I am evaluating different techniques for SSO. In my scenario, there is a non-SAP JEE server which supports integrated Windows Authentication using SPNEGO. The JEE server is able to use Credential Delegation when calling out to backend systems.
There is a Web application running on this JEE server to which the user does not need to log in manually, because her Windows credentials are accepted.
Now, the Web Application requires data from a SAP ABAP backend system. It uses JCO to open a RFC connection (actually SNC). So far I found out how to use
- userid / password
- X.509 certificates
- MYSAPSSO2 tickets
to authenticate from my JCO client (Web app) to the ABAP backend.
My question is: Is there a way to use Kerberos Credential Delegation with JCO 3?
Any hint is appreciated.
P.S. Right now, I am using SAP CryptoLib for the SNC connection from my JEE server to the ABAP backend. This somehow authenticates my JCO client (Web app) to the ABAP backend. However, in JCO, I still need to provide additional credentials (one of the 3 options from the list above).