This is your last chance. After this, there is no turning back. You take the blue pill—the story ends, you can stop reading here and believe whatever you want to believe.
You take the red pill— I show you how SSO works. Remember: all I’m offering is the truth. Nothing more 🙂
Joking aside, recently I started to analyze the questioning behavior here. I like to check in here because that’s my job. I love my job and everything around secure authentication, especially in a heterogeneous environment with SAP and Non-SAP components. It is fun so I’m good at that. And I’ll gladly assist you with all your questions, as time permits. After all, that’s practically volunteer here, so please don’t always expect answers.
Certainly to encourage a structured analysis of errors and procedures – I would like to suggest a few things to you. Please check the web and search for solutions before asking here. Also, take a look here before and even in the manual. Try to read some chapters, mostly it is from use. Indeed, the Secure Login for SAP Single Sign-On Implementation Guide part of SAP SSO 3.0 as well as other related manuals at help.sap.com/sso contains plenty of valuable information and explanations.
I confess, I just do not like its structuring, actually, it is bad. The document is hard to read fluently, too many sections without logical structure and cross or source references. It’s not fun, so I feel sorry for you.
However, I am sure half of the questions asked here in this SSO-community is raised due to the fact, there is no process for a structured and logical approach to troubleshooting. But sometimes you have no time or no luck to find a solution, understandable.
So, how to get familiar with SAP’s implementation of Single Sign-On the best way? Apart from any vendor-specific implementations of those mechanisms, like SAP Single Sign-On 3.0 is, it makes sense to get familiar with the industry standards behind SSO implementations.
Most of the time, questions asked because people haven’t understood the concept behind the three core SSO standards and how its components interact with each other. And how they tie together. I mean you don’t have to be a freak about Kerberos to understand it. You can go deep inside the rabbit hole here as well, but a solid understanding even on a high-level helps a lot.
I recommend everyone in an SAP job role responsible for IAM and/or authentication in general, to get familiar with the fundamentals of SAML 2.0, Kerberos and Certificate-Based Authentication. Knowing that, will increase your view and ability to design IAM solutions. It helps to better understand the whole process of how those authentication mechanisms actually work and which one suits best for a specific SAP / Non-SAP authentication scenario.
Reason for my blog is to clarify this on the one hand and on the other hand to suggest training on SAP Single Sign-On. Interested persons can find more information here.
So don’t take the red pill, take the training!