Hi
Yes, you can move very well. it will support winodws 8.1 with IE 11 kindly do the setting as mention in the scn link
How to install SAP Passport single sign-on certificate in Windows 8.1 (IE11)
BR
SS
↧
Re: SSO secure login client is compatable for Windows 8.1?
↧
Re: SPNego for Incident Management
HI Patrick.
As a another way to solve my problem I also implemented Note 1250795 - Redirect appliction with adjustment in VA and try to open Incident Management UI via redirect url:
http://xxxxxxx.xxx.xxx:8000/redirect/redirect?url=servicedesk
but logon prompting window still open.
Redirect urlhttp://xxxxxx.xxx.xxx:8000/redirect/redirect?url=nwa
working fine.
Can you explain pls, may I use this way?
--
regards,
Yessen
↧
↧
Re: SPNego for Incident Management
HI Yessen,
the ABAP support for SPNEGO only works with the SAP NW SSO product. So if this is not licensed, SPNEGO will not work on ABAP.
Regards,
Patrick
↧
Re: SSO secure login client is compatable for Windows 8.1?
Hi,
yes, the Secure Logon Client 2.0 has been successfully tested on Windows 8.1.
Best regards,
Christian
↧
"SPNEGO realm is not enabled" - SSO 2.0
Hi,
I have two domains configured in SPNego of secure login server (SS0 2.0). Secure login client is receiving certificate for one domain users when user manually enters password in SLC. But Secure login is not receiving user certificate for the second domain/AD. It shows "Supplied credentials not accepted by the server".
When i check the Diagtool log, it shows "SPNEGO realm is not enabled" for the second domain/AD. But both the SPNego configurations are enabled only in NWA.
Attached the error screen, SLC trace and Diagtool trace files.
Anyone pls help on this?
Regards,
Yogesh Kumar D
↧
↧
Re: MS ADFS to NW ABAP 7.02 SAML. IdP originated works, but not the other way
Hello...
I am in the process of setting up SAML2 with a non-MS Identity provider. I will let you know if I come accross anything that may help. Additionally, where do I look for the log you posted on the SAP ABAP server?
Also, in your log there is a reference to
SAML20 <AudienceRestriction>
SAML20 <Audience>SE2Connect</Audience>
SAML20 </AudienceRestriction>
How did you get the AudienceRestriction?
Any help would be appreciated. Thanks in advance.
Dhee
↧
Re: MS ADFS to NW ABAP 7.02 SAML. IdP originated works, but not the other way
That audience restriction is generated because we originated at the ADFS logon screen and then chose our Relying Party from the pull down.
But our design has been changed since submitting my post. We changed our config to do WS-Trust since it's a java app making web service calls to SAP at the SOA layer.
You can setup your SAML debug at:
http://host:port/sap/bc/webdynpro/sap/sec_diag_tool?sap-client=####
↧
Re: MS ADFS to NW ABAP 7.02 SAML. IdP originated works, but not the other way
Thanks for the prompt response. I am trying to setup SAML2 SSO aunthentication for NWBC to ABAP. No java involved.
↧
Re: Is SSO with multiple AD auuthentication possible?
Hi Keane,
Aswell as David's recommendations above, adding the 3 domains to spnego should be enough for SSO to work. Just watch out for issue with duplicate users, which you can take into account via user mapping.
Kind regards,
Cathal
↧
↧
Re: Problem with SSO between EP and ECC
Hi Anil,
The first place to start is by reproducing the issue while running the troubleshooting wizard on the portal system (explained in note 1332726) here you can see if the login ticket was created ok.
Then on the backend you can check if the it recieved and accepted the ticket via an SM50 security trace. It should hopefully show the ticket recieved and give an error why SSO failed.
Httpwatch trace is also usfull to track the login ticket (MYSAPSSO2 cookie).
Also usual checks are to make sure the system are in the same domain and that the user exists on both systems.
Hope this help find the root problem.
Kind regards,
Cathal
↧
Re: SSO (single sign on) on NetWeaver 7.0 Enterprise Portal based on spnego with Microsoft Active Directory
Hi Carlos,
As Samuli hinted at it is possible to have spengo while keeping java pointed to an ABAP system, there are some great wiki's availble for this that will help you:
Configuring SPNego with ABAP datasource | SCN
Basically its done via attribute mapping, so if you're using the new spnego module you can easly set it in the usermapping tab rather than the visual adminsitrator as it was done in the old module.
