Skip to Content


You must be Logged on to comment or reply to a post.

  1. Former Member

    Hi team, I’d like to know if is possible to have this SSO scenarios implemented in SAP NW 7.4:

    • SSO implemented in two domains, with two different IDP.

      SSO for the users that belongs to domain1 and LDAP (Form, Basic authentication) for the users of the other, domain2.

  2. Colleen Hebbert


    This is a nice high level visual of the process. Thanks 🙂

    It is possible for a redirect from NWBC login prompt to the SLWC so users don’t need to do two steps to access their applications?



    1. Samuli Kaski

      You could configure the ICF node (ext. alias /nwbc) to use SAML as logon procedure in the Logon Data tab or you could use the Error Pages tab and configure a redirect to a specific logon page, which in this case would be SLWC.

      1. Colleen Hebbert

        Hi Samuli

        Thanks for your reply. I forgot to mention that part of the Secure Login Server authentication was to issue private certificate to IE browser content. I was told that they cannot do that via the ICF configuration for NWBC logon procedure.

        In truth, I cannot remember which functionality required X509 instead of just SAML



  3. Former Member

    Hello Team,

    I need some help here.

    I want to use IDM 8 as identity provider with NW SSO, similar to above.

    and then SSO will allow access to SAP systems.

    Could you please explain if having just IDM 8 as user source is sufficient?


    Yatin Phad

    1. Donka Dimitrova Post author

      Hello Yatin,

      This will be possible if you are using the SAP Single Sign-On product (license required). The SAP Single Sign-On offers a Secure Login Server that issues X.509 client certificates. The Secure Login Server is running on AS Java and when you provision your SAP IDM users to AS JAVA UME it will be possible to implement single sign-on based on X.509 client certificates to SAP systems. This scenario will be working also for Windows based UIs like SAP GUI. If you are using only web UIs for SAP, then you can use also the SAML Identity Provider in a similar way because also the SAML IdP could use the AS JAVA UME as user store.


      Donka Dimitrova


Leave a Reply