I would suggest you configure a JAAS login module that supports Kerberos so that the AD password can be checked during login and also include the BasicPasswordLoginModule in the auth stack so support SAP password credential checking. I've seen this done by many customers who want to login using both AD and SAP credentials. The Java stack will communicate directly with AD domain controllers when authenticating the user.

Regards

Tim

Hi Kiran,

to achieve this requirement i would setup the Secure Login Server for LDAP authentication to each domain. The SLS issues a X.509 certificate containing the AD User ID or other custom AD attributes in the subject. You can make use of the Web Adapter / LSH in order to trigger this authentication process, during accessing your SAP Web Portal. Or simply setup the scenario to provide your users with an login certificate directly after logon to the PC. You can configure lifetime/inactivity timeout according to your needs, which allows you either Single Sign-On or multiple sign-on scenarios, depending on your security requirements. You configure the ClientCertLoginModule to map your certificate Subject e. g. CN with Logon ID (if you can ensure, your AD user IDs are similar to your SAP user IDs through all your domains) or Logon Alias, by maintaining the identifier in the ABAP user master.

Also there are other ways as always, does that help?

Cheers,
Carsten