cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unify SSO (w kerberos auth.) for all SAP applications

Former Member

on ‎01-12-2015 7:34 AM

0 Kudos

Hello,

we've succesfully implemented SSO authentication processes with our kerberos token for SAP Gui.

Now we'd like to unify the authentication process for all SAP applications, not only SAP Logon for SAP Gui.

Is there a way to have for example the Business Explorer tools like Query Designer to use SSO authentication? I couldn't find an option for that.

And is it possible to use Kerberos authentication when calling up the ICM addresses of our SAP systems? With SAP Portal it's no problem, we are already using that as a pre-authentication step with Logon tickets, but the ICM address itself without using the SAP Portal before doesn't offer SSO processes, am I right?

Thank you for your help.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-19-2015 3:02 PM
0 Kudos

Hey Nicolai,

Did you end up using the SAP SSO solution or did you choose the Kerberos SSP? We're doing a cost/benefit analysis with each solution and wanted to learn how you guys came to the decision and what the business user feedback was on the SSO.

Did you consider other methods (x.509, SAML)?

Joe

Show replies
Show replies
donka_dimitrova
Contributor
‎03-20-2015 7:58 AM
0 Kudos

Hello Joe,

Please, find a video that can help you to find the proper sso technology for your scenarios:

Choosing the Right Technology with SAP Single Sign-On product

Regards,

Donka Dimitrova

TomXing
Contributor
‎01-12-2015 12:44 PM
0 Kudos

Hi Nikolai,

I'm not sure why you post this in Enterprise Portal section, while the Kerberos is working fine on EP...

1. Well, usually EP is used as the integrator or entry for many other apps, hence trust is usually built in EP -> apps way.
I mean, once EP recognizes you, every fellow (like ESS, SRM, BW...) on EP recognizes you.
Or put it in another way, once EP recognizes you, every 'trusting' websites recognizes you.
And usually this is done, as you know, by logon ticket.
Notice the fact: you have to configure fellow to accept logon ticket - fellow still needs an authentication.

But now seems you are having multiple entries.

Then you have to ask every, as you called, SAP application, to accept kerberos token.
And for this you should perhaps ask experts from every particular SAP application.


2. I'm not sure what your point is here.
What is the 'ICM address'? Are you referring to http://<hostname>:<httpport>/ ?
If so, by default this is the J2EE start page and it does not require authentication.
You can set a redirection in ICM so that access to J2EE start page goes to /irj .

If I misunderstood your requirement, please let me know more details.

BR, Tom

Show replies
Show replies
Former Member
‎01-12-2015 12:59 PM
0 Kudos

Oh, did I? Sorry for that, wasn't supposed to be posted there.

First let me thank you for your response

Enterprise Portal is working fine, no problems here. We activated SNC on our SAP Systems and we use SAP Secure Login Client with our kerberos token from our domain for authentication via SAP Logon to SAP Gui. What I wanted to know was what other applications do when you try to perform an authentication with them.
What does the QueryDesigner do for example, does it use the data provided by Secure Login Client or is it always requesting a password.

And what about access to web services ( without any EP in between ), would I have to enter a password or does it (somehow) get the data from SAP Secure Login Client and SAP Logon and log me on automatically?

Actually I was asking for some experienced admins regarding multiple applications - but EP, that's not concerned.

Ask a Question