Skip to Content
Author's profile photo Former Member

SSO without Kerberos

Hi Experts

I have a situation where our AD is authenticated to SAP backend via SNC. AD user and SAP user are different.

We would like to create SSO from the Portal to the SAP backend as well, but we cannot use Kerberos for our user mapping due to our AD restrictions. (Portal user is the same as SAP Backend User)

What are our simplest options, from an implementation and maintenance point of view?

Custom Jaas Login module?

Header Variable?

x509 Client Certificate?

Which of the above do you think will work best and where do I start? Guide?

Can I use an RFC to retrieve the user mapping from the SAP backend or should the user mapping be replicated somewhere else?

Thanks in advance

Anton Kruse

Assigned tags

      5 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      I would prefer to develop Custom Jaas Login module.

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Orkun

      Through lots of research I agree.

      Could you help me out with a guide on how to implement the custom JAAS module?

      I want the JAAS module to first retrieve the AD domain user, then retrieve the user mapping to the backend via an RFC call, then log in with the now mapped user.

      Could you provide me with a step-by-step guide? SSO isn't my forte and haven't used JAAS before.

      Thanks in advance

      Anton Kruse

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Orkun

      Can you pls help me out with steps?

      Author's profile photo Former Member
      Former Member
      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Thanks. Just what i am looking for.