cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO from IE to ABAP system

Former Member

on ‎10-06-2015 6:41 PM

0 Kudos

We have a requirement for users who are on our network to launch a web client from their PCs, like IE, and go to a URL (ssl) which is a web dynpro application on our HCM ABAP system to view paystubs.  They want to have this configured to use SSO. 

So which of the SSO options would be easiest configuration for this?  Would SSO using Logon tokens work?

Thank you in advance...I'm not an SSO expert and this all very confusing! 

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

tim_alsop
Active Contributor
‎10-06-2015 9:42 PM
0 Kudos

The ABAP stack supports a few methods of authentication out of the box, but none of them will give you SSO. Yes, ABAP allows an SSO2 ticket to be sent to authenticate the user, but the SSO2 ticket needs to first be created and that requires that the user is authenticated.

I recommend that you consider buying a product to implement this, as it will be very hard to implement without buying a product.

Show replies
Show replies
tim_alsop
Active Contributor
‎10-07-2015 10:09 AM
0 Kudos

Etay

I am very familiar with the authentication methods supported by SAP NetWeaver. I work on user authentication and SSO 100% of my time and have been doing that for nearly 20 years.

As I mentioned to Dawn, a licensed product is best to implement the SSO use case, e.g. using IE to access an ABAP web dynpro app without authenticating, other than when logging onto the workstation. She asked if it was possible without buying SAP SSO 2.0 product. Of course it is, but if she doesn't want to buy that product she will need to buy another product instead. Thats the point I am trying to make.

Thanks

Tim

Former Member
‎10-12-2015 5:06 PM
0 Kudos

Thank you for your replies...

I've been digging around and think we might have a solution.  Was wondering if you can confirm this would all work.  We do actually have a SAML Identity Provider purchased and being used here at work.  So if I configure either an ABAP or JAVA system using SAP crypto libraries I can configure a  SAML Service provider. 

I'm hoping that will give us our SSO from an AD authentication to a backend ABAP system. So since we already have the SAML Identity provider in place, we shouldn't need any more license costs.  ..? confirm please.

And do most people use like a solution manager system for this Service Provider?

Thank you in advance - Dawn

guilherme_deoliveira
Participant
‎10-06-2015 7:34 PM
0 Kudos

Hello Dawn,

There are plently of solutions to that scenario (i.e. SSO via X.509 Client Certificates or SPNEGO Tokens)... however, there is no way to tell which one is the "easiest" solution since we do not know your environment.

Anyhow, I recommend you to review SAP Note 1257108 which clarifies about SSO options and scenarios.

At last, I also recommend you to look further on SAP Single Sign-On product ( https://help.sap.com/sso ) which provides a widely options to perform SSO for many scenarios.

I hope this guides you.

Best Regards,
Guilherme de Oliveira
SAP Active Global Support

Show replies
Show replies
Former Member
‎10-06-2015 7:53 PM
0 Kudos

and I forgot to mention...they don't want to pay for SSO 2.0

Ask a Question