Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP SSO, KErberos and Active Directory

Go to solution
Former Member

‎03-09-2008 8:02 AM

0 Kudos

Guys,

First of all I am not a SAP person, but working in the network department. So sorry if I don't use the appropriate words for my question.

My company is using SAP for different services.

A few months ago the SAP team installed SSO so we don't need to authenticate anymore. We logon on in the morning in AD, and then when we click the SAP link Kerberos is doing this job and we are authicated. It works fine.. but we don't have any other consulting budget to go to phase 2.. which is my question.

We have remote sites not connected to are LAN/WAN. The come to see us via a VPN/SSL architecture. This product is able to authenticate the users, and then do somme Kerberos SSO. It is based on Kerberos Constained Delegation. User authenticate, and when they click on SAP, the Gateway ask for a TGS, get it, and then send it to the sap machine.

Here is my problem... it does not work.

What I can see from the getway is that I get my TGS, send it to SAP and then connection refused.

I don't undestand why it happens on the SAP part.

Here is my question : How can I deep debug the authentication part on SAP ? Is my TGS ok ? What part is wrong ? Options, ... ? So I am blind, with no budget to hire an expert on this.

If you could advise me that would be great.

Best regards, and many thanks.

Fred

1 ACCEPTED SOLUTION

Go to solution
tim_alsop
Active Contributor

‎03-09-2008 8:19 AM

0 Kudos

Frederic,

Hello. My specialist area of technical expertise is with Kerberos, and especially Kerberos with SAP products. I therefore hope I can help you.

Can you explain more about where the TGS request comes from in your setup ? You mentioned that it comes from "the gateway" but you don't mention which gateway is involved, and provide more details on how it works ?

Also, I assume you are currently using Kerberos with SNC and SAP GUI, and this is working, or are you using Kerberos with browser access to SAP applications, or both ?

Thanks,

Tim

2 REPLIES 2

Go to solution
tim_alsop
Active Contributor

‎03-09-2008 8:19 AM

0 Kudos

Frederic,

Hello. My specialist area of technical expertise is with Kerberos, and especially Kerberos with SAP products. I therefore hope I can help you.

Can you explain more about where the TGS request comes from in your setup ? You mentioned that it comes from "the gateway" but you don't mention which gateway is involved, and provide more details on how it works ?

Also, I assume you are currently using Kerberos with SNC and SAP GUI, and this is working, or are you using Kerberos with browser access to SAP applications, or both ?

Thanks,

Tim

Go to solution
sankar_narayana
Active Participant
In response to tim_alsop

‎10-05-2009 8:40 AM

0 Kudos

Hi,

I am facing an issue with the VPN. When i connect to VPN and accessing the portal URL, It is asking for User-Id and Password.

Kerberose is not working.Let me know what needs to be done