SSO without Kerberos
I have a situation where our AD is authenticated to SAP backend via SNC. AD user and SAP user are different.
We would like to create SSO from the Portal to the SAP backend as well, but we cannot use Kerberos for our user mapping due to our AD restrictions. (Portal user is the same as SAP Backend User)
What are our simplest options, from an implementation and maintenance point of view?
Custom Jaas Login module?
x509 Client Certificate?
Which of the above do you think will work best and where do I start? Guide?
Can I use an RFC to retrieve the user mapping from the SAP backend or should the user mapping be replicated somewhere else?
Thanks in advance