Quantcast
Channel: SCN : All Content - SAP Single Sign-On
Viewing all 865 articles
Browse latest View live

Single Sign-On with Kerberos

April 10, 2013, 2:19 am
$
0
0

Implementing Single Sign-On with Kerberos

With the latest release 2.0, SAP NetWeaver Single Sign-On offers support for SPNEGO for ABAP.

Leveraging this Kerberos-based single sign-on technology, you can easily implement an SSO solution for your SAP systems.

This four part video series provides a step-by-step installation & configuration tutorial.

 

Video TitleYouTubeSCN
Solution Overview – How does the solution work and what can we expect (3:30 min)Implementing Single Sign-On with Kerberos 1
Installation and configuration of Secure Login Library for SAP AS ABAP (7:40 min)Implementing Single Sign-On with Kerberos 2
Installation and configuration of Secure Login Client. How to configure User Mapping (4:50 min)Implementing Single Sign-On with Kerberos 3
Enable Single Sign-On on SAP AS JAVA. Configure SPNEGO (6:35 min)Implementing Single Sign-On with Kerberos 4

 

 

Additional Resources

 

Troubleshooting SPNego for ABAP (OSS Note 1732610)

 

Single Sign-On to SAP HANA DB using Kerberos (OSS Note 1837331)

 

Single Sign-On to SAP BusinessObjects BI Platform 4.0 (Blog)

 

Mobile Single Sign On from iOS 7 to SAP NetWeaver (Blog)

 

Take the SAP Fiori Experience to a New Level with SAP NetWeaver Single Sign-On (Blog)

Search

Featured Content in SAP NetWeaver Single Sign-On

May 9, 2012, 2:01 am
$
0
0

Wanted: Your Feedback!

Interested in sharing your feedback on planned features for SAP NetWeaver Single Sign-On? Join our upcoming customer engagement initiative! With your help, we want to develop, discuss, and evaluate new ideas, such as the introduction of central access policies for risk- and context-based authentication, RFID-based user identification, two-factor authentication and single sign-on for the mobile portal. To find out more, contact Regine Schimmer. January 21, 2014

 

http://scn.sap.com/people/regine.schimmer/avatar/46.png?a=1166Take the SAP Fiori Experience to a New Level with SAP NetWeaver Single Sign-On

In their latest blog, Regine Schimmer and Jens Koster describe how you can implement single sign-on for your SAP Fiori apps. SSO not only simplifies the user experience, it also helps organizations keep sensitive data secure at all times. January 21, 2014

 

SP 2 for SAP NetWeaver Single Sign-On 2.0 Now Available

SAP just released the latest Support Package for SAP NetWeaver Single Sign-On 2.0. SP 2 contains a number of enhancements and new features, including support for Kerberos constrained delegation, hardware security module support of Secure Login Server, logout functionality of Secure Login Web Client, and configuration of Secure Login Client using Windows proxy settings. You can download SP 2 and read the release note on the SAP Service Marketplace (login required). November 21, 2013

Issue in Basic configuration for SSO setup

January 20, 2014, 2:53 am
$
0
0

Hi Experts,

 

In Basic configuration, I am facing SSO setup issue please find the screen shots as well as Log details.

 

1. I have export the certificate from visual admin (Java stack ) and import the same in ABAP stack at 000 client using Tx.. STRUSTSSO2 .

 

sso setup issue 1.JPG

 

 

2. Error screen shot from solman_setup (Basic Configuration) .

SSo setup issue.JPG

 

3.Log details for SSO set_up:

 

com.sap.mw.jco.JCO$Exception: (104) RFC_ERROR_SYSTEM_FAILURE: No RFC authorization for function module SSFC_GETOWNCERTIFICATE_RFC.

at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:516)

at com.sap.mw.jco.MiddlewareJRfc$Client.execute(MiddlewareJRfc.java:1518)

at com.sap.mw.jco.JCO$Client.execute(JCO.java:4187)

at com.sap.mw.jco.JCO$Client.execute(JCO.java:3802)

at com.sap.sup.admin.setup.AbapSysRfcAdapter.getAbapOwnCert(AbapSysRfcAdapter.java:546)

at com.sap.sup.admin.setup.ManagingServices.fetchSSOParameters(ManagingServices.java:677)

at com.sap.sup.admin.setup.ManagingServices.setupDualStackSSO(ManagingServices.java:724)

at com.sap.sup.admin.setup.ServerSetupStep.runExec(ServerSetupStep.java:212)

