cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO for AS ABAP system Web GUI

tanmeya_mohan
Active Participant

on ‎11-20-2015 9:06 AM

0 Kudos

Hello Experts,

We have installed PERSONAS add-on in our SAP ECC 6.0 EhP7 AS ABAP system.

Single Sign On via SAP GUI for Windows is configured w.r.t. Active Directory & works properly.

We have enabled the SICF service for webgui, & the system is accessible via browser as well.

Now the requirement is to enable single sign-on for webgui, something where it can accept a certificate from Active Directory & authenticate the login.

Could you please suggest how we can achieve this?

Best Regards,

Tanmeya

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎11-20-2015 1:13 PM
0 Kudos

Hello Tanmeya,

If I have understood you correctly, you already have SSO for SAPGUI working so you've already done all the AD and SAP work (Service User/UPN/SPN/Parameters/Keytab etc ....)

You just want to extend your SSO now to use SPNEGO for your WebDynpro.

If my understanding is correct then the SPNEGO wouldn't be that complicated (only validated on 702 SP14).

1. Add a new SPN to your existing AD service user:

eg: HTTP/<hostname>.<FQDN>

2. run tx SPNEGO on the ABAP side and fill in the UPN and password

3. Activate session management with tx: SICF_SESSIONS

Hope that helps if I have correctly understood your requirement.

KR,

Amerjit

Show replies
Show replies
tanmeya_mohan
Active Participant
‎11-30-2015 4:51 AM
0 Kudos

Hello Amerjit,

Yes, your understanding is correct.

We have the SSO for SAPGUI already configured & in use by business.

We would like to extend the same to the WebGUI for AS ABAP system.

As suggested I'll check on the SPNEGO part, and see how I can leverage it's functionality in my scenario.

Best Regards,

Tanmeya

tanmeya_mohan
Active Participant
‎12-16-2015 7:50 AM
0 Kudos

Hello Amerjit,

Could you please check & confirm if below document is correct / sufficient to achieve the requirement described above?

https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/support/sapnotes/public/services/attachment.htm?iv...

I am not confident on this as the content has configuration of SPNego for AS JAVA logon authentication.

In our scenario, although we are looking for SSO for Web GUI for AS ABAP, we have dedicated AS JAVA systems as well which are currently used for Adobe Document Services only.

If required we can think about leveraging the AS JAVA systems, but the best approach is not yet clear.

Thoughts & suggestion from all are appreciated.

Thanks & Best Regards,

Tanmeya

LutzR
Active Contributor
‎12-16-2015 9:36 AM
0 Kudos

Hi Tanmeya, if you go for webgui this paper about AS-Java does not help you.

Good starting points for you would be:

Kerberos Authentication for HTML-Based User Interfaces Using SAP NetWeaver AS for ABAP with SPNego -...

Or this:

Happy reading,

Lutz

LutzR
Active Contributor
‎11-20-2015 12:34 PM
0 Kudos

Hi Tanmeya, please check with your infrastrukture people if you have a SAML2 Identity Provider (IDP) in your landscape (e.g. AD FS). SSO with SAML2 is easy to configure.

Regards,

Lutz

Show replies
Show replies
Christian_Cohrs
Product and Topic Expert
Product and Topic Expert
‎11-20-2015 9:16 AM
0 Kudos

Hi Tanmeya,

for Kerberos-based single sign-on to a web application you need to enable SPNEGO support on AS ABAP. This is a feature that comes with the product SAP Single Sign-On. You will find helpful information at http://scn.sap.com/community/sso

Best regards,

Christian

Show replies
Show replies
tanmeya_mohan
Active Participant
‎11-20-2015 10:12 AM
0 Kudos

Hello Christian,

Thanks for your reply.

Could you please share a specific link to the configuration regarding this?

Thanks & Best Regards,

Tanmeya

vijay_kumar49
Active Contributor
‎11-20-2015 11:13 AM
0 Kudos

Please check this documents. it should be useful : Single Sign-On with Kerberos  and  Using Kerberos Authentication on SAP NetWeaver Application Server ABAP


Kindly let me know if you need any more information.

Christian_Cohrs
Product and Topic Expert
Product and Topic Expert
‎11-20-2015 12:28 PM
0 Kudos

Hi Tanmeya,

please have a look at http://help.sap.com/saphelp_nwsso20/helpdata/en/af/cc55377253420dacc666da46a6f21a/content.htm?frames...

This is part of the documentation of the product SAP Single Sign-On, in particular of the Secure Login scenario. You can get a pdf file of the full Secure Login documentation at http://help.sap.com/sso , together with information about the other product features.

Best regards,

Christian

Ask a Question