Different between SSO using X.509 and Kerberos

Dear Experts,
When trying to decide which route to go for SSO X.509 certificate or Kerberos token for SAP Abap system only , I am a bit confused.
These are the main steps for using X.509. All the documents I found only talk about installing Secure Login Server on AS Java by using Telnet/JSPM deployment. Can we not do the same for AS Abap? If that is true, does that mean X.509 certificate can only be using for ABAP + JAVA systems and not for Abap only?
X.509 Certificate:
1. Install and Configure Secure Login Server on SAP AS Java system.
2. Intall Secure Login Client
3. Install and Configure Secure Login Library on SAP AS ABAP
4. Configure User Mapping in SAP AS ABAP/JAVA
On the other hand Kerberos seems much simpler because installation of Secure Login Server is not required for AS ABAP.
1. Install and Configure Secure Login Library
   Configure SPNEGO & SNC in SAP AS ABAP
2. Install Secure Login Client
3. Configure user mapping in AS ABAP.
Kindly advise.

We don't intend to use this on other web applications except for web gui.
From what I understood, we create 2 values for "servicePrincipalName" for the user in AD. One for SNC interface for Gui and the other entry to web interface for web gui users and with SNC/SPNEGO configured, Kerberos keyTab also configured for SAPNEGO/SNC in ABAP , users should be able to login to gui and web gui.
That said, below are our current versions. Do we still have to upgrade kernel version?
S/W component     Release  Level      Highest Support Package
SAP_BASIS             702         0012     SAPKB70212
Kernel
kernel make variant           720_REL , Unicode, AIX 64 BIT, Patch number 500.

Similar Messages

  • Differance between the Cost based costing and Account based costing

    Hi,
    What is the Differance between the Cost Based Costing and Account Based Costing ?

    You can check sap note 69384
    COSTING-BASED PROFITABILITY ACCOUNT-BASED PROFITABILITY
    ANALYSIS ANALYSIS
    OBJECTIVE
    o profitability and sales accounting
    o evaluation of market segments (for example,
    customers, product groups, sales areas) and corporate
    units (for example, division, sales organization) with
    regard to their profit or contribution margins
    o calculation of profits procedures
    - cost-of-sales accounting
    - interim and reconciled sales report
    - periodic and transaction-based allocation
    - Profitability Analysis on the basis of full and
    direct costs
    o posted and costing-based values o account-based values
    o can be reconciled with FI for o always reconciled with
    account groups (revenues, sales FI on account level
    deductions, costs of goods
    Note 69384 - Information: Account-based Profitability Analysis
    manufactured, and so on)
    DATA STRUCTURES
    o definition of operating concerns o definition of operating
    with fixed characteristics and concerns with fixed and useruser-
    defined characteristics defined characteristics
    and value fields
    o cumulative storage by posting o cumulative storage by
    periods and weeks posting periods
    o storage in operating concern o controlling area currency,
    currency (as of Release 4.0 also company code currency
    optional in company code currency and transaction currency
    if req.)
    o user-definable summarization levels
    FUNCTIONS
    o transfer of profit relevant o transfer of profit-relevant
    business transactions from SD, FI activities from SD, FI, CO, MM
    CO, MM (revenues, sales deductions (revenues, sales deductions and
    and costs organized by value fields) costs organized by accounts)
    o Derivation of characteristics from master
    data or using derivation rules
    o Realignments also for data that is already
    posted
    o Valuation
    (Costs of goods manufactured, imputed
    costs and sales deductions)
    o sales and profit planning o profit planning
    - flexible layout - flexible layout
    - periodic distribution - periodic distribution
    - valuation, revaluation - forecast procedure
    - forecast procedure - top-down distribution
    - top-down distribution - simulation
    - simulation
    o profit analysis by means of 'interactive drill-down
    reporting'
    - Report Painter
    - object list/ranking lists, database schema
    - drill-down
    - key figure systems
    - flexible hierarchies
    - navigation between reports
    - exception reporting
    - ABC analyses
    - Exporting (Excel, Winword, Mail)

  • Hi all, I wonder what is the different between iphone4 AT&T, sprint and verizon?

    Hi all, I wonder what is the different between iphone4 AT&T, sprint and verizon? does verizon is CDMA? does CDMA have a slot sim card? what is the version for iphone 4s AT&T? 5.0.1 or 5.1?

    AT&T is a GSM carrier. Sprint and Verizon are CDMA. The CDMA iPhone 4 has no SIM slot. The CDMA iPhone 4S does but the phones still can't be used on GSM in the U.S. The software versions are the same across carriers at this time.

  • What different between the OTN download version and the CD version of 8i for linux?

    Does there have any different between the OTN download version and the CD copy version of 8i?
    Can I use the OTN download version for production environment?

    They are the same.
    Can I use the OTN download version for production environment? I think if you read the download license agreement it specifically says you can't use the software in a production environment.