at com.sap.sup.admin.setup.ServerSetupStep.execute(ServerSetupStep.java:281)

at com.sap.smd.agent.plugins.remotesetup.SapInstance.setup(SapInstance.java:701)

at com.sap.sup.admin.setup.ws.SetupWrapper._diagSetup(SetupWrapper.java:290)

at com.sap.sup.admin.setup.ws.SetupWrapper.diagSetup(SetupWrapper.java:21)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:331)

at com.sap.engine.services.webservices.runtime.JavaClassImplementationContainer.invokeMethod(JavaClassImplementationContainer.java:76)

at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:174)

at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:81)

at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:90)

at SoapServlet.doPost(SoapServlet.java:47)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

 

Close

 

Can any body please help me to resolve the issue.

 

 

Thanks in advance,

Bhaskar N

Single sign on Error -Test Connection with Connector

January 22, 2014, 9:46 pm
$
0
0

Hi Experts,

 

When I try to test the connection for single sign on in portal system I am getting below error:

 

sso error.JPG

 

Could anyone please help me to solve the issue.

 

Thanks in advance.

 

Regards,

Rajkishor.

Disabling X.509 authentication in the Secure Login client?

January 24, 2014, 5:33 am
$
0
0

Hello there,

 

We generally use Kerberos for logins on our Microsoft system. We have however implemented the SAP Secure Login client and server to facilitate single sign on for the users in many different scenarios. Currently we are testing the Secure Login client version 2.0 in our Citrix environment and the installation in Citrix seems to cause some problems.

 

After installation of the Secure Login client on Citrix where we choose only the options Start during Windows login and Secure Login Server Support. However when the client start it seems like two options exist as you can see here: http://screencast.com/t/JAWuN6eoT

 

Ideally I would like only the SPNEGO option to be visible or defaulted as this is the one which is configured on the server side. That is, on the Netweaver Java running the Secure Login we configured SPNEGO to allow the Secure Login client to obtain a certificate without any user interaction. Is it possible to script the installation to get rid of the X.509 option? Or is the X.509 option caused by a previous installation of Secure Login client 1.0 on that particular Citrix server?

 

Best regards,

Anders

Invalid XML Signature error -- SSO using SAML 1.1

January 14, 2014, 7:35 am
$
0
0

Hello,

 

We are trying to set up SSO between non-SAP server (JBoss) and SAP ABAP AS, which is on 7.01 SP8. As our ABAP back end is not at a version where SAML 2.0 is supported, we decided to use SAML 1.1.

 

To establish proof of concept, we are using SOAP UI. However, we are getting "XML Invalid Signature" when the SOAP UI is making calls to ABAP back end. We tried removing the certificate that we are using for SOAP UI but we still get the same error. We followed the instructions mentioned in OSS note 1254821 for ABAP configuration and the instructions mentioned in the below link for SOAP UI config.

 

Technology highlights: How to test secure web services with soapUI - part #1

 

Can you please help? Your help is very much appreciated!

 

Thank you.

 

Regards,

Pranith.

Secure Login Client X509 authentication WITHOUT SLC Server Component

January 25, 2014, 1:49 am
$
0
0

Hi,

 

Are there any limitations wrt SSO options when NOT using the Secure Login Server component in the landscape.

 

We would like to use SSO with the SAPGUI using X509 certificates issued by an existing PKI infrastructure.

 

We have installed the Secure Login Client, we went through the setup of the Secure Client Library on the ABAP backend system.

 

We also manually added a client policy entry in the registry that basically should force the use of client certificates for all SNC names.

 

We have distributed a client certificate to the current user's Personal certificate store on the Windows client.

 

However, when launching the Secure Login Client, the X509 client certificate is not recognized. The list only shows the Kerberos profile token (which we do not intend to use).

 

Could someone shed some light on this cause we are suspecting one of two things : 1. Either this setup is not supported 2. We have imported the X509 client certificate in the wrong store.

 

Thanks in advance for your feedback.

Secure Login Library runs on OS/400 V7R1

January 28, 2014, 2:10 am
$
0
0

Hi,

 

we have successfully tested the Secure Login Library on OS/400 version V7R1, in PASE mode. Secure Login Library enables several of the capabilities of SAP NetWeaver Single Sign-On on the application server ABAP.

 

Best regards,

Christian

Search

SSO

January 28, 2014, 6:14 am
$
0
0

Hi ,

Need single sign on steps , please send me.

