Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
AJAYTR_ATR66
Participant
0 Kudos
4,762

#ATR(8)    [LINKED]

This blog is linked with "SINGLE SIGN ON CONFIG - USING SINGLE SNC NAME TO SUPPORT BOTH X.509 CERTIFICATE AND KERBEROS TOKEN LOGON.

Link: https://community.sap.com/t5/technology-blogs-by-members/single-sign-on-config-using-single-snc-name...

Informative Note: Created this blog to provide information on how to setup Secure Login Client and Login using Kerberos token.

KERBEROS LOGON STEPS

 1) Install SLC Software

  •      You can download Secure Login Client from SWDC. Install on your PC.

ajay_tr66_0-1706275877196.png

  •      Once installed, SLC will be visible in taskbar tray icon. Click ‘Show’ button and open SLC.

ajay_tr66_1-1706276074814.png

2) Select Kerberos token for SAP Application                         [Log in… Optional]

ajay_tr66_3-1706276749056.png

3) Add/Change SAP GUI Properties

  •     Provide your corresponding system details as usual in SAP LOGON GUI – NEW CONNECTION.

ajay_tr66_4-1706280072140.png

  4) In Network settings, Provide below mentioned information

  •        Checkbox: Activate Secure Network Communication
  •        SNC name: p:CN=SID SID – System ID
  •        Security: Maximum Security Settings available [As per User Convenience]
  •        Connection: High Speed (LAN)

ajay_tr66_5-1706280189370.png

  • Select ‘OK’ and close properties.
  • No need to change anything in “Code Page” tab.
  • Now, Users can login system with/without password as per user convenience.ajay_tr66_6-1706280261870.png

 

 

  • Users will be logged in directly to client which they have access.
  • If Users have access to multiple Clients in system, they can select and choose client to login as per their requirement.

ajay_tr66_0-1706338255906.png

  • Selected Client – 100 (For Example)
  • User logged on Client 100 (SNC - Without Password using Kerberos token)
  • Message: SNC logon by 100 USERID for p:CN=USERNAME@WINDOWSDOMAIN

ajay_tr66_9-1706280644577.png

 

 

 

 

 

 

 

 

ajay_tr66_10-1706280861215.png

Note: Make sure SNC Canonical saved in ABAP System [as same as Windows Domain ID] before logging in.

ajay_tr66_0-1706286363834.png

Thanks for Visiting !
Please do connect and follow my Linked In Profile - https://www.linkedin.com/in/ajaytr66/

AJAY TR - ATR - SAP BASIS ADMINISTRATOR

3 Comments
Adithya1
Newcomer
0 Kudos

Hi @AJAYTR_ATR66,

Is the Secure Login Client tool a licensed one? 

AJAYTR_ATR66
Participant
0 Kudos

Hi Adithya1,

   Yes. Single Sign On is licensed. If Single Sign On Software available in your Customer SWDC then you already have license to download and use SSO.

 

Regards,

Ajay TR,

SAP BASIS Administrator.

Pratheesh1
Discoverer
0 Kudos

Hello experts,

I'm inquiring whether it's feasible to incorporate a new Active Directory (AD) domain, distinct from the one I'm currently logged into, within the SAP Secure Login Client.

As consultants, we operate within our company's domain. However, since we're providing support to our client, who operates within a separate domain, we need to ensure that we can access their SAP Systems using Single Sign-On (SSO). Unfortunately, this isn't possible due to the disparity between our domain and the client's domain. Therefore, we're exploring the option of integrating the client's domain into our SAP Secure Login Client.

FYI, we use VPN to connect to our client systems.

 

Thank you

Labels in this area