Skip to Content

NWBC and SSO: Logon with/without SNC (Secure Network Communication)

If SNC is activated in SAP GUI and in NWBC, the logon popup never appears again.

This is exactly what you would expect from a

Single Sign-On technology, but sometimes you might still want to have a logon popup (for testing purposes for example).

If you have previously used the SAP Logon Pad, you might know the options SNC Logon with Single Sign-On (Enter) and SNC Logon without Single
Sign-On (Shift+Enter).

Unfortunately we do not have this kind of “switch” in NWBC.

Fortunately however there is a workaround:

You can use the existing external service (delivered with 7.40) /nwbc-no-sso.

This alias calls the NWBC service without support of certificates and always forces a logon screen.


Alternatively, you can create your own external alias in transaction SICF.


You must be Logged on to comment or reply to a post.
  • Hi Sandra,

    thanks for the workaround.

    unfortunately this works only as long as you stay in the web world. as soon as you enter the first abap transaction in nwbc which starts sapgui implicit, you get again the logon screen. and if you have a certificate you just have the option to choose one of your mapped user (snc), hence no chance to enter again the same user/password as in nwbc...

    it would only work if you remove the <SaplogonDescr> Parameter in the nwbcoptions.xml file... but then snc is deactivated

    do you have a solution that snc can still be activated?

    Regards Marc

  • Hello Sandra,


    I have tried your description but it doesn`t work. NWBC still uses SSO. I should have a possibility to log in with another SAP User for tests.

    I have created a new external Alias named /nwbc-no-sso and deleted the Logon through SSL Certificate.

    I used this URL: https://servername.domain:port/nwbc-no-sso/ for testing.


    Should I do some more things or does this workaround not work anymore?






    • Hi Carmen,

      Quick and dirty solution (not officially supported): IE Explorer => Internet Options => security =>Trusted sites, choose Custom Level and select “Don’t prompt for client certificate selection when no certificates or only one certificate exists”. Select “Disable”. If you start Business Client again you can see which certificate will be used and you have the possibility to cancel the request => logon popup will appear.


      The supported solution is to create a new external alias (/nwbc-no-sso, Trg Element: /default_host/sap/bc/nwbc,  description “this alias calls NWBC service without support of certificates and forces a logon screen) in transaction SICF. An alias where you delete option 2 (Logon Through SSL certificate) inside Logon Data/Logon Procedure as described in the blog.





    • Hi Michal,

      you are looking the right way. If the service is not available in your system please create your own service. Choose alternative logon procedure, delete logon with SSL and select SAP Assertion tickets as logon procedure.



  • Hi Sandra,

    we have the problem only in Business Client 6.5.

    When we are using BC 6.0 and are starting a link to a Fiori App (SSO) there will appear a SSO PopUp only one time. That's OK.

    After closing the created tab in BC6.0 an starting the Link to the Fiori App  again, no PopUp will appear again. Great !!


    In BC 6.5 every time starting the link a PopIp for the SSO is shown. That's a problem using the BC 6.5.


    What can be done to solve the problem because we want to use BC 6.5 (Belize theme).


    Thanks and regards,


    • Hi Thomas,

      it is not that easy to just compare 6.0 with 6.5. It really depends on Patch-Levels, tentative new systems with different settings, Back-end-Changes. Only updating BC without touching anything else the behavior you describe is not reproducible in my environment. We'd need the traces. So you have to open a ticket to reproduce that issue.



      • Hi Sandra,

        yes I agree with you. But nevertheless if you want to use BC6.5  with a (business client connection) and there you have some links to Fiori apps (SSO) the shown SSO-PopUp should only be prompted once and not every time you click on the link.

        What would you do to solve this problem ?



        • SAP Business Client 6.5 

          Hi Thomas,

          I could use Chrome with our new beta version.

          As a workaround without Chrome you could switch to the browser engine internetExplorer (Loosing the advantages of the multi-process-design). The logon popups should disappear. Try it.


          NwbcOptions.xml: <PreferredBrowserType>Type</PreferredBrowserType>


          Meanwhile you have to check your requests/certificates. For the Fiori Apps you have to check the logs on the fronted server. FLP standalone in Chrome=>F12 key =>


          And I guess then it's time to open a message on the FLP component.








  • Hello Sandra,

    is this workaround still the prefered solution to prevent automatically login by SSO?

    In the SAP UI Landscape Configuration Guide i found the attribute "Ssoparameter" which can be configured to "spnego=disabled" but unfortunately I couldn't get this to work. This sound to me like it should be the prefered option?

    When i don't use the Business Client and instead access the System by browser with the option "?spnego=disabled" it is working like a charm.