Skip to Content

Kerberos SSP for Windows vs NW SSO 2.0

All

Assuming a customer has Windows / Oracle environment for his SAP applications

I understand that SAP provides the wrapper libraries for Kerberos SSP

If the objective is to get simple SSO into the sap application using SNC (SAPGUI), in what way is NW SSO 2.0 superior?

Or in other words , what are the shortcomings of a Kerberos SSP solution which is for free that a customer has to buy the license for NW SSO ?

Details would be much appreciated

Note : Its clear that SSO to browser based icm applications iwth spnego is only possiblke with NW SSO but this is not required for the time being and SSO to the SNC interface with SAPGUI is the sole criteria

Thx

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Oct 27, 2014 at 09:28 AM

    If the objective is to get simple SSO into the sap application using SNC (SAPGUI), in what way is NW SSO 2.0 superior?

    It is about security. So in case of the open source solution SAP is not the owner of the crypto lib. Many large customers expect that SAP is able to support the full securtiy scenario. In case of the open source solution, this is not the case. So SAP cannot test+correct the open source solution end2end.

    SAP also hires external security consultants to "test" SAP SSO for security flaws.

    So the question is, if the customer want to have a completely supported and tested product or not. Of course, there are also other functionality beside SSO/SNC (SPNEGO for ABAP, 2 factor autherntication, central access management).

    Regards

    Matthias

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Chandrakanth Angannagari

      Sorry, we do not have numbers on how widely this is used.
      As this is a free solution, we can not track the number of installations.

  • Oct 26, 2014 at 12:04 PM
    Add comment
    10|10000 characters needed characters exceeded

    • Tim Alsop Chandrakanth Angannagari

      One feature/difference that I just thought of, which you might be already aware of, is the inclusion of electronic signature user authentication. The free SNC library doesn't offer this functionality.

  • avatar image
    Former Member
    Mar 19, 2015 at 02:31 PM

    Hi Chandrakanth,

    Did you end up using this (Kerberos SSP) free solution? I'm considering this approach and wondering how it's gone for you. Would you be able to shed some insight into this?

    Joe

    Add comment
    10|10000 characters needed characters exceeded