Ok thank you,

now I start to perform SSO for R/3 system.

I install SAPSSO.msi in the server.

I copy the gx64krb5.dll in C:\WINDOWS\system32\ and I have put in RZ10 this parameters:

snc/permit_insecure_comm 1

snc/permit_insecure_start 1

snc/accept_insecure_rfc 1

snc/accept_insecure_gui 1

snc/accept_insecure_cpic 1

snc/enable 1

snc/gssapi_lib C:\WINDOWS\system32\gx64krb5.dll

snc/identity/as p:SAPServiceSVI@xxxxx

I do stop and strat but when I run SU01 transaction I don't find the SNC tab, can someone help me?

Thanks

The solution is to use SNC library for SAP GUI logon to R/3 and SPNEGO for Web access to EP. The AD account name and the SAP user name can be different in both cases, and you can use mapping to map the external (e.g. AD) authenticated user id onto a SAP user id.

We are using SNC library for SAP GUI logon to R/3 and SPNEGO for Web access to EP. What works for us currently is:

SSO from Windows logon to Portal using SPNego (LDAP as our datasource with AD)

However once we are inside the portal, the SSO to R/3 using SNC is not working. I have my Portal user mapped to my R/3 user as they are different usernames.

But, if i launch SAP GUI on its own i can SSO into R/3 no problem.

So, i have 3 queries here!

1) Why am i not able to SSO into R/3 once i have SSO into Portal?

2) Is there any way around the high maintenance of the user mapping?

3) I have read on SAP Help about "Using an LDAP Directory Attribute as the ABAP User ID" but this will still require user / administrator to maintain the R/3 password.

Is it possible to disable the R/3 password and thus have no maintenance as the R/3 (ABAP) User ID will be stored in LDAP attribute?

Hoping you can help...