cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to configure SSO between CRM Web UI and Windows Network ID

Go to solution
udaykumar_kanike
Active Contributor

on ‎2013 Jun 22 2:04 AM

0 Kudos
1,022

Hi All,

            I have a requirement to configure SSO between CRM 7.0 Web UI  and Windows Network ID. I referred to many threads but most of them are incomplete without a solution such as this:

http://scn.sap.com/thread/1029608.

and

http://scn.sap.com/thread/1881696

Because CRM Web UI is a part of ABAP stack, I don't think SPNEGO would work in this case. Any suggestion would be highly appreciated.

Thank you,

Uday Kanike


Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎2013 Jun 24 6:58 AM
0 Kudos

Hi Uday,

SPNEGO should work for you as well, however as a prerequisite you will need the SAP NetWeaver SSO product. There are other options like using SAML2 based authentication, if you have MS-ADFS or an other IdP running, Portal based authentication, if you have an SAP portal, ... . Maybe you can give us a bit more info?

Regards,

Patrick

Show replies
Show replies
udaykumar_kanike
Active Contributor
‎2013 Jun 24 7:10 AM
0 Kudos

Hi Patrick,

           Thanks for the reply. Here is my brief requirement.

Each end user will have a Desktop Windows login ID which is nothing but their network ID. After logging on the Desktop, they get IE browser automatically opened with their company internal portal. Now this portal is a SharePoint Portal and has all the quick links to other portals / URLs. Previously, our client was using CRM 5.0 as backend and Enterprise Portal 7.0 as front-end. Now, their requirement has changed to CRM 7.0 Web UI in place of EP. So, now I have to make it work same as before with EP without being asked for logon credentials except that it is now Web UI.

Please let me know any other questions related to this.

Thanks & Regards

Uday

Former Member
‎2013 Jun 24 7:29 AM
0 Kudos

Hi Uday,

if you have no EP anymore and no SAML2 server, I guess the only solution left would be to go for the SAP NetWeaver SSO product. This enables SPENGO for ABAP and also allows for Kerberos based authentication via SAP GUI. Please have a look at the SAP NetWeaver SSO master guide for more info on that product.

regards,

Patrick

tim_alsop
Active Contributor
‎2013 Jun 24 8:19 AM
0 Kudos

This is not the only option... It is also possible to redirect to a Java stack where Integrated Windows Authentication is supported by a JAAS login module, and redirect back to ABAP after SSO2 ticket has been issued. It is also possible to use products from SAP partners that provide Integrated Windows Authentication on ABAP stack, either directly or via a redirect. The point I am making is that SAP are not the only company that has a solution to this requirement.

Thanks,

Tim

Former Member
‎2013 Jun 24 12:04 PM
0 Kudos

Hi Tim,

you are absolutly correct, this was the reason, why I did initially ask for the environment.

To my understanding there is no other system the ABAP system can be redirected to, to authenticate the user there (Uday: please correct me if I did missunderstand your response on that). My response therefor was only about the SAP NetWeaver AS ABAP support for SPNEGO, where partner products are not supported.

Regards,

Patrick

tim_alsop
Active Contributor
‎2013 Jun 24 12:40 PM
0 Kudos 
Patrick Hildenbrand wrote:
My response therefor was only about the SAP NetWeaver AS ABAP support for SPNEGO, where partner products are not supported.
Regards, 
Patrick

What do you mean 'not supported' ? Do you mean not supported by SAP or not supported by the partner ? Actually, we are a partner and we have developed a product which is supported and doesn't require redirect to AS Java. I am therefore trying to understand your reference to not being supported. If you think it more appropriate to discuss this outside of SCN, we can.

tim_alsop
Active Contributor
‎2013 Jun 24 12:42 PM
0 Kudos

You an also use the method described at http://wiki.sdn.sap.com/wiki/display/CRM/How+to+-+SSO+to+CRM+WebUI+via+SAP+GUI+for+Windows

Former Member
‎2013 Jun 24 1:46 PM
0 Kudos

Hi Tim,

this is correct, however it was stated, that the CRM Web UI shall be started via a sharepoint portal.

