Skip to Content
author's profile photo Former Member
Former Member

Windows NTLM Authentication on SAP 4.6c (Platform AIX)

I am trying to use NCo 2.0 for C# .Net application with Web Service and C# Web UI.

My Users are in AD domain and need to authenticate on IIS via AD (Integrated NTLM)

I need to implement single sign on for SAP integrated application.

As per NCo documentation: I need to set-up trust relationship between IIS and SAP, use this trusted user (DOMAIN\IUSR_SAPPOOL) and send active directory id as external id in connection string. All transaction should run with external user id context.

Can someone help me with following question.

1. Does NTLM trust relationship / authentication on SAP running on AIX? or Do I have to setup kerberos authetication?

2. What SNC library needed for SAP (AIX instance)?

3. How can I configure NTLM authentication on SAP (AIX instance) The NCo 2.0 documents only explains SAP (MS instance) configuration.

What option do I have to get Single Sign On working?

Any help is highly appreciated.

Regards and Thank you in advance.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Feb 08, 2005 at 08:23 AM

    > 1. Does NTLM trust relationship / authentication on

    > SAP running on AIX? or Do I have to setup kerberos

    > authetication?

    You can use any SNC provider to establish the trusted connection, e.g. Secude. You can also use Kerberos, which is the easiest way on the NT/IIS side (use gsskerb5.dll), but might complicate it on AIX. Using another SNC migh make it complicated on NT/IIS, because you need to authenticate the IUSR_SAPPOOL user somehow automatically on your SNC provider.

    > 2. What SNC library needed for SAP (AIX instance)?

    Depends on the SNC provider you choose.

    > 3. How can I configure NTLM authentication on SAP

    > (AIX instance) The NCo 2.0 documents only explains

    > SAP (MS instance) configuration.

    AIX would not authenticate the user. The user is authenticated by IIS. Then the user ID is just transfered to AIX. The AIX server needs to believe that IIS did authenticate him correctly. Therefore this is called "trusted connection".

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Reiner Hille-Doering

      Hi,

      I was able to get Logon ticket from SAP Portal which reside in different server but same domain. The logon ticket allows me to connect to SAP using .Net Connector proxy. This is just a intermediate solution, we do not want to have dependency on SAP portal for logon ticket. I wish SAP had logon ticket server just to serve logon tickets.

      I will still continue to work on getting direct single sign on working between .Net Connector and SAP.

      Thank you for your help to figure out way to single sign on, really appreciate your efforts.

      -Prashant

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.