Skip to Content

Clarification in LDAP and SSO

Background:
User master records are maintained as usual in SAP NW AS ABAP.
MS Active Directory contains list of employees of the organization who are accessing and not accessing SAP NW AS ABAP.

Scenario:

1. We would like to sync the existing MS AD to SAP. Expected end result, same list of users to be available in SAP NW AS ABAP (user creation, user deletion, reset password, etc ONLY done in MS AD). After the sync, are we able to login to SAP using MS AD password? and if the password changed in MS AD will get reflected simultaneously or wait for the execution of RSLDAPSYNC_USER?

Doubt: Point 9 on note 793191 mentioned the password cannot be synchronized.

2. Without the need of purchasing SAP Single Sign-On product nor licensing, if SSO is possible via SAP GUI? We are using MS AD, while SAP NW AS ABAP is running on Linux x86_64.

Doubt: Kerberos protocol required SAP secure login client (SLC) [license required]. SPNego or SAML (AD FS) seems possible, but they are applicable to SAP GUI for HTML. If we don't wish to switch to webgui (ICF), is there any other choice?

Looking forward for any contribution to shed some light on these.

Regards
Stephen

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

0 Answers