiki/display/Basis/How+to+setup+SNC+connection+between+SAProuters
Regards
Naor
Hello Naor,
When you implement Kerberos based SSO scenario using the SAP Single Sign-On product, SAP backend system needs to trust the AD. There is no requirement for the SAP backend system to be in the same domain. You just have to make sure that the service user is created properly in the MS AD where the users are because they have to be able to find their service.
Regards,
Donka Dimitrova
HI
So the trust between the domain is not must for the SSO.
I can used SapRouter for this ?
How to setup SNC connection between SAProuters - Basis Corner - SCN Wiki
Thanks
Naor
Hello Naor,
SAProuter is a software application that provides a remote connection between the customer's network and SAP. This remote connection enables
You can use SAProuter,
There is no need for an SAProuter to implement SSO for your corporate scenarios. If you know a specific requirement from your side that explicitly requires SAProuter, Please, clarify.
Regards,
Donka Dimitrova
Hi Donka
Thanks for your help, we will check the SAP Single Sign-On product.
Can you help me with administration guide or Step by step for the SSO configuration ? (all the guide I find
is with spnego with java system and I dont want to use java system only solution with Abap system)
My system i
s EHP6 FOR SAP ERP 6.0
SAP_BASIS - 731 SP09
Sothe NCWIZARD T-code does not exist.
It's different domain and we need SSO to the Abap system.
Regards
Naor
Hello Naor,
Once you get license for the SAP Single Sign-On product, you will be able to implement Kerberos SSO for your SAP systems.
See here some helpful materials (mentioned also in my fist post):
scenario:
Kerberos/SPNEGO for SAP AS ABAP in a Multi Domain Environment.
Regards,
Donka Dimitrova
Dear Donka
Ialready checkmaterials but still I have a missing information.
Forexample thisvideo - SAP Single Sign-On: Kerberos-based single sign-on to Application Server ABAP - YouTube
Idontunderstand where is the part of the Single Sign-On product, because I have there just SAP parameter and SNC configuration (SNCWizard) and AD configuration.
Also for this Kerberos/SPNEGO for SAP AS ABAP in a Multi Domain Environment.
AD configuration and Keytab from SPnago
Did I missingsomthing?
Can you give me more information, I try to find SAP Note but still Ihave missinginformation
I want to thanks you for your help.
Regards
Naor
User | Count |
---|---|
81 | |
25 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.