cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Netweaver SSO 2.0 support for SLES 12

Go to solution
former_member182307
Contributor

on ‎06-15-2016 10:47 AM

0 Kudos

Hello,

I need some clarification about the OS support / release startegy for SAP netweaver SSO 2.0 related to Suse Linux 12.

If I look at the PAM, there is no full support of SAP NWSSO 2.0 for SLES12.

What I mean is :

The secure login server can be installed on a SAP JAVA AS based on netweaver 7.4 for example ( which is supported on SUSE 12 ) .

But when it comes to using the Secure login library, this part is not supported on SLES12.

The problem is that our customer would like to use the SAP NW SSO2.0 product in order to achieve SSO based on kerberos for all of its SAP landscape which is based on Netweaver 7.4 AS running on SLES12.

The only way I could think of this is : wether perform some move to SLES11 of its application servers, or try and find another product from a third party that would do the same and provide full support for SLES12.

That said, i'm wondering if SAP plans to provide a new version of this secure login library able to run on SLES12 ?

Does anyone knows if SAP will provide any support for this Secure Login Library for SLES12 anytime soon ?

Thanks and best regards,

Steve.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member200373
Participant
‎06-15-2016 11:32 AM
0 Kudos

Hi Steve,

as far as I got your use case, you do not require a platform Secure Login Library (recommended: CommonCryptoLib) on your AS Java system. It is only required for:

- ICM (where CommonCryptoLib is already part of)

- SNC protected RFC Destinations

- HSM based Secure Login Server User CAs

Kerberos based SSO or SPNEGO in AS JAVA is coming out of the box, meaning it uses standard JCE APIs only. This includes SPNEGO client authentication profiles of SLS.

However, SLES12 is also supported by SLS as well as CCL. We always support the latest platforms of AS ABAP and JAVA. It´s just missing in the PAM.

-- Stephan

Show replies
Show replies
former_member182307
Contributor
‎06-15-2016 5:02 PM
0 Kudos

Hi Stephan,

Thanks for your reply.

The thing is that the full perimeter of the SSO for this customer is being defined.

Still the initial requirement / idea was to use one solution ( wether from SAP or any other provider ) to suit all these use cases.

That's why they needed us to have this Secure Login Server installed.

Now, as the perimeter extends to SSO for the ABAP AS, we thought we would be able to provided this based on the Secure login Library, which seems to be the product to use.

But we hit the point where it seems like, using the SAP Secure Login Library to provide SSO on the AS ABAP is not supported when the ABAP AS is running on SUSE 12.

We have opened a ticket to the SAP support and they told us that this use case was not in the PAM so ... not supported.

Here is the message exchanges we had with the support : 



We are installing NetWeaver SSO 2.0 Secure Login Libraries on our SAP ABAP Servers which are patched to:


SUSE Linux Enterprise Server 12 (x86_64)


VERSION = 12


PATCHLEVEL = 1


and after checking PAM it appears that our OS is not supported by SAP. Please see link below, do you intend to offer support for this product on SUSE 12 in the future ?


https://apps.support.sap.com/sap/support/pam?hash=s%3DSAP%2520SINGLE%2520SIGN-ON%25202.0%26o%3Dmost_...





Dear Customer,




My name is XXXXX and I am taking over your incident by now.




As you can see in the PAM, the only supported SUSE releases are the


following:


LINUX SUSE SLES11/X86_64 64BIT


LINUX SUSE SLES10/X86_64 64BIT


LINUX SUSE SLES9/X86_64 64BIT




Currently there is no information regarding the support for the SUSE


Linux Enterprise Server 12.




Best Regards,


XXXXXXXXX


SAP Product Support



OK thanks for your reply. Yes I can see that there’s no information regarding the support of SLES12. Please can you give an indication into when SLES12 will be supported? we are installing a new landscape with a wide range of SAP products which are running on SLES12. Looking at PAM we cannot see an upgrade path for Netweaver SSO 2.0 and the product appears to be at the end of mainstream maintenance on 31.12.2019. Does SAP intend to discontinue this product or will there be an alternative that does support SLES12?



Dear Customer,




Currently there is no information regarding the support for the SUSE


Linux Enterprise Server 12.




The PAM will be updated if this OS version starts to be supported by the


library.




The SAP Single Sign-On product will not be discontinued, there will be


new versions of the product, this date is only for the 2.0 version.




Best Regards,


XXXXXXXXX


SAP Product Support

So this makes me say that SAP NW SSO 2.0 can not be used to provide SSO based on Windows AD to SAP systems running ( here ABAP ) running on top of SUSE SLES 12.

Where can I find the official information on the fact the SLES 12 is supported and that the PAM is just not updated ?

Thanks and Best regards,

Steve.

former_member200373
Participant
‎06-16-2016 8:03 AM
0 Kudos

Steve,

as I said, SUSE12 was just missing in the PAM. Have a look at it now, we´ve fixed it.

But, just to make sure you got the point, we strongly recommend to use the CommonCryptoLib which comes with the ABAP Kernel instead of a stand-alone Secure Login Library. For other security features than SNC it is mandatory anyways.

-- Stephan

former_member182307
Contributor
‎06-16-2016 8:57 AM
0 Kudos

Hi Stephan,

Thanks a lot for the update of the PAM and also the information about the Common Crypto Lib.

Really helpful !

Thanks and best regards,

Steve.

Answers (0)

Ask a Question