on 05-19-2016 7:04 PM
Hi All,
Can some one explain the difference between SPNEGO and SAP Single-Sign-On? I see the Identity provider configuration and I am confused that the SAP SSO system will act as the repository of users like AD? Or will it Sync and keep another copy of the users in the SSO system? Please help me understand. Thanks.
Hi Jim,
SAP Single Sign-On supports several different scenarios, with different infrastructure requirements. If you plan to use Kerberos / SPNEGO to authenticate to the SAP systems, then you do not need any additional server. The user authentication is handled by AD and the SAP systems accept the Kerberos token for single sign-on.
If on the other hand you plan to use the Secure Login Server or the SAP Identity Provider, then you will have to install these as additional server components on some AS Java. However, also in this scenario you do not need to copy user information to the SAP Single Sign-On components. Instead you configure SAP Single Sign-On to validate user credentials against your existing user store, which could be LDAP, ABAP or UME.
Best regards,
Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Christian,
Many thanks for your input on this.
If on the other hand you plan to use the Secure Login Server or the SAP Identity Provider, then you will have to install these as additional server components on some AS Java. However, also in this scenario you do not need to copy user information to the SAP Single Sign-On components. Instead you configure SAP Single Sign-On to validate user credentials against your existing user store, which could be LDAP, ABAP or UME.
What does the 'Secure Login Server' provide me over Kerberos/SPNEGO?
What does the 'Identity provider' provide me over Kerberos/SPNEGO?
My goal is to use an SSO server for the whole enterprise.
Also, can you help me with any configuration guides, notes or links for any or both of these scenarios? I would like to know how I can configure my SAP SSO to use the AD LDAP. Appreciate your help on this.
Thanks, Jim
hi Jim,
I think it would be better you go for Kerberos token authentication integrating it with AD instead of X.509 Authentication method where you need additional AS Java. Although both would work depends what your requirement is..
You will get the complete guidance on SSO via Kerberos Authentication on this link:
Thanks
Ayush
User | Count |
---|---|
84 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.