08-05-2008 3:45 PM
Hi SAP Gurus,
How can I configure the Active Directory to work hand in hand with the Single Sign On (SSO) for the SAP Portal?
For instance, if the user were to login into their Windows Workstation and user is authenticated through LDAP via username and password, but somehow I want the username and password information to be passed on to the Portal so that the user does not get a popup everytime they want to login into Portal, hence Single Sign On (SSO).
If you guys could please tell me the detail steps I would really appreciate it.
Thanks,
Adnan Abbasi
08-11-2008 8:59 AM
SSO via X.509 certificates can also be used, if no PKI is available. You can setup a SAP-specific authenticaiton & certificate server, which creates X.509 certificates for SAP SSO in the background.
Peter
08-05-2008 4:24 PM
Adnan,
You need to install an SPNEGO login module in portal and then you will get what you need, e.g. a user will be authenticated to SAP from the account they logged onto workstation with.
You can find many posts in this forum about SPNEGO login module, and the documentation is also referenced, or available on SAP help library.
Thanks,
Tim
08-06-2008 7:36 PM
Hi Tim,
First of all thank you for replying back, but I will provide you with further details and then will you be able to help me.
Thanks,
Adnan
08-06-2008 7:42 PM
Adnan,
I look forward to the additional information, and being able to help you.
Regards,
Tim
08-07-2008 4:48 PM
Hi Tim,
Instead of using SPNEGO, the SAP team of consultants are going to go with Arinso, would you know how things will work out with Arinso, if so, I would really appreciate it. Thanks a lot for your time.
Regards,
Adnan
08-07-2008 6:08 PM
Adnan,
As far as I know, Arinso is a company that provide outsourcing services and specialise in SAP HR requirements, but they do not develop or sell an SSO solution.
Can you find out what product Arinso are going to recommend you use for SSO ?
Thanks,
Tim
08-08-2008 10:18 AM
Lets look at what you are trying to do. Active Directory (AD) is an LDAP compliant directory that users log onto and SAP Netweaver can use AD for mapping usernames.
The key point in the communication is the browser to the portal. With AD you have two basic single sign-on options that don't require the user to sign on after login into Windows.
Edited by: Shaun Price on Aug 8, 2008 11:31 AM
08-08-2008 10:41 AM
Sorry, the two options are:
Kerberos: the default used by Windows on AD (Hence the reason for installing hte SPNEGO library)
X.509 Certificates: Users can be automatically enrolled with certificates through AD using some CA's (e.g. Microsoft Certificate Services)
Also, take a look at the SAP help on this topic:
http://help.sap.com/saphelp_nwce10/helpdata/en/43/849eba1d0d267fe10000000a1553f7/frameset.htm
08-11-2008 8:59 AM
SSO via X.509 certificates can also be used, if no PKI is available. You can setup a SAP-specific authenticaiton & certificate server, which creates X.509 certificates for SAP SSO in the background.
Peter
08-21-2008 3:02 PM
Hi All,
I am very sorry for the delayed responses and awarding of points, but I would like to thank you for all your answers. I truly appreciate it. Its from people like you, people like me learn a lot.
Thanks,
Adnan Abbasi