Skip to Content

S4HANA SSO Multi Domain

Hello All,

We Have A Scenario where in we are Implementing S4HANA 1809 On AZUR and we want to configure SSO for User login with Windows AD, We have Multiple Domains and Different Versions.

Ex: Windows 2003 Server with Forest 2000 Version and another Domain Windows 2008 R2,

As Per PAM SSO 3.0 is Supported for 2008 R2 and S4HANA 1809 is Kernel 776 (Cryptolib 8.5).

Has any one done this SSO configuration of S4HANA 1809 with Windows 2003 and What is the best approach for This scenario of Multiple Domain and Different Versions.



Add comment
10|10000 characters needed characters exceeded

2 Answers

  • Posted on Jun 10, 2019 at 04:25 PM

    Hi Balaji,

    You can fid more detailed information no SAP HELP under link:

    Kind Regards,

    Thiago Zanguetin

    Add comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 05, 2019 at 03:36 PM

    Hi Balaji,

    yes! Check out this blog

    Please consider:

    MSFT Windows Server 2003 is out of support and maintenance since July 2015 (!) Corporate internal Audit dept. should recommend to no longer allow usage of such OS. Apart from that, for whatever reasons a company hasn't managed that, it is possible. For SAP SSO scenarios based on Kerberos the Forest or Domain functional level in most cases simply don't matter. However, running older Forest/Domain functional level may cause the systems to use weaker symmetric encryption mechanisms when it comes to Kerberos Tickets issued from the various DCs. As of the multi-master concept they have to be able to talk together and thus must be able to support same cipher suites, which may not the be the case, depending on the SP installed on the Win2003 Server. Make sure AES support is given and enable checkboxes AES256 or (at least 128) for your service accounts.

    From the blog article you can learn the way it works in one forest/domain, one forest multiple domains or multiple forests.

    Hope that is from value for you!

    Cheers Colt

    Add comment
    10|10000 characters needed characters exceeded