Skip to Content
avatar image
Former Member

SNC Without SSO - Multiple Domains

Hi Everyone,

We are trying to enable SNC without SSO and have some queries around. I have gone through different posts discussing views and solutions in this area and I noticed mostly they are addressing the context where SSO is involved.

With SAP GUI 7.2 SP 7 we have this feature in GUI where we can configure logon with user ID & Password without SSO.

In the below thread it is discussed that if we are passing the user id & password then there is no trust required between the domains though multiple domains are involved as the system recognizes the user with the user id and password supplied and authenticates.

http://scn.sap.com/thread/3305817;IDSactivation=I1B65C448A0A958040CFF12666DE075DF2I1788AD3215A01CC0E25BC6578302ABF69D0CCA73EB049514763685FBBFA8736E2

In our context there are multiple domains involved.

SAP System - Domain A

User Group 1 - Domain B (Scenario 1)

User Group 2 - Domain C  (Scenario 2)

User Group 3 - Work from home through VPN. (Scenario 3)

Domain A is used for hosting SAP Systems and the User ID/SPN of SAP Service is to be defined in the Domain B. Without trust between the Domains and no requirement of SSO can you please provide inputs if SNC can work in the three scenarios described above.

Please let me know if you require any further details here.

Thanks & Regards

Jay

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Sep 30, 2014 at 01:09 PM

    Yes, you can use SNC with an SNC library and without domain trust.

    Do you want the user to enter their SAP user and password or AD user and password when SSO is not used ?

    Add comment
    10|10000 characters needed characters exceeded

    • Based on my detailed understanding of how the Client Encryption library has been coded, and how it uses the Kerberos protocol, I think you will find that the SAP Client Encryption library won't allow you to configure encryption without any domain trust. However, you are welcome to try... I think you will have to go with a licensed SNC library that supports the functionality you require. You can then benefit from users having less passwords as well as having an encrypted DIAG protocol.