 

Thanks ,

Sunil

What is the most efficient way to enable the SNC name for a large number of users ?

January 28, 2014, 7:54 am
$
0
0

Dear all, I am getting ready to roll out Netweaver Single Sign On 2 for all my users. An important part of the process is setting up the SNC name for all users in all systems however this can take a huge amount of time if done manually through transaction SU01.

 

Is there a way to do it in bulk for multiple users at once ? What is the most efficient way to do this ?

 

Thanks in advance !

NWBC Desktop with SSO

January 29, 2014, 2:58 am
$
0
0

We are looking to implement Kerberos Single Sign-On this year but it appears to be mind boggling as to whether we can do it out of the box or do we need to purchase NetWeaver Single Sign-On 2.0

 

Our Landscape is -

 

ECC6 EHP7 (NW7.4)

BW 7.3

Business Objects 4.1

 

We use both GUI730 and NWBC for Desktop 4.0, The front end being used by the user base is NWBC and they access the BW and BO systems through it onces logged into ECC6.

 

We want to streamline this process so that none of the systems need to be logged into using a username and password.

 

From looking at links like the below -

http://scn.sap.com/community/netweaver-business-client/blog/2013/06/07/authentication-and-single-sign-on-with-sap-netweaver-business-client-nwbc

 

and reading through many forum posts and How To's am I correct in thinking we should be able to accomplish this by configuring SNC+SPNEGO Kerberos Authentication without having to the purchase NW SSO2.0?

 

SNC would be used for any DYNPRO applications

SPNEGO would be used for any HTTP based applications and the initial login to NWBC?

We would use certificate based SSO between the BW and BO systems.

 

Based on this I only see a use for NW SSO2.0 if we wanted to make SAML assertions which is this case we do not.

 

If anyone could confirm the above for me it would really help the planning of this implementation.

 

Regards

Mike

Single Sign-On with Kerberos

April 10, 2013, 2:19 am
$
0
0

Implementing Single Sign-On with Kerberos

With the latest release 2.0, SAP NetWeaver Single Sign-On offers support for SPNEGO for ABAP. Leveraging this Kerberos-based single sign-on technology, you can easily implement an SSO solution for your SAP systems. This four part video series provides a step-by-step installation & configuration tutorial.

 

Video TitleYouTubeSCN
Solution Overview – How does the solution work and what can we expect (3:30 min)Implementing Single Sign-On with Kerberos 1
Installation and configuration of Secure Login Library for SAP AS ABAP (7:40 min)Implementing Single Sign-On with Kerberos 2
Installation and configuration of Secure Login Client. How to configure User Mapping (4:50 min)Implementing Single Sign-On with Kerberos 3
Enable Single Sign-On on SAP AS JAVA. Configure SPNEGO (6:35 min)Implementing Single Sign-On with Kerberos 4

 

 

Additional Resources

 

Troubleshooting SPNego for ABAP (OSS Note 1732610)

 

Single Sign-On to SAP HANA DB using Kerberos (OSS Note 1837331)

 

Single Sign-On to SAP BusinessObjects BI Platform 4.0 (Blog)

 

Mobile Single Sign On from iOS 7 to SAP NetWeaver (Blog)

 

Take the SAP Fiori Experience to a New Level with SAP NetWeaver Single Sign-On (Blog)

Microsoft Forefront IDM is supported for Kerberos SSO for ABAP?

January 30, 2014, 5:58 am
$
0
0

Hi,

 

I am involved in a proyect where it will be implemented Microsoft Forefront as the Identity Management for a Federation of Domains.  I am wondering if I can use SAML 2.0 for some SSO and Kerberos for SSO with ABAP?

 

Best Regards,

 

Eduardo Contreras

single sign on vs password policies

January 30, 2014, 8:32 am
$
0
0

hello everyone,

 

 

We have implemented the SSO in our SAP system and now we want to add options for password policies for users that are not using SSO.

We wonder if this password policies (for example to reset the users password every 30 days) will have any impact for user authenticated through with SSO.

 

 

best regards

a lot of thanks

 

david

SAP Portal 7.3 SPNego and NWBC SSO with ECC

May 1, 2013, 7:49 pm
$
0
0

Wanted your expert opinion on something. We have using NWBC 4 and got Portal 7.3 in our landscape. We have established SPNego for IE single single on for Portal. We also have SNC entries with SAPGui to manage ECC SSO using SAPGui.

We want to extend NWBC to ECC SSO. But this been a massive hunt for right solution.

