Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
AJAYTR_ATR66
Participant
0 Kudos

#ATR blog (9)

This blog is linked with "SINGLE SIGN ON CONFIG - USING SINGLE SNC NAME TO SUPPORT BOTH X.509 CERTIFICATE AND KERBEROS TOKEN LOGON.

Link: https://community.sap.com/t5/technology-blogs-by-members/single-sign-on-config-using-single-snc-name...

Informative Note: Created this blog to provide information on how to setup Secure Login Client and Login using X509 Certificate token. 

LOGON STEPS

1) Install SLC Software

  •      You can download Secure Login Client from SWDC. Install on your PC.

ajay_tr66_0-1706329553113.png

  • Once installed, SLC will be visible in taskbar tray icon. Click ‘Show’ button and open SLC.

ajay_tr66_1-1706329590481.png

  • Go to File -> Options.

ajay_tr66_2-1706329629169.png

  • No need to change anything in SNC tab.
  • In Policy Groups, provide SSO server information.

  Host: ssohostname with portnumber
  Group: Secure Login Default Group [It will fetch Profiles Assigned to this group which will be JAVA UME (Windows SPNEGO Profile]
  Proxy: As per User Network Compliance - To connect SSO Server and ABAP Servers.

ajay_tr66_3-1706329673171.png

  • Select “Apply” and Click “OK” button.
  • Your SNC User Group Profile will be automatically added in the list.

ajay_tr66_4-1706329699675.png

  • Close and Reopen SLC if not added automatically
  • Right click and select “Use Profile for SAP Applications”

ajay_tr66_2-1706330063355.png

  • Since we would have used "SPNEGO - Ticket based Authentication " in SSO, Logon would be authenticated via Windows AD Domain checks (whether AD account exists or not via SSO Server)

  • Connection to SSO server Java UME Profile (SPNEGO Windows Profile) will be reached from SLC via trusted X509 Certificate. SSO Root CA certificate needs to be uploaded in Client PC Trusted Certificate List since all SSO certificates were created manually in SSO. Not Signed by CA. We will get SNC - Trust Error if not uploaded.

ajay_tr66_7-1706329785014.png

2) Add/Change SAP GUI Properties

  • Provide your corresponding system details as usual in SAP LOGON GUI – NEW CONNECTION. 

ajay_tr66_1-1706330016201.png

3) In Network settings, Provide below mentioned information

  •        Checkbox: Activate Secure Network Communication
  •        SNC name: p:CN=SID SID – System ID
  •        Security: Maximum Security Settings available [As per User Convenience]
  •        Connection: High Speed (LAN)

ajay_tr66_0-1706329975072.png

  • Select ‘OK’ and close properties. No need to change anything in “Code Page” tab.
  • Now, Users can login system with/without password as per user convenience.

ajay_tr66_3-1706330108399.png

  • Users will be logged in directly to client which they have access. If Users have access to multiple Clients in system, they can select and choose client to login as per their requirement.

ajay_tr66_4-1706330177644.png

  • Selected Client – 100 (For Example)
  • User logged on Client 100 (SNC - Without Password using X509 Certificate SSO Server)
  • Message: SNC logon by 100 USERID for CN - USERNAMEatrateWINDOWSDOMAIN

ajay_tr66_0-1706330296265.png

ajay_tr66_0-1706343198386.png

Note:

1. User needs to be created in SSO Server (as same as Windows AD Domain) and Kerberos for Java Setup should be done in SSO server in order to use Windows AD Authentication check for ABAP Login.
2. Make sure SNC Canonical saved in ABAP System [as same as Windows Domain ID] before logging in.

ajay_tr66_3-1706330451049.png

Thanks for Visiting!
Please do connect and follow my Linked In Profile - https://www.linkedin.com/in/ajaytr66/

Labels in this area