Skip to Content
avatar image
Former Member

LDAP Authentication for WebAS 7.0 ABAP

Dear board,

I am currently looking for alternatives to realize an authentication against an LDAP directory for SAP GUI users accessing a WebAs 7.0 ABAP stack.

The Front-End is on the Windows plattform, application servers are on Sun Solaris. Therefore SAP standard mechanisms for Windows Integrated Authentication are not possible. I am well aware wich 3rd party products are out there, but currently looking for other alternatives within the SAP standard?

Which other options do you see?

Kind regards and many thanks,

Richard

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Sep 03, 2008 at 11:58 AM

    Richard,

    For these requirements you need to use the SNC interface provided by SAP in SAP GUI and in SAP ABAP AS. The SNC interface requires a GSS-API library, so you need to install such a library/product on each SAP ABAP AS server and also on the workstations where SAP GUI is installed.

    You can either obtain SNC libraries from SAP partners, build your own library using open source code (as some customers have decided to do), or attempt to get the Kerberos/GSS-API library provided with the Solaris operating system to work (you would need to be very brave to do this). As you can see the main decision will relate to your skills and capabilities available, and also your awareness of the benefits that a commercially supported SAP partner product can bring to you. For example, if you use open source code, and users cannot logon to SAP you will not have any way to get assistance to fix any bugs or issues you may have.

    Hopefully this clarifies the options available.

    Thanks,

    Tim

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Tim,

      I knew you would give that answer. Thanks you for that, but I do not want to pursue that road at the moment, therefore I am looking for alternate solution options.

      Kind regards,

      Richard

  • avatar image
    Former Member
    Sep 08, 2008 at 07:46 AM

    push

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Tim Alsop

      I am not sure what Sietze was referring to, but I am also interested to find out. I think he might be assuming that the LDAP adapter can be used to authenticate users, but in fact this is not the case. Perhaps he can explain ?

      I was referring to the Portal but you guys are only discussing ABAP. Sorry for the confusion.

      You can, of course use the Portal to enable SSO as well. You first authenticate to the Portal which, after successful authentication, issues a SAP Logon ticket to the user. You can then call SAPGUi from within the Portal which uses the SAP Logon Ticket to authenticate the user.

      However, it is very important to send SAP Logon Tickets only over encrypted connections. Possession of the SAP Logon Ticket is enough to gain entry. In order to encrypt the connection to an ABAP system you have to use SNC, thereby making this whole route unnecessarily complicated and superfluous.

  • avatar image
    Former Member
    Sep 09, 2008 at 10:07 AM

    Hi there,

    would anybody still recommend the PAS option "Bind against Directory Server"?

    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e7e89032-0a01-0010-a397-926f70359db3

    As far as I understand, the specified set up with seperated W/A-Gate and external ITS is not longer a supportable architecture option refering to an outdated WebAS release.

    Kind regards,

    Richard

    Add comment
    10|10000 characters needed characters exceeded