on 07-31-2017 1:08 PM
Hi,
I have a requirement to configure GUI SSO for one of our customers. The SAP application servers run at a third party data center and are not connected to a domain.
End users work under Customers Domain.
How can I configure SSO in this case?
Do I need to connect our SAP servers to customer domain?
Or enabling the the connectivity between SAP servers and AD server be enough?
Regards
Praveen
Hi Praveen,
this can be achieved easily by using an SNC product providing this functionality on SAP cryptolib level (SAP Single Sign On, Cybersafe TrustBroker).
In this scenario there is no need to "connect" the SAP system to the AD in the sense of network communication. This is a typical misconception.
The SAP system is represented in AD by a functional user account. The AD is represented in SAP by a Keytab that is generated from the functional user account's password.
Just look at the tutorials for Kerberos SNC.
Edit: just stumbled over the introductory blog: SAP Single Sign-On: Authenticate with Kerberos/SPNEGO
Regards, Lutz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank for taking time to answer my question Lutz. That gives me enough clarity on the scenario.
Thank for taking time to answer my question Lutz. That gives me enough clarity on the scenario.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.