cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Single Sign-On vs SPNEGO

Former Member
0 Kudos

Hi All,

Can some one explain the difference between SPNEGO and SAP Single-Sign-On? I see the Identity provider configuration and I am confused that the SAP SSO system will act as the repository of users like AD? Or will it Sync and keep another copy of the users in the SSO system? Please help me understand. Thanks.

Accepted Solutions (1)

Accepted Solutions (1)

Christian_Cohrs
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Jim,

SAP Single Sign-On supports several different scenarios, with different infrastructure requirements. If you plan to use Kerberos / SPNEGO to authenticate to the SAP systems, then you do not need any additional server. The user authentication is handled by AD and the SAP systems accept the Kerberos token for single sign-on.

If on the other hand you plan to use the Secure Login Server or the SAP Identity Provider, then you will have to install these as additional server components on some AS Java. However, also in this scenario you do not need to copy user information to the SAP Single Sign-On components. Instead you configure SAP Single Sign-On to validate user credentials against your existing user store, which could be LDAP, ABAP or UME.

Best regards,

Christian

Former Member
0 Kudos

Hi Christian,

Many thanks for your input on this.


If on the other hand you plan to use the Secure Login Server or the SAP Identity Provider, then you will have to install these as additional server components on some AS Java. However, also in this scenario you do not need to copy user information to the SAP Single Sign-On components. Instead you configure SAP Single Sign-On to validate user credentials against your existing user store, which could be LDAP, ABAP or UME.

What does the 'Secure Login Server' provide me over Kerberos/SPNEGO?

What does the 'Identity provider' provide me over Kerberos/SPNEGO?

My goal is to use an SSO server for the whole enterprise.


Also, can you help me with any configuration guides, notes or links for any or both of these scenarios? I would like to know how I can configure my SAP SSO to use the AD LDAP. Appreciate your help on this.


Thanks, Jim

Former Member
0 Kudos

hi Jim,

I think it would be better you go for Kerberos token authentication integrating it with AD instead of X.509 Authentication method where you need additional AS Java. Although both would work depends what your requirement is..

You will get the complete guidance on SSO via Kerberos Authentication on this link: 

Thanks

Ayush

Former Member
0 Kudos

I have to use SAML and not Kerberos due to Mobility integration. Can you help me with the configuration using SAML on my AS JAVA as a central system for mobile devices (Fiori) and integration with AD? The mobile devices need to authenticate using AD credentials.

Answers (0)