07-12-2007 10:31 PM
Hi Gurus,
Here I got requirement, from client as details given below to settup single sign with Active directory with following details. How to settup single sign on with the follwing detail. Want to know how the authentication works in EP from AD
strDN:"LDAP://dir.svc.sigpol.com/CN="& strUserName &",ou=People.dc,dc=svc,dc=sigpol,dc.com"
Set objNamespace = GetObject("LDAP:")
Set objUser=objNames.OpenDSObject(strDn, strUserName & "@sigpol.com",strPass, 0)
Would anybody explain me what is this and how it is going help me in setting Active Directry Single sign. So please with step by step explain me and provide step by step procedure
Thanks
Happy
07-12-2007 11:07 PM
Regarding your first question - "how the authentication works in EP from AD" :
Normally when SAP customers want to use Active Directory authentication with EP, and implement Single SignOn at the same time, they use the fact that the user has already authenticated on the workstation when they logged onto the Windows domain. When the user logs onto the domain account at the workstation, Windows has cached Kerberos credentials for the user. You can use these cached credentials to authenticate the user to the SAP applications, such as EP via a browser. This is done using a Java login module installed on EP server(s). You can either use the SAP SPNEGO login module, or the CyberSafe TrustBroker Adapter product (<a href="http://www.cybersafe.com/links/adapter.htm">see this link</a>) to do this. If you would like to understand the differences more, please let me know.
For your second question - "explain me what is this and how it is going help me ..." :
The info you have provided is not 100% clear to me, but it looks like some sort of LDAP configuration. The LDAP protocol is supported by Active Directory, and might be used to implement "common authentication" with EP, but it will not give you the same Single SignOn solution as mentioned above.
If you can provide more details on what you are trying to achieve, and any questions you may have on the above I will be happy to help.
Thanks,
Tim
07-13-2007 12:38 AM
Hi Guru,
Let consider any situation as mentioned in coded below
"The info you have provided is not 100% clear to me, but it looks like some sort of LDAP configuration. The LDAP protocol is supported by Active Directory, and might be used to implement "common authentication" with EP, but it will not give you the same Single SignOn solution as mentioned above."
Would you send me detail step to configure SSO between EP and AD as you mentioned in you answer
thanks
happy
07-13-2007 1:56 PM
> Would you send me detail step to configure SSO
> between EP and AD as you mentioned in you answer
>
Happy,
As I mentioned in my answer, to use AD authentication with EP you can use SPNEGO or the CyberSafe product known as TrustBroker Adapter, or you can use LDAP - the LDAP method will nto give you SSO in the same way as the other solutions I have mentioned, and will not be as secure as the other solutions. If you need help with LDAP only, then you have have already had the info you need from the other 2 posts you opened on SDN at the same time as this one. If not, I suggest you search for LDAP and EP on http://help.sap.com and you will find the instructions you need.
Thanks,
Tim
07-13-2007 10:30 PM
Hi Tim,
Let me know your phone number I will call you and explain you whole situation
Thanks
happy