Skip to Content


SAP Single Sign-On offers support for X.509 certificates. X.509 certificates are highly interoperable, supporting both SAP and 3rd party web applications and clients, including many legacy systems. You can set up your own dedicated public-key infrastructure (PKI) to issue X.509 certificates, or have the Secure Login Server software, a component of SAP Single Sign-On, issue short-lived certificates. With the Secure Login Server software, you do not need to set up a full-blown PKI with its inherent administrative processes, such as certificate revocation lists, but you can still benefit from the same level of security. Enabling this kind of scenario means that users can sign on once to gain access not only to their SAP business applications but also to many of their non-SAP applications.

Implementing Single Sign-On with X.509 Certificates and Secure Login Server

In the following video series, you will learn how you can use X.509 certificates issued by the Secure Login Server component to provide single sign-on functionality as well as secure communication for SAP GUI/browser applications and SAP NetWeaver Application Server ABAP. The videos will describe the necessary configuration step-by-step.


Part 1: Overview / Initialization (8:03 min)

Part 2: SNC Configuration (5:12 min)

Part 3: Enrollment of User Certificate (4:53 min)

Part 4: Single Sign-On via SNC (2:00 min)

Part 5: Single Sign-On via SSL (6:29 min)

Related Blogs

Reusing Kerberos Token for Issuing X.509 Client Certificates with Secure Login Server

Configuring SAML 2.0 Authentication for your Secure Login Server

More Information

For more information about SAP Single Sign-On, visit our community here:


To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Andreas Zigann

    Hello Martina,

    thank you very much for this Blog. It is really easy to follow. I have configured our landscape in the way you presented, but with SPNEGO Authentication to SLS and SPNEGO-Credentials in SNC of the users. The SSO with SAP Gui works fine, but WebGui does not work. Can you give me an advice what could be wrong?

    It would be fine if you could provide us with a Blog configuring AS Java this way, too.

    Best Regards


Leave a Reply