cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can I configure GUI SSO for Linux Machine which is not connected to a AD?

Go to solution
former_member238620
Explorer

on ‎07-31-2017 1:08 PM

0 Kudos

Hi,

I have a requirement to configure GUI SSO for one of our customers. The SAP application servers run at a third party data center and are not connected to a domain.

End users work under Customers Domain.

How can I configure SSO in this case?

Do I need to connect our SAP servers to customer domain?

Or enabling the the connectivity between SAP servers and AD server be enough?

Regards

Praveen

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

LutzR
Active Contributor
‎08-01-2017 4:49 PM
0 Kudos

Hi Praveen,

this can be achieved easily by using an SNC product providing this functionality on SAP cryptolib level (SAP Single Sign On, Cybersafe TrustBroker).

In this scenario there is no need to "connect" the SAP system to the AD in the sense of network communication. This is a typical misconception.

The SAP system is represented in AD by a functional user account. The AD is represented in SAP by a Keytab that is generated from the functional user account's password.

Just look at the tutorials for Kerberos SNC.

Edit: just stumbled over the introductory blog: SAP Single Sign-On: Authenticate with Kerberos/SPNEGO

Regards, Lutz

Show replies
Show replies
former_member238620
Explorer
‎08-02-2017 12:40 PM

Thank for taking time to answer my question Lutz. That gives me enough clarity on the scenario.

Answers (1)

Answers (1)

former_member238620
Explorer
‎08-02-2017 12:40 PM

Thank for taking time to answer my question Lutz. That gives me enough clarity on the scenario.

Show replies
Show replies
Ask a Question