Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 

Your company is using Secure Login Server (SAP Single Sign-On) for issuing short lived X.509 client certificates for authentication to the SAP and non-SAP business systems across your landscape.

Your company is also using Microsoft Active Directory and now you want to re-use Kerberos tokens, issued by the MS Domain Controller (KDC), for the Single Sign-On with Secure Login Server X.509 client certificates.

After implementing this scenario, your domain users will have to authenticate only once, using their Microsoft Active Directory credentials, and they will be authenticated automatically to any SAP and non-SAP system, that requires short lived X.509 client certificates and where they have been granted authorizations.

In my new guide SPNEGO based Single Sign-On using Secure Login Server X.509 Client Certificates you will be able to find step-by-step instructions how to implement this scenario: