Skip to Content
avatar image
Former Member

Different between SSO using X.509 and Kerberos

Dear Experts,

When trying to decide which route to go for SSO X.509 certificate or Kerberos token for SAP Abap system only , I am a bit confused.

These are the main steps for using X.509. All the documents I found only talk about installing Secure Login Server on AS Java by using Telnet/JSPM deployment. Can we not do the same for AS Abap? If that is true, does that mean X.509 certificate can only be using for ABAP + JAVA systems and not for Abap only?

X.509 Certificate:

1. Install and Configure Secure Login Server on SAP AS Java system.

2. Intall Secure Login Client

3. Install and Configure Secure Login Library on SAP AS ABAP

4. Configure User Mapping in SAP AS ABAP/JAVA

On the other hand Kerberos seems much simpler because installation of Secure Login Server is not required for AS ABAP.

1. Install and Configure Secure Login Library

   Configure SPNEGO & SNC in SAP AS ABAP

2. Install Secure Login Client

3. Configure user mapping in AS ABAP.

Kindly advise.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Jun 09, 2014 at 04:55 PM

    Of course you can use X.509 certificates without AS JAVA and without SAP SSO (the product). You will then just need to figure out how to generate and deploy the certificates to your users assuming you don't already have a PKI within your company. With SAP SSO that happens automatically. Correct, ABAP SPNEGO doesn't require SLS. You can use ABAP SPNEGO assuming you purchase SAP SSO licenses and your system meets the requirements (version, SP level, kernel, etc).

    Add comment
    10|10000 characters needed characters exceeded