Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Can you authenticate user/password from SAP to Active Directory

Former Member
0 Kudos
144

I don't want to implement SSO for ABAP because my company doesn't have the license for  "SAP NW Single Sign-On"; but we would like to authenticate our users and their passwords to active directory.  Our goal is to make sure the user/password in SAP is the same as their Active Directory user/password.  Is this possible?

Thanks!

1 ACCEPTED SOLUTION

Former Member
0 Kudos
104

This has been discussed many times, for example see . The short answer is no, you can't synchronize passwords. You can however achieve the requirement assuming you are using Identity Management to provision users and passwords to all systems (AD, SAP, etc). In that case you will have to deal with users changing their password. Recommendation is to enable SSO. If you don't want to get licenses for NWSSO, try to look at other options (X.509 certificates, SPNEGO in AS JAVA and then issue a Logon Ticket, 3rd party solution, etc).

3 REPLIES 3

Former Member
0 Kudos
105

This has been discussed many times, for example see . The short answer is no, you can't synchronize passwords. You can however achieve the requirement assuming you are using Identity Management to provision users and passwords to all systems (AD, SAP, etc). In that case you will have to deal with users changing their password. Recommendation is to enable SSO. If you don't want to get licenses for NWSSO, try to look at other options (X.509 certificates, SPNEGO in AS JAVA and then issue a Logon Ticket, 3rd party solution, etc).

0 Kudos
104

Thank you for taking the time to answer.  I thought that was the answer, but just wanted to double check since things change all the time with SAP and the latest replys were back many years ago.  I was all excited about using SCN and SSO but then found out we hadn't purchased NWSSO.  We only have a JAVA system for our PI system.  Do you know if we can use logon tickets from PI JAVA to ECC ABAP?

Thank you!

0 Kudos
104

Yes, you can. You will just have to figure out a way how to access AS JAVA in order to authenticate using SPNEGO so that the SAP Logon Ticket is issued and that it can be used to access AS ABAP. I have seen all kinds of implementations in the past including portal desktops with all the available backend systems as icons, definitely not what you would want. Nowadays since there are so many other SSO options available, customers usually choose something besides SAP Logon Tickets even if additional costs are involved. Companies usually also have a PKI which they can use to generate certificates for users. Both AS JAVA and AS ABAP support authentication based on X.509 user certificates.