on 04-14-2014 8:06 PM
Hi everyone,
I am developing an external Java applicatoin that connects to SAP using JCo and would like to utilize Kerberos as our method of authentication. Can I use the NWSSO libraries to accomplish this? I've seen many examples of the connecting JCo applicatoins using X.509 certificates but none using Kerberos. What library file SNC_LIB should my JCo program use (sapcrypto.dll, secgss.dll)? Any help from someone with experience would be appreciated.
Thanks
Kevin Spillman
Hello Kevin,
normaly SAPJCO is used for server side applications and for that X.509 authentication is prefered for SNC.
The Secure Login Library does not active get the kerberos ticket for a given SPN, this is done in the Secure Login Client (which uses also the Secure Login Library below).
The Secure Login Library alone can not be used for a Kerberos based SNC with SAPJCO.
best regards
Alex
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kevin,
one additional comment:
if you are developing the Java application for a windows client, you can use an installed Secure Login Client to make SNC with kerberos over SAPJCO.
It depends on your use case if that is practical or not, its of cause not useful for server to server.
best regards
Alex
Hi, I need help about use kerberos, MS-AD and JCO.
I have a application that use JCO and a need use SNC , kerberous. The application run in linux system, and I have only netweaver as ABAP.
Is It possible use JCO and SNC to promote SSO in this scenario ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kevin,
Can I use the NWSSO libraries to accomplish this
I am not sure what you mean with NWSSO libraries. If you are using the product SAP NetWeaver Single Sign-On, you have to use the Secure Login Library. This library is supporting also Kerberos. SAPCRYPTOLIB (part of SAP NetWeaver) is supporting only certificates.
Regards
Matthias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It is possible to use an SNC library which uses a Kerberos mechanism to authenticate users and secure connections via JCo. I have used this approach many times and it works well. However, you cannot use the sapcryptolib or secgss library since these libraries do not have the necessary features to do what you want.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
AFAIK there is no server implementation for retrieving a Kerberos ticket from the JCo connection, existing implementations use HTTP headers meaning they require a browser.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.