Solved: Re: Implementing Single Sign On

Former Member · ‎2007 Aug 10

I need to implement Single sign on for my SAP GUI. That is when i login to windows i should be able to login to SAP GUI without providing further authentication details. Could anybody please tell me how do i configure it?

tim_alsop · ‎2007 Aug 10

Sridevi,

As Frank has already mentioned you need to use SNC for SSO with SAP GUI. The SNC interface requires a library to be installed on both workstations where SAP GUI is installed and on SAP application servers. The library which SAP provide is for Windows only, so if your SAP application servers are non-Windows you will need to use a third-party vendor solution instead.

I represent one of the above mentioned vendors, and our solution uses Kerberos. This is useful because typically a user logs onto their PC and authenticates with a Windows Active Directory domain, and this is done using Kerberos. Our product uses the same credentials already obtained when the user logged onto their workstation so that we can authenticate them to SAP when they logon via SAP GUI. The user just presses the Logon button in SAP Logon and they are logged into SAP without being challenged for a userid or password at this time. We also allow our product to be configured so that it authenticates the user when they press Logon button, and this can be useful in shared workstation scenarios, or when workstation is not a domain member.

Thanks,

Tim

Frank_Buchholz · ‎2007 Aug 10

Please have a look at

https://service.sap.com/security -> Security in Detail -> Secure User Access -> Authentication & Single Sign-On

There you find a FAQ (Authentication & SSO) and documents describing how to

- enable Single Sign-On based on Windows Authentication (no encryption) or

- enable Single Sign-On including strong encryption based on external parnter products which support SNC (Secure Network Communications)

Kind regards

Frank Buchholz

tim_alsop · ‎2007 Aug 10

Sridevi,

As Frank has already mentioned you need to use SNC for SSO with SAP GUI. The SNC interface requires a library to be installed on both workstations where SAP GUI is installed and on SAP application servers. The library which SAP provide is for Windows only, so if your SAP application servers are non-Windows you will need to use a third-party vendor solution instead.

I represent one of the above mentioned vendors, and our solution uses Kerberos. This is useful because typically a user logs onto their PC and authenticates with a Windows Active Directory domain, and this is done using Kerberos. Our product uses the same credentials already obtained when the user logged onto their workstation so that we can authenticate them to SAP when they logon via SAP GUI. The user just presses the Logon button in SAP Logon and they are logged into SAP without being challenged for a userid or password at this time. We also allow our product to be configured so that it authenticates the user when they press Logon button, and this can be useful in shared workstation scenarios, or when workstation is not a domain member.

Thanks,

Tim

Former Member · ‎2007 Sep 10

I planned to implement the SSO according to the following link:

http://help.sap.com/saphelp_nw2004s/helpdata/en/44/0ea40dc6970d1ce10000000a114a6b/content.htm

but this link talks about dlls. My SAP application server is unix where i cannot implement dlls. Could anybody please tell me how to configure a unix application server for SSO?

Thanks and Regards,

Sridevi

tim_alsop · ‎2007 Sep 10

Sridevi,

If you check my last post in this thread I said "The SNC interface requires a library to be installed on both workstations where SAP GUI is installed and on SAP application servers. The library which SAP provide is for Windows only, so if your SAP application servers are non-Windows you will need to use a third-party vendor solution instead."

So, if you need me to help you, can you contact me via email using my email address in my SDN business card, and I will arrange for you to be able to evaluate our product.

Thanks again,

Tim

Former Member · ‎2007 Sep 12

Hi,

Could you please let me know more details? As to which is the third party solution that could be used and how it has to be implemented?

Thanks and Regards,

Sridevi

tim_alsop · ‎2007 Sep 12

Sridevi,

It is not appropriate to share more details with you via this public forum. Instead, if you contact me via email I will send you more details and answer any further questions. My email address is available in my SDN business card. I look forward to hearing from you.

Thanks,

Tim

Former Member · ‎2007 Sep 10

Sridevi,

I think it is important to note, that the authentication mechanism and the single sign-on mechanism are not necessarily tied together. So, if you want to use Windows authentication, you can still leverage the advantages of single sign-on and strong encryption via SNC and X.509 certificates. In fact, it is recommended to use a solution that separates these two areas, so that you have the flexibility to pick the authentication mechanisms of your choice, depending on the business risks involved. It may even be necessary to mix the convenience of Windows authentication (as default) with the strength of a 2-factor authentication (for certain critical areas).

I'll be happy to give you more insights here, if you're interested. You'll find my e-mail address in my SDN business card.

Peter

Wolfgang_Janzen · ‎2007 Sep 17

If your ABAP server is running on Windows, then <a href="https://service.sap.com/sap/support/notes/352295">SAP Note 352295</a> might be of interest for you.

Otherwise, you need to use a SNC partner product.

Regards, Wolfgang

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

Implementing Single Sign On