 

SAP Netweaver SSO is obvious solutions, but seems it involves some licence cost. Other option was to redirect NWBC to Portal and then back using redirect app as described in this note.

Question is, what is best way forward, and if we can achieve NWBC ECC SSO with this redirect method. With all the effort we put in we are able to see web page of /nwbc page instead of launching ECC on NWBC 4.0.

 

Thanks a lot for your time.

 

Note 1250795 - Redirect appliction NWBC.pdfNote 1250795 - Redirect appliction.pdf

 

 

Regards,

Sudhir

Search

SSO product tools

February 2, 2014, 7:59 pm
$
0
0

Hi

 

SAP Netweaver SSO and avaialble products.

 

I read about sap netweaver SSO ..these two are  connecting methodology to sap & non-sap..

 

Using SAML Assertions for Single Sign-On.

Using Kerberos Authentication for Single Sign-On

 

Curious to know what are the sap best practices suggests and and how SSO works effectively with SAP and non-SAP applications.

can some elaborate the complexity vs simplicity in administering entire enterprise sap & non-sap environments using above methods ,also

would like to know which are the best best SSO products available in the market to connect SAP and Non-SAP applications using enterprise portal.   

 

Thanks,

-csk

Can't find file SAPSETUPSLC.EXE for SSO

February 3, 2014, 3:24 am

SAP SSO with Kerberos

February 3, 2014, 11:34 pm
$
0
0

Hello Everyone!

I have read an instruction for creating sso with kerberos

http://www.saptechies.org/create-ssosingle-sign-sap-sysetm/

 

I have found and installed SAPSSO.msi, I have sapcrypto in my kernel directory on SAP server.

 

When I am adding parameters in instance profile I can't start SAP

 

snc/enable =1

snc/accept_insecure_cpic =1

snc/accept_insecure_gui =1

snc/accept_insecure_r3int_rfc =1

snc/accept_insecure_rfc =1

snc/data_protection/max =1

snc/data_protection/min =1

snc/data_protection/use =1

# Location of the dll used for kerberos

snc/gssapi_lib = C:\windows\system32\gsskrb5.dll

snc/permit_insecure_start =1

# The Windows User Account used to run SAP Server

snc/identity/as = p:SAPServiceER3@mydomain.local

snc/r3int_rfc_secure = 0

 

I'v got an error: SAP Basis System: Initialization SNC Failed, Return Code -000001.


Снимок экрана 2014-02-04 в 11.35.31.png


Снимок экрана 2014-02-04 в 11.37.24.png


Even if I add only snc/enable =1 parameter I'v got the same error.

 

Help me please!

webgui OR sapgui works with Netweaver Sign-On 2.0, but not both

February 4, 2014, 8:07 am
$
0
0

We bought the Netweaver Single Sign On 2.0 license and configured kerberos with transaction spnego on a pure ABAP system.  Either webgui sso OR sapgui sso works at at a time, but not both.

 

 

This allows webgui sso to work but breaks the sapgui:

snc/identity/as = p:CN=KerberosSID@MYDOMAIN.COM

su01 -> SNC tab:  p:CN=MYDOMAIN/JOESMITH

 

This allows sapgui sso to work but breaks the webgui:

snc/identity/as = p:MYDOMAIN\SAPServiceSID

su01 -> SNC tab:  p:MYDOMAIN/JOESMITH

 

How can I get both to work at once?  ... preferably without having to configure anything on the client desktop.

 

Warm regards,

CM

SSO options to NW 7.01 ABAP Web Services (HTTP only)

February 4, 2014, 7:10 pm
$
0
0

We have an environment that includes a 3rd party java web app server which can use most common SSO technologies (kerberos, SAML, X509, etc.), which has custom java apps that make web service (HTTP) calls back to the ERP back end (NW ABAP stack only..no NW Java)

 

We do not have NW SSO 2.0 licensed.  So, I'm trying to determine what, out of the box, options we have to enable SSO. 

 

My understanding so far is that Kerberos would work for SAP GUI functionality, but not necessarily NW ABAP HTTP authentication.  It appears that SAML is an option, but that requires an MS ADFS or other similar SAML architecture (we do not wish to install/utilize any SAP NW Java)

 

So, I'm looking for feedback on how to best enable SSO using existing MS AD credentials that will basically satisfy both product suites.  We don't want to do X.509, so that seems to limit me as to what we can use to SSO into a NW ABAP stack for the purposes of utilizing HTTP services.

 

Thoughts?

Viewing all 865 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>