  • What is the different between Sharepoint fast search service and Sql server fulltext search?

    HI ,
    I want to kow what is the different between Sharepoint fast search service and Sql server fulltext search?
    Or Can I abstract the Sharepoint fast search from the Sharepoint platform as a isolate component?
    Thank you.
    James

    They are very, very different beasts.
    Firstly FAST Search for SharePoint is the old name for the product and is only relevant for SharePoint 2010 not 2013. It got merged into the standard SharePoint search for the 2013 release.
    SharePoint search is aimed at providing a Bing or Google like experience for your intranet content, as well as providing some nifty features that are purely SharePoint releated along the way. That means it can crawl SharePoint content, file shares,
    outlook mailboxes, internal and external websites and probably fifty other different things if you really tried. Whilst i'm not an expert on SQL full text search I believe it's intended to provide a search feature for content held within SQL databases
    and tables.
    Can you run SharePoint purely for Search? Yes, definitely.

  • What's the different between buying Creative cloud membership and  buying subscription?

    What's the different between buying Creative cloud membership and  buying subscriptions(month to month/yearly)?
    If i am not allowed to buy creative cloud in my country, Can i still buy subscription?
    Looking forward to your reply.
    Thanks
    MM

    Those are two separate monthly subscriptions to individual apps allowing you to cancel at any time. It's the most expensive but the most flexible way of subscribing.
    Creative Cloud is a collective term for a subscription to the entire Master Collection of apps plus all the extra products and services which come with the entire Cloud membership. http://www.adobe.com/uk/products/creativecloud/tools.html
    If you definitely only want one app then a standalone subscription is the way to go.
    If you want at least two apps, then a yearly Cloud membership is cheaper overall.
    Which country are you in? Cloud memberships are not available in all countries.
    http://www.adobe.com/uk/products/creativecloud/faq.html#availability (In what countries can I buy a membership to Creative Cloud?)

  • I'd like to know what is different between iPad air with wifi, and with cellular

    I'd like to know what the different between iPad air with wifi and with cellular

    With the wifi only one you can only get internet via wifi.
    With the cellular one you can also access the internet via cellular (with appropriate data plan)
    beyond that, and the price, they're the same

  • Differnce between LAST USED in RSZCOMPDIR and USED in 0TCT_MC01

    Hello
    I have two problems to solve:
    1. What is the differnce between LAST USED in RSZCOMPDIR and USED in 0TCT_MC01
    2. LAST USED in RSZCOMPDIR is filled but in 0TCT_MC01 I have no log about that.
        ==> can anybody explain that to me?
    Thanks to you all !!!

    Cant anybody help

  • Differance between microsoft sql 7 server and oracle 8

    can anybody give me the exact technical differances between microsoft 7 server and
    oracle8 server ?

    hi,
    below i listed few differences known to me.
    Oracle is a multiplatform rdbms whereas sqlserver is restricted to NT server workstations.
    Oracle does not include the concept of master db. All db runs independently, with their own data files,mem management, and control.
    Sql server has much larger set of fundamental data types than oracle.
    Oracle uses row-level locking whereas sqlserver uses page level locking.
    Oracle is more mature product. It should be used for high throughput and availability and reliable backup and recovery.
    hope it will give u some idea.
    regards,
    arun.

  • OCIAttrGet OCI_ATTR_PRECISION different between 9.2.0.1 and 9.2.0.4?

    Hi,
    was there any change in the OCIAttrGet method for OCI_ATTR_PRECISION and OCI_ATTR_SCALE between 9.2.0.1 and 9.2.0.4 on Solaris?
    It seems I get different return values for a NUMBER datatype.
    Thanks, Joern

    I haven't seen a difference in behavior before. Can you provide the table create statement, the column being described, and the OCI code being used to describe it?
    Have you tried upgrading to the latest patchset for 9.2? Sometimes this helps, because you can pick up some bug fixes.

  • Different between BB OS 4.3 and OS 4.5

    Are there anybode can explain to me what is different between BB phone has OS < 4.5 and phone has OS >= 4.5 ? Because with the phone has OS < 4.5 I can read memory of it and I can't read memory of that phone with OS 4.5. I'm very happy when received your reply! 

    to check if encryption is enabled on your 8830, please go here and download the user guide :
    http://docs.blackberry.com/en/smartphone_users/subcategories/?userType=1&category=BlackBerry+Smartph...
    then on page 253 you have the procedure to check if the media card is protected.
    The search box on top-right of this page is your true friend, and the public Knowledge Base too:

  • Interoperability between server using 6.1SP9 and client using 5.1SP9

    Hi,
    We have a weblogic server running on a Solaris 2.6 machine. This server
    hosts some EJBs and it is also a JMS provider. We are using Weblogic 6.1 SP2
    & JDK 1.3.1 for this server. Now we need to be able
    to access this server from clients running on Solaris 2.5.1 machine and
    jdk 1.2.2_05a. Since Weblogic6.1 is not certified on Solaris 2.5.1, we will
    have to use Weblogic5.1(SP9 or SP11) on the client side. Would this work?
    If not, do we have any choice besides running the clients on
    Solaris 2.6 or highr machines and using different version of Weblogic & JDK?
    I will appreciate any help/pointers.
    Thanks in advance.
    Sudhir Chaudhari

