This website is not affiliated with, sponsored by, or approved by SAP AG.

Single Signon - Portal / Active Directory

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Single Signon - Portal / Active Directory

Postby Mtl2012 » Tue Nov 06, 2012 10:42 am

I am very new with portals and single signon. I think that my needs are very simple but what I find seems to cover more functions that we actually need.

Context and need:

Users logon to their PC in the morning. Authentification - Windows Active directory (LDAP).
Internet Explorer default page opens the company's Intranet.
In the Intranet, there are HR links that point to the SAP Portal.
Presently, when we click on the link, we have the SAP NetWeaver Portal Welcome window asking for an ID and Password.

What we need is to not have to re-enter a login and password again.

I have read the sap help links, searched google, the sap netwaever portal admin course manual (EP200) but never sure if I am not 'over configuring' the system.

What are the big lines that needs to be done?

PS we are ECC release 701 level 7 (windows server 2008, SQL Server 10)
Posts: 1
Joined: Mon Nov 05, 2012 5:05 pm

Re: Single Signon - Portal / Active Directory

Postby thx4allthefish » Wed Nov 07, 2012 7:07 am

1.) moved from Basis to Security

2.) This is a wide field. WIDE!! :lol:

Basically, you have -depending on your "frontend" (SAPGUI Windows vs. SAPGUI HTML/PORTAL) a few different options:


  • SNC (SAPGUI, Kerberos)
  • LogonTickets in SAP ShortCuts


  • SAPLogon Tickets
  • SPNego
  • X.509 Certificates
  • JAAS
  • SAML

What's best for your situation is really hard to say without having talked to you in person/in loco because the minimum scenario you describe might well serve. For a time. And then there are "wishes" (from whomever) to extend the installed service and based on what you have chosen, you might well be in a "dead end", then and face a serious re-design to get some/the rest of your effin' applications into the scenario.

So, no advice from me. Except:

there are companies out there (Realtech, Xiting ...) who offer workshops to determine what exactly it is you need NOW and what you might want to consider to be flexible in the future. They are so totally worth it. You learn a real lot and -compared to the cost- you get a real basic knowledge of what you should do. I recommend it.

Also, for short, netbased webinars on the subject, Realtech as well as SAP offer 45 minute webinars (free) which deal with the theory nicely. Start there and expand to the workshop. After that, you can decide (and hopefully implement) by yourself.
curiousorange wrote:I give up. Humanity isn't worth saving. Why is there never a Vogon Constructor Fleet around when you really need one?
Posts: 5694
Joined: Sat Oct 26, 2002 6:18 pm
Location: barolo barrel

Re: Single Signon - Portal / Active Directory

Postby Al. » Wed Nov 07, 2012 5:41 pm

I agree with Fish, it's a big area and there are lots of considerations.

In addition to Xiting & Realtech it's also worth talking to CyberSafe
Posts: 3049
Joined: Tue Feb 25, 2003 5:35 am
Location: London

Return to SAP Security

Who is online

Users browsing this forum: No registered users and 3 guests

This website is not affiliated with, sponsored by, or approved by SAP AG.