THank you
Does it mean we cant have SSO using SSO 2.0 SP3 with version 731 SP6
Regards
Vimalan
↧
Re: Transaction SPNEGO does not exist
↧
Re: Transaction SPNEGO does not exist
Hello Vimal,
This is SPNEGO requirement
For SPNEGO you must upgrade SAP_BASIS SP version to 7 at least. The notes are additional.
You can enable SSO for your system using Secure Login Server.
Regards,
Yuksel AKCINAR
↧
↧
Re: Transaction SPNEGO does not exist
Do you have any link where I can get the steps for it?
Regards,
Vimalan
↧
Re: Transaction SPNEGO does not exist
↧
Desktop Connection for SAP CRM and NW SSO x.509 Certificate
Hello,
I implemented NW SSO in our SAP landscape and implemented it on our CRM system.
I want to use SSO on Desktop Connection for SAP CRM, professional edition Release 2.0 SP04.
I am trying to implement it using admin the guide's X.509 Certificate-Based Authentication section
(https://websmp207.sap-ag.de/~sapdownload/012002523100012038332015E/DCN_Admin_Guide_11_8.pdf)
Unfortunately I could not succeed in getting the certificate on Desktop Connection for SAP CRM - Login screen although the certificate is imported to the store.
Image may be NSFW.
Clik here to view.
What I did is;
* Exported NW SSO Root Certificate in x.509 format.
* Imported the Root certificate to Trusted Root Certification Authorities store of Local Computer. (Explained in detail in )
Did anybody use NW SSO on Desktop Connection for SAP CRM?
Can you help about the issue, please?
Thanks and Regards,
Yuksel AKCINAR
↧
↧
Re: Desktop Connection for SAP CRM and NW SSO x.509 Certificate
Hello Yuksel,
You will be able to find here:
https://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000764122&_SCENARIO=01100035870000000202&
This guide: "Administrator's Guide Deskt. Conn. prof. ed. 2.0 SP04 Patch2"
On page 32 of this guide there is a procedure how to configure X.509 Certificate-Based Authenticationfor Desktop Connection for SAP CRM.
If this will not be helpful, you have to create a CSS ticket.
Regards,
Donka DImitrova
↧
Re: Desktop Connection for SAP CRM and NW SSO x.509 Certificate
Hello Donka,
Thank you for the reply.
I used the same guide.
Unfortunately Local computers store does not come under Trusted Root Certification Authorities when I want to install certificate as mentioned in step 7.
"7. Expand the Trusted Root Certification Authorities store and select the Local Computer store below it."
I used mmc and add snap-in Certificates and installed the certificate to Local Computer certificate store as seen below.
Image may be NSFW.
Clik here to view.
Stil certificate does not come on login screen.
Regards,
Yuksel AKCINAR
↧
Re: Desktop Connection for SAP CRM and NW SSO x.509 Certificate
Hello Yuksel,
It seems that you have successfully installed the root certificate.
Please, make sure that there is also a User certificate for this user in the "Personal" folder. The User certificate is the one that has to be used for the X.509 authentication.
Regards,
Donka
↧
Re: Desktop Connection for SAP CRM and NW SSO x.509 Certificate
Hello Donka,
There is also user secure login client certificate on Personal folder as you can see below
Image may be NSFW.
Clik here to view.
Regards,
Yuksel AKCINAR
↧
↧
Re: Desktop Connection for SAP CRM and NW SSO x.509 Certificate
Hi Yuksel, I haven't played with this for a while. But from my memory I would say that you also need to import all relevant Intermediate CA certificates into the clients' trust store. In this case the "Secure Login User Su..." CA. It should be possible to put the whole chain into one .p7b file and import them client side as one package.
Regards,
Lutz
↧
Re: Desktop Connection for SAP CRM and NW SSO x.509 Certificate
Hello Yuksel,
Plese, make sure that you start the Desktop Connection for SAP CRM only when the SLS certificate is already enrolled. I am not sure that the certificate will be displayed in the drop-down if you first start the solution, and then enroll the SLS X.509 certificate, and then look back at the solution.
If you are sure that the SLS X.509 certificate is enrolled first and is available in the certificate store, and then you start the Desktop Connection for SAP CRM and you don't see the certificate, Please, create a CSS message on the SAP CRM component, explaining that you are trying to configure SSO based on X.509 certificates. Explain that you are facing the following problem: The X.509 certificate of the user (available in the certificate store of the user) is not properly displayed in the drop-down for selection during the authentication process.