Requireing the installation of the SAP GUI to use SAP-shortcut to start the SAP-GUI and make it start the CRM Web UI is overkill in my opinion, because of the SAP-GUI installation requirement.

However if the SAP-GUI is already installed, the customer can use SNC and an SAP or partner product supporting kerberos based authentication. In this case, this would not be SPNEGO, however the result would be the same.

Regards,

Patrick

Former Member
‎2013 Jun 24 1:57 PM
0 Kudos

Hi Tim,

I was referring to the built-in SPNEGO support in the SAP NW AS ABAP, please see the docs, where it is stated:

To use SPNego with SAP NetWeaver AS ABAP, requires SAP NetWeaver Single Sign-On 2.0 and higher, which requires additional software licenses.

For sure, you can use other methods to authenticate at the AS ABAP and do the SPNego authentication elsewhere (as for instance with the AS JAVA, the SAP EP, ...). I did tell this already in my very first response. However it was my understanding, that Uday did ask for something else.

Regards,

Patrick

tim_alsop
Active Contributor
‎2013 Jun 24 3:05 PM
0 Kudos

Patrick,

I am trying to tell you that it is possible to implement HTTP Negotiate authentication on ABAP AS without using SAP NetWeaver Single Sign-On product and without being unsupported, and without doing authentication somewhere else, and without redirecting to another system. I don't think it is best for me to say any more, since this forum is not the right place to discuss non SAP software, especially when they compete with products sold by SAP.... I think you understand what I am saying though 🙂

Regards,

Tim

tim_alsop
Active Contributor
‎2013 Jun 24 3:20 PM
0 Kudos

I had missed the part about Sharepoint, so I agree that it would not be a viable option. Maybe somebody else looking at this thread in future might find it useful though 🙂

udaykumar_kanike
Active Contributor
‎2013 Jun 24 4:16 PM
0 Kudos

Hi Patrick & Tim,

                   I got quite a lot of information on my thread. Thanks a lot to you both. I will definitely try all the ways you both have suggested. I will update you in a day or two. I did heard about Windows supported external tools that function similar to SSO. Only thing is that it stores the cookie and auto fills the user credentials in the browser. I am currently working on this because this is the easiest way to go with in my present situation. But anyway, if it succeeds, I will write a blog on this.

Thanks & Regards

Uday

tim_alsop
Active Contributor
‎2013 Jun 24 5:34 PM
0 Kudos

Uday,

The 'easiest way' isn't always the best way, as you can sometimes fix one problem and create others 🙂 Anyway, please keep us informed of your progress.

Thanks,

Tim

Former Member
‎2014 May 23 2:34 PM
0 Kudos

Hi Uday,

At the moment I have the same problem that you describe in this forum. I Would like to know how you finally solved the issue.

I appreciate any comments of you or any other expert.

tim_alsop
Active Contributor
‎2014 May 23 2:39 PM
0 Kudos

This is very easy without needing a Java stack. You need to purchase an SSO product, either SAP NetWeaver SSO 2.0 or a product from an SAP partner company.

Answers (2)

Answers (2)

Former Member
‎2014 May 23 3:52 PM
0 Kudos

Hi TIM

I have a CRM 7.01 release version. 

Does it exist other way to configure the SSO between CRM WEB UI  and Active Directory without using SSO 2.0?

Show replies
Show replies
udaykumar_kanike
Active Contributor
‎2013 Jun 23 11:22 AM
0 Kudos

Can someone please provide any inputs? I have come to know that Windows Network ID are actually stored in LDAP. So any way to setup SSO between CRM Web UI and Network ID.

Show replies
Show replies
former_member210661
Active Contributor
‎2013 Jun 23 2:11 PM
0 Kudos

hi uday kumar

i think this link help full to u..

just check it out

http://wiki.sdn.sap.com/wiki/display/CRM/How+to+-+SSO+to+CRM+WebUI+via+SAP+GUI+for+Windows

Regards,

srinivas

Ask a Question