SAP Netweaver SSO - Password Manager
Hi All, We are trying to migrate from our old SSO solution to new. The old solution is based on User ID/password and we would like to migrate the data. Does Netweaver SSO supports the import of User...
View ArticleRe: SPNego configuration for SAP EP 7.31 and AD 2008
Hi Keshari, maybe it is easier if you will have a look to this configuration video: http://scn.sap.com/docs/DOC-40178 Your stuff will be explained in video 4: https://scn.sap.com/docs/DOC-40322 I hope...
View ArticleSSO Authentication with Multiple Entry Points
Hello,We currently have a situation where we have a group of users that need to login into the BW system via multiple entry points. Currently, these users are authenicated via AD and the portal in...
View ArticleConfiguration to pre select the Kerberos token on SLC
Dear all, I am configuring the SAP GUI after installing the Secure Login Client for NW SSO 2.0. Once the user selects an SAP system for SSO, a pop up window presents all available certificates for the...
View ArticleRe: SSO and netweaver login mutually exclusive?
Hi Danny, a bit more background info would be helpful (such as ABAP or JAVA system, what is the IdP, ...). For SAML to coexist with username/password on the same logon page, you would need to start the...
View ArticleRe: Custom ClientCertLoginModule Certificate Check
Thank you for your response Patrick. The client certificate identifies the proxy server, not the user. The client certificate is being used to make sure traffic is coming from the proxy server...
View ArticleRe: Custom ClientCertLoginModule Certificate Check
Hi Mark, sorry, maybe my response was not clear enough. What you do explain is documented as a trusted intermediary. You configure the client cert for the proxy (intermediary) by...
View ArticleADFS as Identity Provider for SAP systems
We have mixed setup of IIS webservers and SAP systems that our users need to access through a browser. We would like to give our desktop users a single sign on experience so that they do not have to...
View ArticleNW SSO 2 - Secure login client - logon using client certificate
Hello, Our customer has existing PKI (client certificates) which they want to use to logon to Secure Login Server using “heavy” Secure Login Client (not web client) for employees.Their reasons...
View ArticleFeature, bug or missing setting?
I have noticed that SAP GUI users seem to be able to continue to single sign on through the GUI even after their users have been locked. This could be due to the fact that the client certificate issued...
View ArticleRe: Feature, bug or missing setting?
Dear Anders, ABAP systems distinguish between two lock reasons: Account lock:A user account can be locked by the administrator. This means that the user can no longer log on to the system at all....
View ArticleRe: Feature, bug or missing setting?
We noticed the behaviour when a user password had expired. The user was still able to log on using SNC and change the password after logon. As we were a little bit intrigued by our finding we tried to...
View ArticleRe: Feature, bug or missing setting?
Then Adrian's answer is correct and it is not a "hack". SSO does not evaluate passwords, so the fact that they have expired or too many incorrect logins with passwords is irrelevant. Cheers,Julius
View ArticleClik here to view.
Kerberos tokens and SNC RFC - Server certificate not trusted
Hi all, I am trying to configure a cenario using SAP NW SSO 2.0 in which users authenticate using SNC with kerberos tokens to system A, and system A communicates with system B using SNC RFC.As...
View ArticleRe: NW SSO 2 - Secure login client - logon using client certificate
Dear Jan, Technology Used for Secure Communication between Secure Login Client and Secure Login Server is HTTPS (SSL). More details about Secure Communication you will be able to find here. pseType is...
View ArticleRe: Kerberos tokens and SNC RFC - Server certificate not trusted
Dear Ilia, You need to exchange X.509 certificates on both systems - A (AS ABAP) and B (AS ABAP). The trust has to be established in both directions (if you look at the diagram you will see that the...
View ArticleRe: The SSL server certificate does not contain the domain name of the server
Did you resolve this error?We are also encountering the same issue. Function ssl3_send_client_verify returning error code a1d40201: CAPI error[2013.12.13 13:15:02.816][ERROR][sbus.exe ][SSL...
View ArticleClik here to view.
Re: The SSL server certificate does not contain the domain name of the server
You yourself have mentioned the solution here Sanath. This happened with us also. We had one system where SMP certificate was installed in Secure Login Client and the certificate was expired. SSO was...
View Article