Solved: Acitve Directory and Single Sign On (SSO)

Former Member · ‎08-05-2008

Hi SAP Gurus,

How can I configure the Active Directory to work hand in hand with the Single Sign On (SSO) for the SAP Portal?

For instance, if the user were to login into their Windows Workstation and user is authenticated through LDAP via username and password, but somehow I want the username and password information to be passed on to the Portal so that the user does not get a popup everytime they want to login into Portal, hence Single Sign On (SSO).

If you guys could please tell me the detail steps I would really appreciate it.

Thanks,

Adnan Abbasi

Former Member · ‎08-11-2008

SSO via X.509 certificates can also be used, if no PKI is available. You can setup a SAP-specific authenticaiton & certificate server, which creates X.509 certificates for SAP SSO in the background.

Peter

tim_alsop · ‎08-05-2008

Adnan,

You need to install an SPNEGO login module in portal and then you will get what you need, e.g. a user will be authenticated to SAP from the account they logged onto workstation with.

You can find many posts in this forum about SPNEGO login module, and the documentation is also referenced, or available on SAP help library.

Thanks,

Tim

Former Member · ‎08-06-2008

Hi Tim,

First of all thank you for replying back, but I will provide you with further details and then will you be able to help me.

Thanks,

Adnan

tim_alsop · ‎08-06-2008

Adnan,

I look forward to the additional information, and being able to help you.

Regards,

Tim

Former Member · ‎08-07-2008

Hi Tim,

Instead of using SPNEGO, the SAP team of consultants are going to go with Arinso, would you know how things will work out with Arinso, if so, I would really appreciate it. Thanks a lot for your time.

Regards,

Adnan

tim_alsop · ‎08-07-2008

Adnan,

As far as I know, Arinso is a company that provide outsourcing services and specialise in SAP HR requirements, but they do not develop or sell an SSO solution.

Can you find out what product Arinso are going to recommend you use for SSO ?

Thanks,

Tim

Former Member · ‎08-08-2008

Lets look at what you are trying to do. Active Directory (AD) is an LDAP compliant directory that users log onto and SAP Netweaver can use AD for mapping usernames.

The key point in the communication is the browser to the portal. With AD you have two basic single sign-on options that don't require the user to sign on after login into Windows.

Edited by: Shaun Price on Aug 8, 2008 11:31 AM

Former Member · ‎08-08-2008

Sorry, the two options are:

Kerberos: the default used by Windows on AD (Hence the reason for installing hte SPNEGO library)

X.509 Certificates: Users can be automatically enrolled with certificates through AD using some CA's (e.g. Microsoft Certificate Services)

Also, take a look at the SAP help on this topic:

http://help.sap.com/saphelp_nwce10/helpdata/en/43/849eba1d0d267fe10000000a1553f7/frameset.htm

Former Member · ‎08-11-2008

SSO via X.509 certificates can also be used, if no PKI is available. You can setup a SAP-specific authenticaiton & certificate server, which creates X.509 certificates for SAP SSO in the background.

Peter

Former Member · ‎08-21-2008

Hi All,

I am very sorry for the delayed responses and awarding of points, but I would like to thank you for all your answers. I truly appreciate it. Its from people like you, people like me learn a lot.

Thanks,

Adnan Abbasi