cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO using SPNego

Go to solution
rajeev_das
Participant

on ‎04-29-2008 3:20 PM

0 Kudos

Hi,

I have a scenario where, all end users logs into the portal with user id & password.

I'm planning to implement SSO with SPNego, which I reckon will allow to log onto the portal without entering the username & password.

Question -

1. I reckon it would be fine when they are in office since the credentials would be picked up by Active Directory. Any pointers?

2. What happens when they are conencted using VPN? Will they still be able to access the portal without entering credentials?

Any help/pointers much appreciated.

Regards,

Rajeev

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

tim_alsop
Active Contributor
‎04-29-2008 4:03 PM
0 Kudos

Answers:

1. Yes, you are correct. The user would logon to their workstation using a valid AD domain account, and the Kerberos credentials issued by AD would be used by the browser to authenticate them to SAP.

2. This works because the user will logon to their laptop/workstation using a domain account, then logon to company network using VPN connection. When they try to logon to SAP, the browser will send a request for a Kerberos service ticket to the domain controllers on the network over the VPN tunnel, and this will trigger WIndows to use the cached password to get a Kerberos TGT. The user will be authenticated in same way as if they were in the office and logging onto domain, and getting their TGT at that time.

Thanks,

Tim

Show replies
Show replies
rajeev_das
Participant
‎04-29-2008 4:53 PM
0 Kudos

hi Tim,

Thanks for your reply. I have awarded points.

Regards,

Rajeev

Answers (0)

Ask a Question