Skip to Content
avatar image
Former Member

SSO on NWBC

Good day,

Please help, we are implementing SSO using Secure Login Server, Secure Login Client, Active Directory, X.509 certificates. We've managed to get the setup to work for SAPGui with the Secure Login Server connected to the AD. However we cannot get nwbc (desktop & html) to work. We've done the nwbcoptions.xml settings, as well as transaction SPNEGO still the logon screen keeps popping up.

Any pointers would be appreciated.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Oct 24, 2014 at 02:27 AM

    Hello

    There are 2 solutions:

    there is the solution with SAP Logon Tickets. This solution is included in SAP Netweaver.

    http://help.sap.com/saphelp_nw70ehp3/helpdata/en/4c/5bd4fe97817512e10000000a42189b/content.htm

    So this is a solution for SSO for NWBC but you also want to have a Kerberos integration ... this is an issues because only SAP NW Java is suppporting SPNego and not SAP NW ABAP. So this solution is only working if the first request will be send to SAP NW Java server and the user gets then a SAP Logon Ticket. See also:

    http://scn.sap.com/people/andre.fischer/blog/2010/03/31/single-sign-on-technologies-supported-by-the-sap-netweaver-application-server-as-a-service-provider-in-microsoft-based-environments

    Furthermore there is the additional product SAP NetWeaver Single Sing-On available which support also NWBC 3.0 and higher: http://help.sap.com/nwsso10 -> installation -> components: secure login client + secure login sever + secure login library. NWBC is supported here via certificates out of the box.

    You can find also a how to guide here for SAP NW SSO:

    http://scn.sap.com/docs/DOC-29687

    See below blogs

    NWBC (4.0) meets Single Sign-On: Simplify Secure Data Access (Part 1)

    NWBC meets Single Sign-On: Simplify Secure Data Access in Remote Scenarios (Part 2)

    Part 3 - NWBC Authentication & Single-Sign-On (SSO)

    Regards

    Vijay Kalluri

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 09, 2014 at 06:30 AM
    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 21, 2014 at 01:09 PM

    Did you check if there are duplicate Service Principal Name being used?

    Try this command to check:

    setspn –T * -T foo -X

    Add comment
    10|10000 characters needed characters exceeded