Dear Cedric,
please have look here for official booking information. The training can be booked via SAP, also as as a custom specific one and is available in EN and DE. Materials are always in EN. Check out here for further details about 3 to RUN
The participants learn how Kerberos/SPNEGO, X.509, and SAML 2.0 are utilized to ensure secure authentication and provide SSO capabilities for SAP S/4HANA. The most common SSO scenarios are explained and configured together in 4 practice-oriented workshops
Workshop 1 | Kerberos & SPNEGO based SSO for SAP GUI and Browser
- Get familiar with the SAP training environment and access your systems
- Learn how to check/update SAP CommonCryptoLib (CCL)
- Configure best practice SNC profile parameters and harden the CCL
- Create an Kerberos AD service account for your S/4HANA system in the AD domain
- Install the SAP Secure Login Client 3.0 and validate the SNC_LIB variable
- Create the Kerberos Keytab via SPNEGO and understand the differnt encryption options
- Perform SNC user mapping and some additional exercises
- Learn how to manage the Kerberos Ticket cache
- Learn how to enable CCL traces and troubleshoot typical issues
- Understand the requirements for SPNEGO and implications on your browser configuration
- Configure the authentication server allowlist in Google Chrome using GPOs
- Update your AD service account with additional SPNs
- Test SPNEGO and learn how to troublehshoot and disable it for some use cases
Workshop 2 | SSO based on X.509 certificates using SAP Secure Login Server
- Deploy/Update the SLS and set up an own User CA and understand the existing PKI
- Create different authentication policies and profiles
- Generate and install a Secure Login Client Policy to the SLC
- Create the AD service account and configure SPNEGO on the SAP AS Java
- Generate TLS and SNC certificates for your S/4HANA system
- Configure certificate authentication for SAP AS ABAP and Java incl. user mapping
- Authenticate to your S/4HANA system using X.509 CBA (SAP GUI and browser)
Workshop 3 | MFA for SAP GUI using passcodes and the SAP Secure Login Server:
- Deploy and Configure the SSO Authentication Library and TOTPLoginModule
- Create an SLS profile enforcing secure two-factor authentication for your S/4HANA system
- Install the SAP Authenticator (or other apps) on your mobile phone and set up your account
- Access your S/4HANA system via SAP GUI using multi-factor authentication (MFA)
Workshop 4 | Configuring SAML 2.0 authentication on S/4HANA:
- Deploy and configure SAP Identity Provider (IDP) on SAP AS Java
- Configure your S/4HANA Service Provider for SAML 2.0 based authentication
- Establish trust between the SAP IDP and S/4HANA SP
- Setup various authentication methods on both IDPs (AS Java and IAS)
- Trace, verify and troubleshoot SAML authentication
- Setup the typical user federation modes such as NameID or Persistent
- Understand the IDP-and SP-Initiated authentication flows and the RelayState
- Configure ID-Federation and trust with an SAP Cloud Identity Authentication (IAS) tenant
- Setup IAS as an IDP-Proxy and integrate with your SAP IDP
- Setup conditional and risk-based authentication
Let me know if you have additional questions
Cheers Carsten
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.