    Sorry, but you are aut of luck there. Had the same problem and according to BEA
    communication between different version are not supported until 6.1 and higher.
    That is 6.0 to 6.1 will not work but 6.1 to 7.0 will work.
    That is an extrem pain and I have no idea why. I suggest that you look into SOAP
    or some RMI server that will marshall requests or something. That is however some
    serious work and will also kill the performance.
    Regards
    Erik

  • SSO using user ID and password

    Hi ,
    I have installed EP 6.0 SP2 running on SQL DB,Business Package for ESS for SAP R3 4.7 , ITS6.20.
    Portal is runing fine and i also have set up the SSO with R3 using UIDPWD. I can able to access ESS iviews. Everything runs fine.
    But the problem is that after accessing 6/7 iviews of ESS, i am prompted for User id and Password. ( Welcome screen is displayed). I have checked the no of session in SAP R/3 ( Transaction : SM04) there are 4/5 RFC session found.
    Please do let me know if any other information i have missed out. Any idea always appriciated.
    Regards
    Debaraj

    Hi Tan
    Thanks for the reply.
    I have already set the Logon Ticket expiration = 24 hr.
    But still i am having the same problem .
    About the second option you have mentioned
    I have not changes iViews priority nor authorization scheme priority.
    As i mentioed , i could able to access iViews but after accessing 6/7 iviews i am getting portal login screen. This screen came even i click on the portal welcome page too.
    Please do let me know if any other setting need to be maintained . Is there any setting need to be done in ITS side.
    Regards
    Sahoo
    Message was edited by: Debaraj Sahoo

  • Fonts different between java 1.3.1_01 and 1.4.2_02

    I have upgraded to java 1.4.2_02 from 1.3.1_01 and most of my fonts now appear to be different. Do I really need to edit my application to make my fonts look like they did in the past or is there some sort of setting that will take care of this for me. For instance in 1.3.1_01 the font sansserif-bold-12, looks bold on my display. However in 1.4.2_02 it does not look bold. If I change the size to 14, then it does look bold.
    Does anyone have any ideas?

    No upgrade to graphics card. I still have java1.3.1_01 installed and if I change the path to use java 1.3.1_01 my fonts look okay. When I change the path to use java 1.4.2_02, they are not bold.

  • Re: single log-on (SSO) using Windows 2000 and Active Directory

    Hi Honggo,
    Its possible to see all the Active Directory users in WLS6.1 by
    configuring the ldap realm.
    You can use any of the username/password in ldap but you still have to
    login again.
    However the concept of single sign on across operating system and WLS
    might not work in WLS6.1. WLS 7.0 allows you to write code that
    supports these kind of things better.
    honggo wrote:
    anybody know how to use windows 2k authentication
    (implemented by Active Directory)
    to support SSO in WebLogic Server?
    What I mean is I want to login once and only once
    in win2000 and somehow weblogic server know
    who is currently logon and impose some Access Control
    many regards in advance
    honggo

    Replying again because it didn´t seem to work last time.
    Could you be more specific? What code do I have to write to achive single sing on across Windows and WLS 8.1?
    Regards
    Mauricio Hurtado
    Banco de Mexicio

Maybe you are looking for

  • Estimated Start time in notification based on Time defined in Work center

    Hi, Following Satish post- I am trying to find solution to the same  problem so i will appreciate any advise. When the notification is created ,the estimated start time should be based on priority .This in iteslf is pretty straight & simple. However

  • Black screen on starting X in Virtualbox guest

    Hi Arch Linux, I am running Arch linux as a Virtualbox 4.2.6 guest with a Windows 7 host. I have virtualbox-guest-utils 4.2.6-1 installed. When I run "startx" or "xinit" my screen goes black and freezes up. The VM seems totally unresponsive, I can't

  • Facebook & Flickr Export Problems

    One of the new features of Aperture 3 I was excited about was the Facebook & Flickr integration. I had previously been using a free Flickr plug-in and exporting my Aperture images to iPhoto to make use of the Facebook integration. After preparing a p

  • Problem starting transaction for MDB

              Hello All,           I have a MDB configured as Container managed transaction.           Sometimes I rollback a message sent to a Queue.           The problem is that sometimes the WEBLOGIC log show the follow error and do not           sta

  • File transfer status in rxvt-unicode?

    Hello, I had mounted a cifs and had been copying some movies from one of my computers to another through the terminal (mount -t cifs comp1:/share/ ~/somemntpoint) and I realized that I had no idea about the status of the file transfer.  Is there an a