Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SSO Implementation Strategy for Java-only implementations.

Go to solution
Former Member

on ‎2016 Jul 19 9:03 AM

0 Likes
1,482

Hello,

We are currently setting up an SSO POC for our company.  For connections that use the SAPGUI and AS ABAP the documentation explains quite clearly how set up the various scenarios.  But I couldn't find out how to implement a connection via a web broswer to a Java-only NW installation.  Can anyone advise please?

Also is there any particular advantage in using X509 cetrificates over Kerberos tokens in a Microsoft AD domain?

Many thanks oin advance for your help!

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
former_member251763
Explorer
‎2016 Aug 05 5:31 PM
0 Likes

Hi,

we're using SLS, but we prefer the saml2.0 solution via identity federation (is a part of the SLS) instead of x.509 certificates. Single Logout is a very helpful feature!

Best regards

Kai

Show replies
Show replies
donka_dimitrova
Employee
Employee
‎2016 Aug 08 7:11 AM
0 Likes

Hello Kai,

SAP Single Sign-On product offers Secure Login Server (SLS) that is a "lightweight PKI" and issues short term X.509 Client certificates. The service itself accepts SAML for authentication but always issues X.509 certificates.

SAP Single Sign-On product offers also a standard SAML Identity Provider that could be used for identity federation and issues standard SAML 2.0 assertions.

Regards,

Donka Dimitrova

former_member251763
Explorer
‎2016 Aug 08 11:49 PM
0 Likes

Hello Donka,

exactly . But why use X.509 certificates for java stacks, if saml2.0 is already supported by them? By using saml2.0 it's very easy to update user attributes, assigned groups and permissions during logon. And closing all user sessions in a landscape by using SLO is security benefit (session hijacking). Thats why we decided to use saml2.0 instead of x.509 certs for java stacks.

regards

Kai

donka_dimitrova
Employee
Employee
‎2016 Aug 09 7:59 AM
0 Likes

Hello Kai,

When there are Windows based UIs like SAP GUI for Windows, SNC is a must and SAML is not possible. Customers have to use Kerberos or X.509 in order to do the SSO or they have to exchange a SAML assertion for an X.509 client certificates with the Secure Login Server in order to get the required X.509 for the SAP GUI for Windows scenarios with the SNC.

Regards,

Donka

former_member251763
Explorer
‎2016 Aug 10 5:57 PM
0 Likes

Hi Donka,

i thought we're talking about SSO Implementation for Java Stacks and not ABAP.

Kai.

Ask a Question