Skip to Content

Problem to use Kerberos and Certificate based Single Sing On in parallel

Dear all,

Can you please help us with the following problem.

Today we are using Single Sign On via certificate (X.509) based authentication in our SAP systems.

We would like to change this setup to Single Sign On via Kerberos.

Therefore I configured one of our sandbox SAP systems according to the video tutorial for Single Sign On via Kerberos.

The configuration is in place and is also working fine (I can logon via SSO) but I discovered the following problem as part of the setup.

I can only logon via Single Sign On to the sandbox system (the one configured for Kerberos authentication) if I activate the option 'USE PROFILE FOR SAP APPLICATIONS' in our SAP Secure Login Client.

By default, this option is not active for any of the available certificates listed in the SAP Secure Login Client.

If this option is not activated, then I get and SNC errror message when I try to logon to the sandbox system.

If I have this option activated on the Kerberos token in SAP Secure Login Client, then I can logon to the sandbox system but I can no longer logon to our other SAP system, those which are configure for Single Sign On via certificate.

So only one solution is working at a time.

We tried to overcome the problem with the configuration option 'SMART MODE with PREFER KERBEROS' in the SAP Secure Login Client but it did not work.

We are using at the moment SAP Secure Login Client on version 3, SP 2, PL 2.

Has anybody an idea how to use both solution next to each other?

Please let me know if something is not described clearly or if you miss information.


Marcel Dyba

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

0 Answers