SAPGUI:SSO with OSX : How to configure SSO on Mac.
This is an old document created on 25 June 2007 , Please if you found something now updated let me know and I will make the update.
Applies to:
SAPGUI : SAPGUI for Java 7.00 rev 4
VM: Apple Computer, Inc. Version 1.5.0_07-87
OS: Mac OS X(i386) Version 10.4.10 / Intel-MAC
ADS: Windows 2003
Summary
How to implement the Single-sign on with Kerberos using SAPGUI for JAVA 7.00,
Install Kerberos in OSX
To start to use Single-sign On (SSO) in Mac environments we need install the Kerberos/Seclude library in our system.
If you don’t have installed ,you can download from : http://db.tt/IclHWMLV
This TAR file have 2 files
- sncgssec.dyld for PowerPC (Secude framework must already be installed!)
- sncgssk5.dyld for Universal
Select the better library for you and rename to sncgss.dyld , then copy to “/usr/local/lib” or “/usr/lib” directory. If you want use another directory, you have to set the SNC_LIB environment variable to the location of the library.
i.e. export SNC_LIB=/mnt/server/lib/sncgss.dyld (for bash)
or set the user environment via file “~/.MacOSX/environment.plist” (see Developer Connection Technical QA 1067 and Property List Editor Application which comes with the Developer Tools)
Configure Kerberos
If you work like consultant, usually you don’t include your MAC in the client domain, for use SSO you only need type your password the first time when you logon, and then you have SSO until the ticket expire.
You need to setup the krb5.conf file in /etc with the follow lines :
- [logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = SUB.DOMAIN.NET
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
[realms]
SUB.DOMAIN.NET = {
kdc = server_hostname.sub.domain.net
admin_server = server_hostname.sub.domain.net
default_domain = sub.domain.net
}
[domain_realm]
.sub.domain. = SUB.DOMAIN.NET
server_hostname.sub.domain.net = SUB.DOMAIN.NET
Configure Sap Logon
First of all, you need to configure your SAP Logon, in this example we configure the guimsg.txt in the preference panel with file:/Library/Preferences/SAP/guimsg.txt,
ELD : /M/server_hostname/S/3601
Click in New
When you try to logon, the system ask your DOMAIN password
Now you can start to use the SSO
There is a lengthy thread about using Kerberos and SAP GUI for Java on Mac.