Kind regards,
Cathal
↧
Re: SSO not working at prime attempt
Hi Gerrit,
Aswell as the torubleshooting wizard on the portal, I would recommend colecting a SM50 security trace on the backend to see why it is rejecting the login ticket (asusming it is receiving it).
All the best,
Cathal
↧
Re: BPC SSO using Client Certificates
Chris,
The Excel plugin (EPM add-in) for BPC 10 does not use SNC. It uses HTTP authentication with SAP password, or asks user for certificate.
Thanks
Tim
↧
↧
Re: BPC SSO using Client Certificates
Hi Tim,
Yes you're correct. If you configure the ABAP spengo (needed for http SSO) then EPM add-in will work with SSO.
Kind Regards,
Chris
↧
Re: BPC SSO using Client Certificates
Chris,
Are you sure it will ? Have you tried it ?
How do you stop EPM add-in from showing the Sign-On screen if you are using SPNEGO ?
Thanks
Tim
↧
Re: SAP Portal 7.3 SPNego and NWBC SSO with ECC
Hi Samuli,
I was able to setup the IDP and SAML for SSO. However, I ran into few issues. I was hoping if you would have any insights or suggestions.
Web Version #
HTTP is working via OKTA (SAML-Identity Provider) SSO as expected.
HTTPS fails on the first attempt and prompts me for a user name/password, but if I refresh the same web browser, HTTPS also works on the second attempt.
Any suggestions how to get past this issue?
Desktop client Version#
Whenver I access web dynpro app via the client version, I get a security warning from the NWBC client, as my SAP server and Identity provider are on two different domains. I know reading through the blogs and as per note # 1378659 & http://help.sap.com/saphelp_nw73ehp1/helpdata/en/c5/18826ad1e944dfb39aa1d0fe3a188a/content.htm?frameset=/en/66/48a793bc2f4ec5bdb8e7e93ea6cd9f/frameset.htm
there is a way to bypass this security warning in the older versions of NWBC client. However, we are at the latest version NWBC 4.0 and the solution to bypass the security warning doesn't work. I did open an OSS message with SAP for this issue and they are suggesting this to be a consulting issue. The URL that I am calling from the NWBC client is the my Identity provider's SSO URL.
In case I use SAP's nwbc sicf HTTP URL from the nwbc desktop client instead of the IDP's SSO URL, it looks like the authentication takes place via the SAML assertions, but the client pop-up just hangs with a blank screen.
Any suggestions on this issue? Thanks in advnace.
Thanks
Dhee
↧
Re: SAP Portal 7.3 SPNego and NWBC SSO with ECC
Try to enable all logon procedures for the ICF service in question. Have you added the IdP URL into the trusted / intranet security zone in IE?
↧
↧
Re: SAP Portal 7.3 SPNego and NWBC SSO with ECC
Thanks Samuli, the first issue regarding the HTTPS has been solved after enabling all logon procedures for the ICF services in SICF.
Yes, I did add the IdP URL into the trusted/intranet security zone in IE and it still doesnt work. Attached is the screenshot of the exact error. 
I also added the entry to the HTTP_WHITELIST table in the backened abap as mentioned in the help.sap site in table in addition to the whitelist.ini.
Let me know if you can think of anything else.
↧
Re: BPC SSO using Client Certificates
Apologies, only mentioned BEX because thats the place I saw a popup.
I've attached the pdf's to the thread, hopefully you can access them now ...
(I've had to change the file extension to .text as this site does not allow .pdf - Please unzip first and then change the doc's to .pdf )
↧
Re: BPC SSO using Client Certificates
Hello Dennis,
Please, find here the Security Guide for BPC 10 version for SAP NetWeaver:
https://websmp102.sap-ag.de/~sapidb/011000358700001239962013E
->Look at the chapter 5.2 Integration Into Single Sign-on Environment
Please, find here the Security Guide for BPC 10 version for MS platform:
https://websmp107.sap-ag.de/~sapidb/011000358700000470172011E
-> Look at the chapter 5 User authentication process
I would like to let you know also that Single Sign-On with BPC 10 is easily possible in conjunction with the SAP NetWeaver Single Sign-On product (license required). This is about re-using the Windows Logon (Kerberos, SPNego).
You can find more details here: SAP NetWeaver Single Sign-On --> Single Sign-On with Kerberos
The implementation is described step-by-step in the How-To videos.
I hope this will help you to find the answers on your questions.
Best regards,
Donka Dimitrova
↧