SAP SSO between Microsoft AD and SAP R/3 GUI&WebGui

Hello Everybody,
We are looking in to implementing SSO between Mircosoft AD and our SAP CRM ABAP 7.0.
We have users both logging in through SAP Gui and also the web gui.
Found there a multiple options for achieving SSO:
1) SNC
2) X.509 cerfificate
3) Kerberos
I would like to go with X.509 certificate , and have already implemented the SAPCRYPTOLIB 5.5.5. Now am trying to download the "SAP NW Single Sign on 2.0" for installing the Secure Login Library SSL. And when i looked at PAM the required product versions are only:
1. SAP EHP1 for SAP NW 7.3
2. SAP NW 7.3
3. SAP NW 7.4
4. SAP NW CE 7.2
So I went back and looked at PAM for SAP NW SINGLE SIGN ON 1.0 required product versions and I only see the below:
1. SAP EHP1 FOR SAP NETWEAVER 7.3
2. SAP NETWEAVER 7.3
3. SAP NETWEAVER CE 7.2
Our version of SAP is CRM ABAP 7.0, so I am not sure how/which version of Single Sign on I have to use.
Can someone please advise.
Thanks!

Thank you Donka for the information!
Looks like NW SSO 2.0 is supported for AIX 7.1 SAP ABAP CRM 7.0.
But we also have users logging in to ABAP CRM 7.0 via HTTP Web dispatcher.
And the PAM does not mention if NWSSO 2.0 is supported for X.509 method for web gui users logging in via HTTP.
Also if we decide to go with SSO 2.0 and I manually Install the COMMONCRYPTOLIB 8 instead of the SAPCRYPTOLIB 5.5.5, I should be able to use the Secure Login Library files that come with the SSO 2.0 right?
Here's our current Kernel version:
kernel make variant           720_REL, 64 BIT AIX, UNICODE , Patch number 500
Thanks!

Similar Messages

  • How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS

    Hi
    I have read the article on SDN called "How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS", which is also the name of my posting.
    The reason why I post this is that I've tried to follow the links in the PDF to get the file WebsphereEpSsoLib.zip but I get an error 403, which tells me that the file is not there.
    Does anybody know where this file went or can somebody tell me an alternative place to get this file?
    Jacob

    Please open the associated whitepaper, and you can find the download link to the .ZIP file on page 4.
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ibm/how to set up single sign-on between an ibm websphere portal and the sap enterprise portal using jaas.pdf
    Hope that works!
    Elise

  • Configure SSO between the SAPGUI and ECC 6

    Hi,
    I need a help to configure SSO between the SAPGUI and ECC 6. I configured the SNC using the parameters:
    snc/accept_insecure_rfc = 1;
    snc/accept_insecure_gui = 1;
    snc/accept_insecure_cpic = 1;
    snc/identity/as = p:Domain\SAPService;
    snc/enable = 1;
    snc/data_protection/use = 1;
    snc/data_protection/min = 1;
    snc/data_protection/max = 1;
    snc/gssapi_lib = D:\usr\sap \ <SID>\SYS\exe\nuc\NTI386\gssntlm.dll.
    I configured desktop with the DLL sncgss32.dll but is not functioning. Somebody has some idea the how solve this problem?
    Thanks
    Alex

    Hi Alex
    You have
    snc/identity/as = p:Domain\SAPService;
    Check the following (wrong user)
    snc/identity/as = p:Domain\SAPService<SAPSID>
    Where SAPService<SAPSID> is the user who runs the SAP System.
    You have
    snc/gssapi_lib = D:\usr\sap \ <SID>\SYS\exe\nuc\NTI386\gssntlm.dll
    Check the following (nuc is a wrong directory, the correct is uc)
    snc/gssapi_lib = D:\usr\sap \ <SID>\SYS\exe\uc\NTI386\gssntlm.dll
    Please, reward points if helpful
    Edited by: Eydar Del Angel on Apr 21, 2008 4:54 PM
    Edited by: Eydar Del Angel on Apr 21, 2008 4:55 PM

  • Can we have the interface between microsoft excel and adobe illustrator

    Can we have the interface between microsoft excel and adobe illustrator?

    Feature Request/Bug Report Form
    That aside, have you actually already explored variables or the graph tools?
    Mylenium

