Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO for SAPGUI with multiple domains

Go to solution
Former Member

‎05-29-2007 2:15 PM

0 Kudos

Hello,

We`re trying to configure SSO for SAPGUI(Windows) via Kerberos. Our infrastructure consists of two domains with a bilateral trust between them. After several tests we concluded that the SAP-system is only looking in his own domain for authentication of the user and not in the other domain. Examples:

1. When we logon with a user in same domain as the SAP-system. SSO is working.

2. When we logon with a user from the other domain to the domain of the SAP-system. SSO is not working.

The ADS(Windows 2003 domain) is not in the same domain as the SAP-systems and we`re using SAPGUI 710. The server that we`re using for our test is a Windows 2000 server in a Windows 2003 domain.

Any ideas?

Kind Regards,

Michael Plein

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎05-29-2007 3:21 PM

0 Kudos

Hi,

You should have the same version of domain controller.

Ex:

You can't have the following infrastructure .

SAP systems are in windows 2003 domain ...

User are logged on to windows 2000 domain ....

Regards

Ben

5 REPLIES 5

Go to solution
Former Member

‎05-29-2007 3:21 PM

0 Kudos

Hi,

You should have the same version of domain controller.

Ex:

You can't have the following infrastructure .

SAP systems are in windows 2003 domain ...

User are logged on to windows 2000 domain ....

Regards

Ben

Go to solution
Former Member
In response to Former Member

‎05-29-2007 3:31 PM

0 Kudos

Hey Ben,

Thank you for your reaction.

There`s a slight difference in your answer and the situation we have i think.

Both the domains are 2003 but the the SAP-server is running on Windows 2000 Server. Does this give any problems?

Regards,

Michael

Go to solution
Former Member
In response to Former Member

‎05-29-2007 3:46 PM

0 Kudos

Hi,

Yes, you will have problem.

Regards

Ben

Go to solution
Former Member
In response to Former Member

‎05-29-2007 3:48 PM

0 Kudos

Hi,

You can use NTLM, but it is not so secure than Kerberos.

Regards

Ben

Go to solution
tim_alsop
Active Contributor

‎05-29-2007 3:30 PM

0 Kudos

Michael,

If you would like a solution to this problem, where the Windows server(s) running SAP are joined to a different domain, or even not joined to a domain - the company I represent (CyberSafe Limited) has a product which will meet your needs. We provide SAP SNC certified GSS-API libraries, which we sell to customers running SAP on UNIX or Linux, and we also have same libraries for Windows. SAP customers typically use our product on Windows servers when they have a mixture of Windows and UNIX servers in their landscape and are looking for a solution from one vendor for both platforms, or if they have a domain trust problem like you have.

I can arrange a free evaluation of our product, and provide you with price details if you contact me offline. This has to be offline because discussing vendor specifics like this should not be on SDN.

Thanks,

Tim