this blog provide some technical Details for Single-Sign-On over Web GUI with HTTPS based on Kerberos / SPNEGO.
Follow steps are practical advices from my SSO project. They are based on sap note 1531399 and required for the activation of Single-Sign-On over Web GUI with HTTPS.
1. Transaction SICF
1.1 The service /default_host/sap/bc/gui/sap/its/webgui should be configured.
1.1.1 First change to edit mode.
1.1.2 Choose the register for error pages, take the key for system log on and after it the configuration key.
1.1.3 Choose the key for definition of service specifically configuration
1.1.4 Take for actions during the logon on in the protocol field “Switch to HTTPS”
1.2 Activate the service /default_host/sap/bc/ur
2. Transaction RZ10
2.1 Set the parameter logon/ticket_only_by_https to 1
3.1 Re-start of the appropriate SAP system with all instances
4. It works!
Web GUI address in this case has the follow structure
https://<your instance>.<your domain>:10443/sap/bc/gui/sap/its/webgui