cancel
Showing results for 
Search instead for 
Did you mean: 

SSO over internet

0 Kudos

Dears,

i have configured sap sso using kerbos token for our abap servers , the sso working perfectly when user internally access abap servers , but i have an issue when users access the abap servers by using sap router , i checked the slc traces and i found the error

"We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again " , i ask how to overcome this error without publishing our active directory .

Rgards

Accepted Solutions (0)

Answers (3)

Answers (3)

BJarkowski
Active Contributor

The Single Sign-On using Kerberos requires a connection to a domain controller during the logon. Most probably your DC is behind the firewall and not accessible outside your company network - that's the reason why you get the above error.

In general, the Kerberos SSO is recommended when you plan to access the system from the local network or through VPN. If you wish to access the system from the internet you should have a look at single sign-on using certificates.

tim_alsop
Active Contributor

If you are only using SAP Router to access the SAP systems remotely, this will only work with DIAG protocol so any connection from client software to Kerberos authentication server (e.g. Active Directory domain controllers) will not work. I suggest you therefore think about using a VPN instead of SAP Router to allow client software to access domain controllers as well as the SAP systems on your internal network.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos

I assume that you are referring to Kerberos-based SSO for SAP GUI access.
So my question is: which SNC product are you using?

  • SAP Single Sign-On (Secure Login Client),
  • the Windows SSPI wrapper SNC library (gsskrb5.dll) provided (w/o support) by SAP, or
  • a certified 3rd Party SNC product (by one of SAP's Partners)