Regards,
Donka
↧
Re: Service Provider has received SAML2Response from Identity Provider whose destination does not match requested URL
Hello Bryan,
We are also getting the same error, using ECP Client for NetWeaver7.3 SP18...BTW, our IdP is also Shibboleth..
Did you receive the help from SAP?
Will appreciate any help/guidance...
Thanks
Vikas
↧
Re: SAP AD Integration with Net weaver 7.5
Dear Donka,
Thanks a lot for your all inputs.
We are in the middle of SAML configuration.
While uploading the metadata file from SAP Fiori server to IDP, it says the certificate is not trusted.
Do we need trusted certificate to configure this?
Can we do sandbox with with self signed certificate ?
Do we need to connect IDP with AD ? In SAML configuration its redirecting the link to IDP and the user name password should be same as AD credentials right ?
Do you have guidelines to connect IDP with Active Directory ? We are using Netweaver 7.5 SAP JAVA server for IDP.
Regards,
Abu Sandeep
↧
↧
Re: Desktop Connection for SAP CRM and NW SSO x.509 Certificate
Hello Lutz,
Thank you for your help.
I did export the root certificate as .p7b and installed it as seen below.
They are on both personal and Trusted Root Cert Authorisations (Local Computer).
Still I donot get the cert on login screen.
Image may be NSFW.
Clik here to view.
Thanks and Regards,
Yuksel AKCINAR
↧
Re: SAP AD Integration with Net weaver 7.5
Hello Abu,
Here are the details about certificates when you configure a trusted Service Provider for the SAML Identity Provider:
When you import the metadata, you have to provide the self-signed certificate also.
The SAML IDP coming with the SAP Single Sign-On product is using the authentication stack of the AS JAVA. In order your users to be able to authenticate to the SAML IDP using their MS AD credentials, you have to configure MS AD as user store for AS JAVA UME.
Here is how to configure this:
LDAP Directory as Data Source - Identity Management - SAP Library
Regards,
Donka Dimitrova
↧
Re: Desktop Connection for SAP CRM and NW SSO x.509 Certificate
Hello Donka,
Thank you for the answer.
Since I am loging in other systems using SLS, certificate is already enrolled before I open Desktop tool.
I opened an OSS message. Waiting for an answer.
Thanks and Regards,
Yuksel AKCINAR
↧
Re: Service Provider has received SAML2Response from Identity Provider whose destination does not match requested URL
Hi Bryan,
I am more familiar with SAML 2.0 for ABAP systems, however I can try to help you out with this Java issue.
Based in the error message it seems that there is a configuration problem in the IdP end not in the Java SP end. This URL is the one being accessed "http://portal.mycompany.com:80/irj/portal", thus you have to make sure that the IdP is sending the SAML Response to this application path/URL.
Currently it seems that the IdP is sending the SAML Response to a different path/URL: "https://portal.mycompany.com/saml2/sp/acs".
Therefore, try to locate in the IdP side which are the paths configured to receive the SAML Responses, and make sure that "http://portal.mycompany.com:80/irj/portal" is configured there.
Cheers,
Filipe Santos
↧
↧
Re: SSO solutions for SAP Fiori for multiple scenarios
Hi Davinder,
SAML 2.0 supports Multi-domain Web Single Sign-On, therefore even though you will have users accessing resources through different domains, this can be achieved with SAML 2.0.
In the Mobile layer, SAML 2.0 alongside an OTP (Mobile Authenticator) solution will probably be the best approach.
Please refer to the OASIS SAML 2.0 Technical Overview:
https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf
In the document above you will be able to find all the technical information required to analyze if SAML 2.0 suites for your scenario.
Cheers,
Filipe Santos
↧
Re: NWBC SSO Tranaction SNCWIZARD
Hi Emiliano,
Could you please check if your system have CommonCryptoLib installed? Which is your system version?
As Lutz said above, you can check the library version in the following path:
STRUST transaction -> Environment -> Display SSF Version
Cheers,
Filipe Santos
↧
Re: SSO solutions for SAP Fiori for multiple scenarios
Hello Davinderpal,
The SAP Fiori SSO scenario, described by you, could be easily implemented using the SAP Single Sign-On product (license required).
You can simply implement our risk-based authentication solution and this way to offer different authentication mechanisms for your users, depending on the type of the device they use and where they are coming from (inside/outside corporate network). You can also offer Mobile SSO to your users with this SAP product and the solution will support also "Bring your own Device" scenario.
Regards,
Donka Dimitrova
↧