cancel
Showing results for 
Search instead for 
Did you mean: 

IBM WebSeal Single Sign On to S4 HANA Fiori

SandipAgarwalla
Active Contributor
0 Kudos
274

Hi

Has anyone done/involved in SSO between WebSeal and S4 HANA? We are looking to establish SSO between these two, so the users will login to WebSeal using email id and password. Upon successful authentication, it should re-direct to Fiori with SSO.

Any inputs or pointers would be much appreciated.

Regards

Accepted Solutions (0)

Answers (2)

Answers (2)

SandipAgarwalla
Active Contributor
0 Kudos

Hello Carsten

Thank you for your reply. WebSeal is connected to LDAP and I think it can act as identity provider. I will have to explore more on this. It looks like SAML2 is the way forward.

Thanks again

Regards

Sandip

Colt
Active Contributor
0 Kudos

Hi Sandip, yes, I've done similar things with different WAM or Reverse Proxy solutions such as BIG-IP or NetScaler, etc. Look for the keywords pre-authentication, delegated authentication, and Kerberos constrained delegation (KCD). I could also imagine WebSeal is able to serve as a SAML Identity Provider and has either its own user store or is connected to an LDAP. This way you could simply implement IDP-initiated SSO. The authentication method can be flexible or even SSO. If SAML is no option - in the end, you need to decide which technology to use in order to propagate the (pre-authenticated) identity from the entry system (WebSeal) to the target system (SAP GW) in a secure way. From this perspective, header variables are not recommended and you should make use of secure tokens such as Kerberos which is possible, and normally such solutions do support KCD allowing exactly that use-case.

Cheers Colt