  • SSO between R/3 and Web Server Filter is not working

    Hi all,
    I have to configure SSO to access from SAP R/3 to a third-party web application through Web Server Filter.
    R/3 &#61664; WSF &#61664; 3rdParty App
    I think everything is configured properly, but when I issue the http request from R/3 to WSF I get the following error in sapsso.log file in apache server:
    ======================================================
    trc file: "/usr/local/app/apache/sapsso.log", trc level: 3, release: "620"
    Thu Nov 29 13:44:40 2007
    Webserver Ticket Filter Release Version 5.0.2.8
    Loading of the props returned 0=OK.
    Max cache size =  0
    Initialization done.
    Checking validity...
    Ticket Validation Error: expired.
    Checking validity...
    Ticket Validation Error: expired.
    Checking validity...
    Ticket Validation Error: expired.
    Checking validity...
    Ticket Validation Error: expired.
    Checking validity...
    Ticket Validation Error: expired.
    Checking validity...
    Ticket Validation Error: expired.
    ======================================================
    And in the error_log file of the apache http server there’s the following:
    ======================================================
    proxy_cache.c(969): No CacheRoot, so no caching. Declining.
    proxy_http.c(586): Content-Type: (null)
    Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...
    Got date              from ticket.
    Cur time = 200711291244.
    Computing validity in hours.
    Computing validity in minutes.
    CurTime_t = 1196426640, CreTime_t = -496601312
    validity: 216000, difference: 1693027952.000.
    proxy_cache.c(969): No CacheRoot, so no caching. Declining.
    proxy_http.c(586): Content-Type: (null)
    Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...
    Got date              from ticket.
    Cur time = 200711291244.
    Computing validity in hours.
    Computing validity in minutes.
    CurTime_t = 1196426640, CreTime_t = -496601312
    validity: 216000, difference: 1693027952.000.
    proxy_cache.c(969): No CacheRoot, so no caching. Declining.
    proxy_http.c(586): Content-Type: (null)
    Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...
    Got date              from ticket.
    Cur time = 200711291244.
    Computing validity in hours.
    Computing validity in minutes.
    CurTime_t = 1196426640, CreTime_t = -496601312
    validity: 216000, difference: 1693027952.000.
    proxy_cache.c(969): No CacheRoot, so no caching. Declining.
    proxy_http.c(586): Content-Type: (null)
    ======================================================
    It seems like there isn’t the date in the ticket issued by SAP R/3. However, I tried to configure sso between the same R/3 server and an EP and worked fine.
    I also tried to decrypt the ticket issued by R/3 but I get a segmentation fault.
    Does anyone can help me?
    Thanks in advance.
    Roger Allué i Vall

    Here's a excerpt of a strace of the httpd processes when receive the http request:
    13863 accept(16,  <unfinished ...>
    13864 accept(16,  <unfinished ...>
    13865 accept(16,  <unfinished ...>
    13866 accept(16,  <unfinished ...>
    13867 accept(16,  <unfinished ...>
    13868 accept(16,  <unfinished ...>
    13872 accept(16,  <unfinished ...>
    13863 <... accept resumed> {sa_family=AF_INET, sin_port=htons(2476), sin_addr=inet_addr("10.80.183.46")}, [16]) = 3
    13863 rt_sigaction(SIGUSR1, , {0x805fd50, [], SA_INTERRUPT}, 8) = 0
    13863 fcntl64(3, F_SETFD, FD_CLOEXEC)   = 0
    13863 getsockname(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("10.41.235.48")}, [16]) = 0
    13863 setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
    13863 read(3, "GET /Silicon/loginPasarela.jsp?accion=urgencias&icu=0010000694%20&nhc=0000147810 HTTP/1.1\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /\r\nAccept-Language: ca\r\nsap-mysapsso: 200711291818281ppOT/XT2eKtb8Unh0aexQAjQxMDIBABgAUgBBAEwATABVAEUAIAAgACAAIAAgACACAAYAMQAwADADABAAUgBIAEkAIAAgACAAIAAgBAAYADIAMAAwADcAMQAxADIAOQAxADcAMQA4BQAEAAAAPAkAAgBj/wFQMIIBTAYJKoZIhvcNAQcCoIIBPTCCATkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCARgwggEUAgEBMBMwDjEMMAoGA1UEAxMDUkhJAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMjkxNzE4MjhaMCMGCSqGSIb3DQEJBDEWBBRNZ7rlzxjw9r4UNi4m/MBvHYXK0TANBgkqhkiG9w0BAQEFAASBgNeYexwxhY7cUDZG7mGKmaljgqt2NBdlV!WA/4FUSFVpIewDtMQDtLjcAcVRsH2QMWxPs0!QSvlqlJHdm7VIvMe9pWMvs6ld8/U!lOTSQqtNyI!am770SgRMR60eiV3Ir8q8wfR8VXnO9acHHePnVN4O24!jwCOPxm6XAQuKMUAS\r\nsap-mysapred: http://sapwhi01.argos.gencat.intranet/Silicon/loginPasarela.jsp?accion=urgencias&icu=0010000694 &nhc=0000147810\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)\r\nC", 4096) = 1260
    13863 rt_sigaction(SIGUSR1, , , 8) = 0
    13863 time(NULL)                        = 1196356708
    13863 read(3, "ookie: MYSAPSSO2=AjQxMDIBABgAUgBBAEwATABVAEUAIAAgACAAIAAgACACAAYAMQAwADADABAAUgBIAEkAIAAgACAAIAAgBAAYADIAMAAwADcAMQAxADIAOQAxADcAMQA4BQAEAAAAPAkAAgBj%2fwFQMIIBTAYJKoZIhvcNAQcCoIIBPTCCATkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCARgwggEUAgEBMBMwDjEMMAoGA1UEAxMDUkhJAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMjkxNzE4MjhaMCMGCSqGSIb3DQEJBDEWBBRNZ7rlzxjw9r4UNi4m%2fMBvHYXK0TANBgkqhkiG9w0BAQEFAASBgNeYexwxhY7cUDZG7mGKmaljgqt2NBdlV%21WA%2f4FUSFVpIewDtMQDtLjcAcVRsH2QMWxPs0%21QSvlqlJHdm7VIvMe9pWMvs6ld8%2fU%21lOTSQqtNyI%21am770SgRMR60eiV3Ir8q8wfR8VXnO9acHHePnVN4O24%21jwCOPxm6XAQuKMUAS; JSESSIONID=50B5570A234B89887690DF50A993477D\r\nConnection: Keep-Alive\r\nHost: sapwhi01.argos.gencat.intranet\r\n\r\n", 4096) = 730
    13863 time(NULL)                        = 1196356708
    13863 write(2, "Thu Nov 29 18:18:28 2007\n", 25) = 25
    13863 write(2, "Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA... \n", 45) = 45
    13863 time(NULL)                        = 1196356708
    13863 write(5, "\nChecking validity...\n", 22) = 22
    13863 time(NULL)                        = 1196356708
    13863 write(2, "Got date              from ticket.\n", 35) = 35
    13863 time(NULL)                        = 1196356708
    13863 time(NULL)                        = 1196356708
    13863 write(2, "Cur time = 200711291718.\n", 25) = 25
    13863 time(NULL)                        = 1196356708
    13863 write(2, "Computing validity in hours.\n", 29) = 29
    13863 time(NULL)                        = 1196356708
    13863 write(2, "Computing validity in minutes.\n", 31) = 31
    13863 time(NULL)                        = 1196356708
    13863 write(2, "CurTime_t = 1196443080, CreTime_t = -496601312 \n", 48) = 48
    13863 time(NULL)                        = 1196356708
    13863 write(2, "validity: 216000, difference: 1693044392.000.\n", 46) = 46
    13863 time(NULL)                        = 1196356708
    13863 write(5, "Ticket Validation Error: expired.\n", 34) = 34
    13863 time(NULL)                        = 1196356708
    and so on.

