on 11-20-2015 9:06 AM
Hello Experts,
We have installed PERSONAS add-on in our SAP ECC 6.0 EhP7 AS ABAP system.
Single Sign On via SAP GUI for Windows is configured w.r.t. Active Directory & works properly.
We have enabled the SICF service for webgui, & the system is accessible via browser as well.
Now the requirement is to enable single sign-on for webgui, something where it can accept a certificate from Active Directory & authenticate the login.
Could you please suggest how we can achieve this?
Best Regards,
Tanmeya
Hello Tanmeya,
If I have understood you correctly, you already have SSO for SAPGUI working so you've already done all the AD and SAP work (Service User/UPN/SPN/Parameters/Keytab etc ....)
You just want to extend your SSO now to use SPNEGO for your WebDynpro.
If my understanding is correct then the SPNEGO wouldn't be that complicated (only validated on 702 SP14).
1. Add a new SPN to your existing AD service user:
eg: HTTP/<hostname>.<FQDN>
2. run tx SPNEGO on the ABAP side and fill in the UPN and password
3. Activate session management with tx: SICF_SESSIONS
Hope that helps if I have correctly understood your requirement.
KR,
Amerjit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Amerjit,
Yes, your understanding is correct.
We have the SSO for SAPGUI already configured & in use by business.
We would like to extend the same to the WebGUI for AS ABAP system.
As suggested I'll check on the SPNEGO part, and see how I can leverage it's functionality in my scenario.
Best Regards,
Tanmeya
Hello Amerjit,
Could you please check & confirm if below document is correct / sufficient to achieve the requirement described above?
I am not confident on this as the content has configuration of SPNego for AS JAVA logon authentication.
In our scenario, although we are looking for SSO for Web GUI for AS ABAP, we have dedicated AS JAVA systems as well which are currently used for Adobe Document Services only.
If required we can think about leveraging the AS JAVA systems, but the best approach is not yet clear.
Thoughts & suggestion from all are appreciated.
Thanks & Best Regards,
Tanmeya
Hi Tanmeya, if you go for webgui this paper about AS-Java does not help you.
Good starting points for you would be:
Or this:
Happy reading,
Lutz
Hi Tanmeya, please check with your infrastrukture people if you have a SAML2 Identity Provider (IDP) in your landscape (e.g. AD FS). SSO with SAML2 is easy to configure.
Regards,
Lutz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tanmeya,
for Kerberos-based single sign-on to a web application you need to enable SPNEGO support on AS ABAP. This is a feature that comes with the product SAP Single Sign-On. You will find helpful information at http://scn.sap.com/community/sso
Best regards,
Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please check this documents. it should be useful : Single Sign-On with Kerberos and Using Kerberos Authentication on SAP NetWeaver Application Server ABAP
Kindly let me know if you need any more information.
Hi Tanmeya,
please have a look at http://help.sap.com/saphelp_nwsso20/helpdata/en/af/cc55377253420dacc666da46a6f21a/content.htm?frames...
This is part of the documentation of the product SAP Single Sign-On, in particular of the Secure Login scenario. You can get a pdf file of the full Secure Login documentation at http://help.sap.com/sso , together with information about the other product features.
Best regards,
Christian
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.