Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO using kerberos on AIX and Windiws ADS

Go to solution
Former Member

‎01-06-2010 4:01 PM

0 Kudos

Hi,

We have our ECC6 system on AIX 5.3 and users on windows platform (XP) using Windows 2003 ADS.

We were able to setup SSO using 2 easy steps for windows based sap servers and windows xp user systems using ADS.

My first question is - what file should I use for AIX system in the following profile parameter?

snc/gssapi_lib = E:\usr\sap\SIDSYS\exe\uc\NTAMD64\gssapi32.dll

Where can I download it from?

Where should I save it to?

Is there any other steps to be done for AIX with Windows ADS?

I created a message to SAP, and they came back and said that I have to ask the OS provider for the kerberos. As well, SAP said that they would not be able to support this.

Is this possible? I have looked at couple of postings on sdn which says that this is possible. But, I could not get in to the real details. I am stuck in the first step itself on getting the file.

If any of you have any inputs, pls help

Thank you.. JZKALH

1 ACCEPTED SOLUTION

Go to solution
tim_alsop
Active Contributor

‎01-06-2010 4:15 PM

0 Kudos

Hello,

You need to set snc/gssapi_lib to refer to a shared library, not a dll. The dll is for windows only, and on UNIX a shared library is used instead. Normally the shared library has file type .so (.sl on HP-UX).

The GSS-API v2 SNC library you requrie is not provided with AIX operating system. Instead, you either need to download and compile an open source implementation of kerberos and use the shared library included with that code - this is not easy unless you have C development skills and have indepth knowledge of Kerberos, and it will not be supported by anybody (including IBM or SAP). The preferred solution is to buy a product from a SAP partner which includes AIX version of the SNC GSS-API v2 library, and then you will get a fully supported solution. I am surprised that SAP didn't tell you about this option ?

Thanks,

Tim

6 REPLIES 6

Go to solution
tim_alsop
Active Contributor

‎01-06-2010 4:15 PM

0 Kudos

Hello,

You need to set snc/gssapi_lib to refer to a shared library, not a dll. The dll is for windows only, and on UNIX a shared library is used instead. Normally the shared library has file type .so (.sl on HP-UX).

The GSS-API v2 SNC library you requrie is not provided with AIX operating system. Instead, you either need to download and compile an open source implementation of kerberos and use the shared library included with that code - this is not easy unless you have C development skills and have indepth knowledge of Kerberos, and it will not be supported by anybody (including IBM or SAP). The preferred solution is to buy a product from a SAP partner which includes AIX version of the SNC GSS-API v2 library, and then you will get a fully supported solution. I am surprised that SAP didn't tell you about this option ?

Thanks,

Tim

Go to solution
Former Member
In response to tim_alsop

‎01-06-2010 4:30 PM

0 Kudos

Thanks for the clear explanation and the fast reply.

The first option you suggested may not work as we do not have the expertise in developing the downloaded opensource application.

If we have intend to buy the file, do you know if it is easy to implement as the windows way? would we have to pay a lot for this?

You have already answered a huge part of my query.. please let me know if u can help me with this question as well..

thanks, JZKALH

Go to solution
tim_alsop
Active Contributor
In response to tim_alsop

‎01-06-2010 4:35 PM

0 Kudos

Karen,

I work for one of the vendors (a SAP partner) of such a product and I can discuss specifics with you, but not using SDN.

The impelmentation can be easier than on Windows servers - it takes a little as 10 minutes to install the products, configure SAP instance profile, restart SAP and logon using SNC using Active Directory authentication.

Thanks,

Tim

Go to solution
Former Member
In response to tim_alsop

‎01-06-2010 5:00 PM

0 Kudos

I have asked my colleague to send you an email to know more of the product.

Go to solution
Former Member
In response to tim_alsop

‎01-13-2010 9:11 PM

0 Kudos

Hello Karen,

You can find a list of SAP certified SNC solutions at the SAP [Partner Information Center: Search|http://www.sap.com/ecosystem/customers/directories/SearchSolution.epx]. Just select the BC-SNC SAP-Defined Integration Scenarios and hit search. Some of the solutions returned are GSS-API/Kerberos based as you're looking for, while others are X.509/certificated based.

Thanks!

Kyle

Go to solution
tim_alsop
Active Contributor
In response to tim_alsop

‎01-13-2010 11:31 PM

0 Kudos

Kyle,

The method you described for finding SNC parnters is not the best/latest method - I am posting this info in case somebody else in future reads this thread (which has been marked answered). The best and recommended approach is to look on SAP EcoHub. There is tab at top of this page which takes you to EcoHub. The SAP EcoHub is the best place to find details of all SAP partners who have certified solutions. On the page you described many of the partners listed do not exist anymore, or are not supporting a BC-SNC solution anymore. If you visit SAP EcoHub and search for SNC and Kerberos (for example) you will find the partners who are active.

Thanks,

Tim