cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO via VPN

sbmrafikul2
Participant

on ‎02-11-2021 3:56 AM

0 Kudos

Dear Team,

We have SAP fiori hub deployment setup with S/4HANA as backend. And users use fiori launchpad to access different apps. Currently SSO has been configured in the landscape with ADFS within customer intranet. So the users login into their office desktop via AD credentials and upon clicking fiori url (Web Dispatcher link), it directly take to the launchpad without entering again the user credentials.

Now customer wants to implement the same SSO scenario, when they login via VPN outside office premise. Let me know how can we achieve this. can we achieved this via VPN settings or from SSO configuration. Any hint.

Regards,

Jituda

Show replies
Show replies
tim_alsop
Active Contributor
‎02-11-2021 7:30 AM
0 Kudos

When user logs in via VPN, are they using a laptop/computer that is domain joined ?

Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Colt
Active Contributor
‎02-11-2021 7:30 AM

Hi Jituda,

you can use VPN that would mean your users can reach the on-premises Fiori Frontend Server and ADFS and other systems (VPN must ensure that). Assuming that the user is logged on to his domain joined windows client and then establishes the VPN connection, the process should be transparent, analogous to the intranet since a Kerberos token can also be obtained from the KDC and ADFS can make use of the integrated windows authentication.

The result is a SAML assertion that is used to authenticate the user to the Frontend Server. More or less the same scenario. The VPN only provides the network access but isn't involved in the SSO process at all.

Another modern way to expose SAP resources from the internet without VPN in place would be to use Azure AD. ADFS is out of date and most companies now have an Azure tenant. With the Azure AD Application Proxy you can achieve nearly the same. For more information check out this blog and this one.

Cheers Colt

Show replies
Show replies
former_member250819
Explorer
‎02-24-2021 11:01 AM
0 Kudos

SSO token generate using VPN login.

kerberose base sso

1)SSO work properly when connection is taken from office domain (network) also token is generated successful, but same when connect through remote location (home network) that time token is not generated. Kindly suggest for the same.

2)Is there any particular port number used to connect through SSO with AD server.

former_member1324550
Explorer
‎10-30-2022 10:31 AM
0 Kudos

Hi Jituda. You should be able to configure SSO for your VPN users in the same way that you have it configured for your intranet users. The only difference may be in the URL you use to access the fiori launchpad - you will need to use the VPN URL instead of the intranet URL. Other than that, the configuration should be the same. If you still encounter any difficulties, you can reach out for help at VPN's client support. In the meantime, you can use this thunder vpn for pc. It's completely free. Hope this helps.

Show replies
Show replies
Ask a Question