cancel
Showing results for 
Search instead for 
Did you mean: 

WDESSO - SAP Single Sign-On 3.0

C5101149
Associate
Associate
0 Kudos
430

Hi Team,

Hope all is well with you,

Customer in South Africa is looking to train their team on WDESSO - SAP Single Sign-On 3.0 - please advise?

Kind Regards

Cedric Mabaso

Accepted Solutions (0)

Answers (2)

Answers (2)

Colt
Active Contributor

Dear Cedric,

please have look here for official booking information. The training can be booked via SAP, also as as a custom specific one and is available in EN and DE. Materials are always in EN. Check out here for further details about 3 to RUN

The participants learn how Kerberos/SPNEGO, X.509, and SAML 2.0 are utilized to ensure secure authentication and provide SSO capabilities for SAP S/4HANA. The most common SSO scenarios are explained and configured together in 4 practice-oriented workshops

Workshop 1 | Kerberos & SPNEGO based SSO for SAP GUI and Browser

  • Get familiar with the SAP training environment and access your systems
  • Learn how to check/update SAP CommonCryptoLib (CCL)
  • Configure best practice SNC profile parameters and harden the CCL
  • Create an Kerberos AD service account for your S/4HANA system in the AD domain
  • Install the SAP Secure Login Client 3.0 and validate the SNC_LIB variable
  • Create the Kerberos Keytab via SPNEGO and understand the differnt encryption options
  • Perform SNC user mapping and some additional exercises
  • Learn how to manage the Kerberos Ticket cache
  • Learn how to enable CCL traces and troubleshoot typical issues
  • Understand the requirements for SPNEGO and implications on your browser configuration
  • Configure the authentication server allowlist in Google Chrome using GPOs
  • Update your AD service account with additional SPNs
  • Test SPNEGO and learn how to troublehshoot and disable it for some use cases

Workshop 2 | SSO based on X.509 certificates using SAP Secure Login Server

  • Deploy/Update the SLS and set up an own User CA and understand the existing PKI
  • Create different authentication policies and profiles
  • Generate and install a Secure Login Client Policy to the SLC
  • Create the AD service account and configure SPNEGO on the SAP AS Java
  • Generate TLS and SNC certificates for your S/4HANA system
  • Configure certificate authentication for SAP AS ABAP and Java incl. user mapping
  • Authenticate to your S/4HANA system using X.509 CBA (SAP GUI and browser)

Workshop 3 | MFA for SAP GUI using passcodes and the SAP Secure Login Server:

  • Deploy and Configure the SSO Authentication Library and TOTPLoginModule
  • Create an SLS profile enforcing secure two-factor authentication for your S/4HANA system
  • Install the SAP Authenticator (or other apps) on your mobile phone and set up your account
  • Access your S/4HANA system via SAP GUI using multi-factor authentication (MFA)

Workshop 4 | Configuring SAML 2.0 authentication on S/4HANA:

  • Deploy and configure SAP Identity Provider (IDP) on SAP AS Java
  • Configure your S/4HANA Service Provider for SAML 2.0 based authentication
  • Establish trust between the SAP IDP and S/4HANA SP
  • Setup various authentication methods on both IDPs (AS Java and IAS)
  • Trace, verify and troubleshoot SAML authentication
  • Setup the typical user federation modes such as NameID or Persistent
  • Understand the IDP-and SP-Initiated authentication flows and the RelayState
  • Configure ID-Federation and trust with an SAP Cloud Identity Authentication (IAS) tenant
  • Setup IAS as an IDP-Proxy and integrate with your SAP IDP
  • Setup conditional and risk-based authentication

Let me know if you have additional questions

Cheers Carsten

C5101149
Associate
Associate
0 Kudos

Hi Team,

Thanks for the answer on WDESSO - SAP Single Sign-On 3.0, can course be offered in English?

Kind Regards

Cedric Mabaso