Many customers use transaction iViews in the SAP Enterprise Portal to launch the SAP GUI for Windows. This allows them to provide role-based access to SAP GUI transactions to their end users. In addition the Portal is also able to issue logon tickets, which in the past were sometimes used for SAP GUI single sign-on to an ABAP backend system.
The described way of integrating SAP GUI access with the Portal has two drawbacks:
Using Secure Network Communication (SNC) based on SAP Single Sign-On for secure authentication and data protection has become a best practice for SAP customers world-wide. The product supports Kerberos and X.509 certificates as security tokens, which are superior to logon tickets. Implementing the solution for the standalone SAP GUI for Windows is pretty straight forward. Doing the same for SAP GUI for Windows launched from a Portal transaction iView is also easy, if you know which parameters to set.
Let's assume you have an iView in the Portal that successfully launches a SAP GUI for Windows connection. Let's also assume that you already have successfully configured SAP Single Sign-On for SAP GUI and the respective ABAP backend system. Now you want to bring the two scenarios together.
To do this, you just need to set 4 parameters in the Portal configuration for the System object.
In the User Management section of the "Basic" properties you need to set the Logon Method to X509CERT. Please note that this is required even if you are not using X.509 certificates for SNC at all, but rather Kerberos.
In addition there are 3 properties in the list of all parameters that you need to set:
These are the same settings as in SAP Logon, where you find them on the "Network" tab for the connection:
With these settings in place, SAP GUI for Windows launched from the Portal will use the same SNC connection settings as the standalone SAP GUI for Windows, providing you with single sign-on and secure data transfer, powered by SAP Single Sign-On.
Please note: SAP GUI authenticates to the ABAP backend using the credentials that are part of the SNC security token, for example the authenticated Windows user. This is independent of the Portal session, where the end user could have used a different identity to authenticate.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
38 | |
19 | |
13 | |
13 | |
11 | |
10 | |
10 | |
10 | |
8 | |
8 |