Skip to Content
0

How can I configure GUI SSO for Linux Machine which is not connected to a AD?

Jul 31, 2017 at 12:08 PM

65

avatar image
Former Member

Hi,

I have a requirement to configure GUI SSO for one of our customers. The SAP application servers run at a third party data center and are not connected to a domain.

End users work under Customers Domain.

How can I configure SSO in this case?

Do I need to connect our SAP servers to customer domain?

Or enabling the the connectivity between SAP servers and AD server be enough?

Regards

Praveen

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Lutz Rottmann Aug 01, 2017 at 03:49 PM
0

Hi Praveen,

this can be achieved easily by using an SNC product providing this functionality on SAP cryptolib level (SAP Single Sign On, Cybersafe TrustBroker).

In this scenario there is no need to "connect" the SAP system to the AD in the sense of network communication. This is a typical misconception.

The SAP system is represented in AD by a functional user account. The AD is represented in SAP by a Keytab that is generated from the functional user account's password.

Just look at the tutorials for Kerberos SNC.

Edit: just stumbled over the introductory blog: SAP Single Sign-On: Authenticate with Kerberos/SPNEGO

Regards, Lutz

Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Thank for taking time to answer my question Lutz. That gives me enough clarity on the scenario.

1
avatar image
Former Member Aug 02, 2017 at 11:40 AM
1

Thank for taking time to answer my question Lutz. That gives me enough clarity on the scenario.

Share
10 |10000 characters needed characters left characters exceeded