SSO without Kerberos
Hi Experts
I have a situation where our AD is authenticated to SAP backend via SNC. AD user and SAP user are different.
We would like to create SSO from the Portal to the SAP backend as well, but we cannot use Kerberos for our user mapping due to our AD restrictions. (Portal user is the same as SAP Backend User)
What are our simplest options, from an implementation and maintenance point of view?
Custom Jaas Login module?
Header Variable?
x509 Client Certificate?
Which of the above do you think will work best and where do I start? Guide?
Can I use an RFC to retrieve the user mapping from the SAP backend or should the user mapping be replicated somewhere else?
Thanks in advance
Anton Kruse
I would prefer to develop Custom Jaas Login module.
Hi Orkun
Through lots of research I agree.
Could you help me out with a guide on how to implement the custom JAAS module?
I want the JAAS module to first retrieve the AD domain user, then retrieve the user mapping to the backend via an RFC call, then log in with the now mapped user.
Could you provide me with a step-by-step guide? SSO isn't my forte and haven't used JAAS before.
Thanks in advance
Anton Kruse
Hi Orkun
Can you pls help me out with steps?
Hi Anton,
Read the doc below;
http://help.sap.com/saphelp_nw70/helpdata/EN/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
Best regards,
Orkun Gedik
Thanks. Just what i am looking for.