Reusing Kerberos Token for Issuing X.509 Client Ce...

Technology Blogs by SAP

Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.

Your company is using Secure Login Server (SAP Single Sign-On) for issuing short lived X.509 client certificates for authentication to the SAP and non-SAP business systems across your landscape.

Your company is also using Microsoft Active Directory and now you want to re-use Kerberos tokens, issued by the MS Domain Controller (KDC), for the Single Sign-On with Secure Login Server X.509 client certificates.

After implementing this scenario, your domain users will have to authenticate only once, using their Microsoft Active Directory credentials, and they will be authenticated automatically to any SAP and non-SAP system, that requires short lived X.509 client certificates and where they have been granted authorizations.

In my new guide SPNEGO based Single Sign-On using Secure Login Server X.509 Client Certificates you will be able to find step-by-step instructions how to implement this scenario:

SAP Managed Tags:
SAP Single Sign-On,
Security

5 Comments

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Count

Reusing Kerberos Token for Issuing X.509 Client Certificates with Secure Login Server

Get Your SAP HANA Idea Incubator Badge Today!

SCN Mission - SAP HANA Quiz Challenge is now retired

Share your #HANAStory and Win