Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

A typical scenario for SPNego (Kerberos) authentication for SSO

Former Member

‎07-17-2008 3:46 AM

0 Kudos

Hi All,

I have a scenario, We have windows user id which are authenticating against LDAP.

We have portal user id (different from windiws ones) which are authenticating against CUA (Cetral for all ECCs, portals) which we can't change for some reason.

Now we want to achieve Kerberos authentication for SSO. What aaproach can we choose

like is it some way we can have some mapping within LDAP...somthing like aias of LDAP id as CUA ids

or some other approach.

Please let me know guys..we need to come up with something soon.

Thanks in Advance

1 REPLY 1

tim_alsop
Active Contributor

‎07-17-2008 8:31 AM

0 Kudos

Alok,

You may be aware that if you use SNC for SAP GUI then the mapping of the SNC name onto a SAP user is configured in a table in ABAP engine called USRACL. This table is often maintained using the SU01 t-code. If you are using the SAP supplied SPNEGO login module, the mapping requires attributes to be added to your AD schema which contain the SAP user for a particular authenticated principal in AD.

The reason why I mentioned USRACL table, was for clear understanding of the mapping requirement, and also because there is a SAP certified product available from a SAP partner that uses this table with SPNEGO, so there is no need for any schema updates.

I hope this helps ?

Regards,

Tim