Skip to Content

How can I configure GUI SSO for Linux Machine which is not connected to a AD?


I have a requirement to configure GUI SSO for one of our customers. The SAP application servers run at a third party data center and are not connected to a domain.

End users work under Customers Domain.

How can I configure SSO in this case?

Do I need to connect our SAP servers to customer domain?

Or enabling the the connectivity between SAP servers and AD server be enough?



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Aug 01, 2017 at 03:49 PM

    Hi Praveen,

    this can be achieved easily by using an SNC product providing this functionality on SAP cryptolib level (SAP Single Sign On, Cybersafe TrustBroker).

    In this scenario there is no need to "connect" the SAP system to the AD in the sense of network communication. This is a typical misconception.

    The SAP system is represented in AD by a functional user account. The AD is represented in SAP by a Keytab that is generated from the functional user account's password.

    Just look at the tutorials for Kerberos SNC.

    Edit: just stumbled over the introductory blog: SAP Single Sign-On: Authenticate with Kerberos/SPNEGO

    Regards, Lutz

    Add comment
    10|10000 characters needed characters exceeded

  • Aug 02, 2017 at 11:40 AM

    Thank for taking time to answer my question Lutz. That gives me enough clarity on the scenario.

    Add comment
    10|10000 characters needed characters exceeded