Skip to Content

Use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature?

Dear all,

I am looking to setup the use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature. We SSO to the backened ABAP AS via an SAP NW Portal to which SPNEgo kerberos authentication is setup. Today we specify R3 user id/password to digitally approvae a lot release. The idea is to have users maintain one AD password and don't have to remember the R/3 password anymore and also our Security team to avoid password maintenance.

I know there are 3 options for digital signature and


System signature with authorization by user ID and password (We use this currently)

Digital User signature with verification - (We would like to use this with AD userid/password, so the system still ask the users their AD userid/password for the authentication when they try to "sign" a document.)

User signature without verification

Do you think there is a way to configure the system in order to ask and check the active directory userid/password instead of SAP R/3 password? Where can I found documentation about it ?

I have several different versions of AS ABAP starting from NW 7.02 to NW 7.31.

My active directory is based on Windows 2008.

Thanks in advance!!

Dhee

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    Apr 29, 2014 at 08:09 PM
    Add comment
    10|10000 characters needed characters exceeded

    • Thanks Samuli. You have summarized what I was going to say. We are already using Kerberos/SPNego authentication to SSO to the SAP Portal and then SSO to the backened AS ABAP.

      I did read about the NWSSO's Secure Login Client and since we are windows based that could be a potential solution. However, I am exploring solutions/options on how to achieve AD based username and password authentication without using the NWSSO. That could be via LDAP or Kerberos. But since, Kerberos is not an option with the SAP supplied BAdI for the digital signature, I will explore the option of LDAP and let you know how it goes.

      Thank you all for the contributions.

  • avatar image
    Former Member
    Apr 29, 2014 at 06:43 PM

    Take a look here:

    http://wiki.scn.sap.com/wiki/display/Security/Security+Functionality+Wishlist-Topics

    There is a solved request called "Electronic signature via LDAP based SSO" - SAP provides a BADI from which you can call the LDAP function modules to remotely verify an AD password.

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 29, 2014 at 08:02 PM

    NWSSO has a Windows only implementation for classic GUI, see the application help and this discussion thread for details.

    Add comment
    10|10000 characters needed characters exceeded