Skip to Content

We have same AD id and SAP user id for SAP SSO? need SAP official note or document

Apr 18, 2017 at 10:26 AM


avatar image

Dear SAP Gurus,

I have implemented SSO with kerberos, both ID's AD and SAP are same in that case. I need this prerequisite written in any SAP note or SAP document.

Or SSO with kerberos is possible if AD id is and SAP id is sachin?

Waiting for urgent response.


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Carsten Olt Apr 19, 2017 at 05:45 PM

Dear Qazi Jamil,

you will likely have different user IDs for AD and SAP. For kerberos always the sAMAccountname@REALM will be used as the identifier, e.g. carstenolt@xiting.local and the SAP user id could be XY1234 - that doesn't matter. At the end you will need to map the so called kerberos principal inside the service ticket received by the client from the KDC with a valid user in your SAP AS, this will be done by USRACL (SU01 SNC Name mapping) and/or AS JAVA by using mapping rules where you could also connect to LDAP UME, or ABAP UME.

Same user IDs are not a prerequisite for Kerberos SSO in SAP using SAP SSO 3.0 ;)



10 |10000 characters needed characters left characters exceeded
Qazi Jamil Apr 25, 2017 at 05:53 AM

Dear Carsten Olt,

I am using SSO 3.0 sAMAccountname is of service user that I have created and using same service user for SPNego configuration but other users are unable to use SSO with different AD ID with same REALM of service user with different SAP id.

Please analyze screenshots attached and response.

Best Regards

4.jpg 2.jpg

2.jpg (132.7 kB)
4.jpg (73.7 kB)
Show 1 Share
10 |10000 characters needed characters left characters exceeded

Dear Qazi,

I'm facing the same situation as yours.

Would you mind share how you work on SSO 3.0 or any other workaround?

Thank you.

Best Regards