cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Kerberized JCo from external Java applicatoin using NWSSO libraries

Go to solution
Former Member

on ‎04-14-2014 8:06 PM

0 Kudos


Hi everyone,

I am developing an external Java applicatoin that connects to SAP using JCo and would like to utilize Kerberos as our method of authentication. Can I use the NWSSO libraries to accomplish this? I've seen many examples of the connecting JCo applicatoins using X.509 certificates but none using Kerberos. What library file SNC_LIB should my JCo program use (sapcrypto.dll, secgss.dll)? Any help from someone with experience would be appreciated.

Thanks

Kevin Spillman

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-15-2014 11:42 AM
0 Kudos

Hello Kevin,

normaly SAPJCO is used for server side applications and for that X.509 authentication is prefered for SNC.
The Secure Login Library does not active get the kerberos ticket for a given SPN, this is done in the Secure Login Client (which uses also the Secure Login Library below).

The Secure Login Library alone can not be used for a Kerberos based SNC with SAPJCO.

best regards

Alex

Show replies
Show replies
Former Member
‎04-15-2014 1:46 PM
0 Kudos

This was my original thought. Thanks for confirming Alex

tim_alsop
Active Contributor
‎04-15-2014 1:49 PM
0 Kudos

Kevin,

If you need a library that will work with Kerberos and JCo, please let me know.

Thanks

Tim

Former Member
‎04-15-2014 3:21 PM
0 Kudos

Hi Kevin,

one additional comment:

if you are developing the Java application for a windows client, you can use an installed Secure Login Client to make SNC with kerberos over SAPJCO.

It depends on your use case if that is practical or not, its of cause not useful for server to server.

best regards

Alex

Answers (4)

Answers (4)

former_member259859
Explorer
‎12-29-2020 12:52 PM
0 Kudos

Hi, I need help about use kerberos, MS-AD and JCO.

I have a application that use JCO and a need use SNC , kerberous. The application run in linux system, and I have only netweaver as ABAP.

Is It possible use JCO and SNC to promote SSO in this scenario ?

Show replies
Show replies
Kaempfer
Advisor
Advisor
‎04-15-2014 10:52 AM
0 Kudos

Hi Kevin,



Can I use the NWSSO libraries to accomplish this

I am not sure what you mean with NWSSO libraries. If you are using the product SAP NetWeaver Single Sign-On, you have to use the Secure Login Library. This library is supporting also Kerberos. SAPCRYPTOLIB (part of SAP NetWeaver) is supporting only certificates.

Regards

Matthias

Show replies
Show replies
tim_alsop
Active Contributor
‎04-15-2014 8:40 AM
0 Kudos

It is possible to use an SNC library which uses a Kerberos mechanism to authenticate users and secure connections via JCo. I have used this approach many times and it works well. However, you cannot use the sapcryptolib or secgss library since these libraries do not have the necessary features to do what you want.

Show replies
Show replies
Former Member
‎04-14-2014 10:48 PM
0 Kudos

AFAIK there is no server implementation for retrieving a Kerberos ticket from the JCo connection, existing implementations use HTTP headers meaning they require a browser.

Show replies
Show replies
Ask a Question