Skip to Content
avatar image
Former Member

We have same AD id and SAP user id for SAP SSO? need SAP official note or document

Dear SAP Gurus,

I have implemented SSO with kerberos, both ID's AD and SAP are same in that case. I need this prerequisite written in any SAP note or SAP document.

Or SSO with kerberos is possible if AD id is sachin.shrivastavdesai@abc.com and SAP id is sachin?

Waiting for urgent response.

Regards

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Apr 19, 2017 at 05:45 PM

    Dear Qazi Jamil,

    you will likely have different user IDs for AD and SAP. For kerberos always the sAMAccountname@REALM will be used as the identifier, e.g. carstenolt@xiting.local and the SAP user id could be XY1234 - that doesn't matter. At the end you will need to map the so called kerberos principal inside the service ticket received by the client from the KDC with a valid user in your SAP AS, this will be done by USRACL (SU01 SNC Name mapping) and/or AS JAVA by using mapping rules where you could also connect to LDAP UME, or ABAP UME.

    Same user IDs are not a prerequisite for Kerberos SSO in SAP using SAP SSO 3.0 ;)

    Regards,

    Carsten

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 25, 2017 at 05:53 AM

    Dear Carsten Olt,

    I am using SSO 3.0 sAMAccountname is of service user that I have created and using same service user for SPNego configuration but other users are unable to use SSO with different AD ID with same REALM of service user with different SAP id.

    Please analyze screenshots attached and response.

    Best Regards

    4.jpg 2.jpg

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Dear Qazi,

      I'm facing the same situation as yours.

      Would you mind share how you work on SSO 3.0 or any other workaround?

      Thank you.

      Best Regards