The SAP Single Sign-On product offers support for Kerberos/SPNEGO. You can use Kerberos authentication tokens to easily implement a single sign-on solution for your SAP systems. This requires little implementation effort, but provides a considerable simplification to your employees’ authentication processes. Using Kerberos technology via SNC or SPNEGO, a trust relationship is established between the user’s front end (SAP GUI for Windows or a web browser, for example) and the back-end Application Server ABAP or Java.
Employees log in once when they start their computers by signing on to their Windows domain. Any subsequent authentication processes are left to a Kerberos token mechanism provided by SAP Single Sign-On and based on Microsoft Active Directory. No additional server is required in this scenario. Working on the front-end software, the user experiences streamlined, easy accessibility.
Implementing Single Sign-On with Kerberos
The following videos provide a step-by-step configuration tutorial for setting up Kerberos-based single sign-on for AS ABAP and AS Java.
|Video Title / Description||Video (YouTube)|
Kerberos-Based SSO to Application Server ABAP (6:20 min)
The video guides you step-by-step through the tasks required for setting up Secure Network Communication (SNC) and configuring SSO based on Kerberos/SPNEGO on the ABAP backend. Learn how easy this is using the SNC Wizard and Kerberos transaction.
Kerberos-Based SSO to Application Server ABAP - Mass User Mapping (1:56 min)
One configuration task required for Kerberos-based SSO is user mapping. You need to map the SNC user name (based on the Windows domain user name) to the SAP ABAP user name. But how to configure user mapping for thousands of users? The video guides you through the options available for mass user mapping in Application Server ABAP.
Kerberos-Based SSO to Application Server Java (3:52 min)
The video guides you step-by-step through the tasks required for configuring SSO based on Kerberos/SPNEGO in the Application Server Java.
Recommendations and Troubleshooting
Troubleshooting SPNego for ABAP (SAP Note 1732610)
Single Sign-On to SAP HANA DB using Kerberos (SAP Note 1837331)
For more information about SAP Single Sign-On, visit https://www.sap.com/community/topic/sso.html.