The most widely used scenario to access SAP applications is to use SAP applicatons from windows based workstations. In the past different approaches had to be taken to achieve SSO using windows integrated authentication for a browser based or SAPGUI based access.
In the whitepaper Unleash the Power of Single Sign-On with Microsoft and SAP you find a review of the mainstream enabling technologies for authentication as well as Single Sign-On within the Microsoft/SAP context and outline their usage in some typical scenarios on the enterprise level.
In a Windows environment, where both SAP GUI and backend ABAP systems are running on Windows platform, SNC can use Integrated Windows Authentication for SSO with the backend systems as described in the SAP Online Help.
If the backend systems are based on UNIX SAP’s support for SSO for SAPGUI is limited. Custuomers either have to use a 3rd party SNC solution or go for a Kerberos implementation on the UNIX side.
For browser based access SSO using the SPNego Login Module could be used for various underlying OS platforms for the J2EE Engine host.
Here the new SAP NetWeaver Business Client comes into play.
The SAP NetWeaver Business Client is SAP’s next generation windows desktop client using the latest smart client technology. It is using the Portal services infrastructure for role based access to SAP systems and consistent navigation capabilities and it can host existing SAP UIs in the “canvas” area (including SAP GUI and WebDynpro) as well as any other web based content.
The SAP NetWeaver Business Client supports Windows Integrated Authentication as the initial authentication if the SAP NetWeaver Portal services infrastructure used is configured to use the SPNego Login Module.
It must be mentioned however that the scenario described has one limitation because the SAPGUI(WinGUI) communication between the frontend and the SAP server is NOT encrypted by default. If the customer wants encrypted communication between the frontend and the SAP server that is running on a non-Windows platform and at the same time wants to use the WinGUI, the customer must use one of the certified SNC solutions.
If encrypted communication for the WinGUI is not mandatory and only SSO is needed they can benefit from the scenario described above.
The same applies to customers that are using web-based access to their SAP systems (using the WebGUI or Web Dynpro). In this case the encryption between the frontend and the SAP server is established using SSL.
The SAP NetWeaver Business Client will be available with SAP ERP 6.0 Enhancement Package 2.
In order to implement this SSO scenario please make sure that you have a portal available that is configured with SPNego.
For questions (FAQ) and information how to download the NWBC see SAP Note 900000
“Netweaver Business Client – FAQ”.