Skip to Content
avatar image
Former Member

SSO Issue

Hello,

I'm running ecc6 on AIX 5.3.

the workstations which connect to the sap system through the sap gui are running windows.

i would like to enable SSO (through SNC) to the sap system - can it be done with AIX? - does anyone have a guide?

What should i put in the kerenl dir instead of the sso dll file

Regards,

Moshe

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Jun 24, 2008 at 12:59 PM

    Moshe,

    You need to use a third party product, since SAP do not provide Kerberos GSS-API libraries for AIX. They are only provided for Windows. The best solution is to look at http://www.sap.com/eapcatalog and search for SNC Kerberos in the search box provided. Alternatively, seach in SDN for SNC AIX Kerberos and you will find many other people asking same question.

    Regards,

    Tim

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 24, 2008 at 01:27 PM

    Moshe,

    SAP supports a number of options to implement SNC - see [http://help.sap.com/saphelp_nw04/helpdata/en/e6/56f466e99a11d1a5b00000e835363f/frameset.htm]. Kerboros is only one of them. It is true that you should look at the SAP software solution catalog for a SAP-certified solution, but look for SNC in general - otherwise you don't get a complete picture.

    The decision which solution fits best to you should be based on your current and near-term requirements.

    - what security needs do you have in addition to your SSO requirements

    - how flexible should the solution be configurable (e.g. do you need to be able to trigger re-authentication from your application)

    - do you want to use the same authentication technology also with SAP E-SOA based solutions

    From my experience, client certificate are the authentication mechanism that offer broadest support in SAP environments: from SAPGUI / SNC to the E-SOA world. It can be easily combined with your Windows authentication infrastructure, and most importantly, it does not require to setup a PKI.

    Peter

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 16, 2008 at 12:05 PM

    1.If I use third party solution , will require to set up a user in the sap system or can i use the user from the AD to log in to the sap system

    2.i would also like to synchronize users from AD to the sap system along with the sso so that i wo'nt have to set up an AD user and a ssap user

    is it possible?

    Regards,

    Moshe

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Wolfgang Janzen

      > Wolfgang Janzen wrote:

      > Maybe it makes also sense to cross-posting your inquiry to the [SAP NetWeaver Identity Management|SAP Identity Management; SDN forum.

      Actually, the correct approach would be to move it to the IDM forum (please read the rules :-).

      It would be really nice if we could mirror threads to other related or functionally connected forums, but that feature is not available (yet...).

      Cheers,

      Julius