on 10-26-2014 11:35 AM
All
Assuming a customer has Windows / Oracle environment for his SAP applications
I understand that SAP provides the wrapper libraries for Kerberos SSP
If the objective is to get simple SSO into the sap application using SNC (SAPGUI), in what way is NW SSO 2.0 superior?
Or in other words , what are the shortcomings of a Kerberos SSP solution which is for free that a customer has to buy the license for NW SSO ?
Details would be much appreciated
Note : Its clear that SSO to browser based icm applications iwth spnego is only possiblke with NW SSO but this is not required for the time being and SSO to the SNC interface with SAPGUI is the sole criteria
Thx
If the objective is to get simple SSO into the sap application using SNC (SAPGUI), in what way is NW SSO 2.0 superior?
It is about security. So in case of the open source solution SAP is not the owner of the crypto lib. Many large customers expect that SAP is able to support the full securtiy scenario. In case of the open source solution, this is not the case. So SAP cannot test+correct the open source solution end2end.
SAP also hires external security consultants to "test" SAP SSO for security flaws.
So the question is, if the customer want to have a completely supported and tested product or not. Of course, there are also other functionality beside SSO/SNC (SPNEGO for ABAP, 2 factor autherntication, central access management).
Regards
Matthias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chandrakanth,
the wrapper coding itself is supported, however not the coding used by microsoft or any other underlying technology provider the wrapper is configured to be used with. For this the regulations in note 150380 apply.
See also note 352295 for more details on this.
Regards, Patrick
Thanks Patrick
the notes- I have read them many times over but the confusion remains
What is clear is that these wrappers are provided by SAP. Also there are lines in the notes which say interoperability with kerberos implementation from other vendors (eg *Unix" ) is 'possible' but not supported.
But for a pure Windows based SAP environment, what is SAP's statement about this.
My understanding is that being free, this is very popular (is it?) amongst SAP /Windows customers and works without problems for a simple SSO to SAPGUI requirement (Yes agree that features like 2 factor authentication etc are not available with this free solution)
What i understand is that in case SSO to SAPGUI stops working some day, an SAP message would be responded to without 'consulting' ?
There is some limited support for this library in a windows only environment (both client and server must be windows!). However there have been a lots of changes to the MS Kerberos implementation in the past, which you will notice when reading the notes. Support therefor is on a best effort basis only. This is not the same as the support for our SSO product.
Hope this clarifies the situation a bit.
Regards, Patrick
Hi Chandrakanth,
Did you end up using this (Kerberos SSP) free solution? I'm considering this approach and wondering how it's gone for you. Would you be able to shed some insight into this?
Joe
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please refer the below document
Hope this is helpful
Single Sign-On with Microsoft Kerberos SSP - User Authentication and Single Sign-On - SAP Library
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please look at this
Single Sign-On for the SAP GUI - User Authentication and Single Sign-On - SAP Library
Regards
Vijay Kalluri
It is clear to me that you are wondering why somebody would want to buy an SSO product when they just need SAP GUI SSO. As you know, there is a free Kerberos SNC library available if your SAP system is on Windows. If you are happy with this and you don't have any product support concerns then you can continue to use this SNC library and no need to purchase a product to replace it. There are additional features included in commercial SAP SSO products, and you can find some of them if you look a the list of features mentioned on the products described in the SAP Store (http://store.sap.com).
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.