  • SSO between Portal Application and Portal Admin Tool

    Hi All,
    We have a requirement for implementing SSO between a Portal application and
    Portal admin tool.
    We are using WL Portal 8.1 SP4.
    Here is the reason for this requirement -
    A user logged-into Portal Application needs to login to Portal Admin tool to
    do some admin activity. We want to provide a link in the portal application
    using which the user can directly login to the Portal Admin tool without
    having to enter the credentials again.
    If someone has any info on how to implement this, can you please point me in
    the right direction.
    Thanks,
    ~Deepak

    Hi,
    When creating PP you have 2 options
    PP used for compiling and PP used for Building
    You create PP with all the libraries into Developing/Compiling Other DCs
    And another PP with all the libraries into can be packaged into other build results (SDAs).
    Once you have these 2 PP in place you add the DC as used DC.
    And this should resolve the issue.
    Hope this helps.
    Cheers-
    Pramod

  • Difference between Microsoft Azure and IBM Softlayer

    can anybody suggest me what are the main differences in microsoft azure and ibm softlayer? why one has to go for azure ?

    This section is only for MSDN related questions and clarifications, please ask your question in the following Azure dedicated forums.
    http://azure.microsoft.com/en-us/support/forums/
    Thanks
    prathaprabhu

  • Interface between Microsoft Project and SAP Project Systems

    Hi,
    When we update SAP Project systems from Microsoft Project, our users want to swap values between project nodes id and description. Is this possible? Which BAPIs are used by OpenPs? I am trying to find a user-exit where I can swap these values.
    Thanks in advance.
    Regards
    Jitendra Pongurlekar

    Refer Note 579761. This can provide you some hint.
    Regards
    Sreenivas

  • SSO between R/3 and portal

    our portal certificate key has got expired so i have renewed it and imported the same into my ECC system and added to ACL list
    But now when we test the JCO connection the following error results
    com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: User is locked. Please notify the person responsible
    At OS level the following error is present in j2ee default trace
    #1.#1E2432724C0A006C000000E9004470220004998CBB00FB5C#1294729618716#com.sap.tc.webdynpro.tools.explorer.JCOConnectionsDetails#sap.com/tcwddispwda#com.sap.tc.webdynpro.tools.explorer.JCOConnectionsDetails#Administrator#31443##n/a##4456a3801d5111e090741e2432724c0a#SAPEngine_Application_Thread[impl:3]_31##0#0#Error##Java###User is locked. Please notify the person responsible
    [EXCEPTION]
    #1#com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: User is locked. Please notify the person responsible
            at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:516)
            at com.sap.mw.jco.MiddlewareJRfc$Client.connect(MiddlewareJRfc.java:1086)
            at com.sap.mw.jco.JCO$Client.connect(JCO.java:3256)
            at com.sap.mw.jco.JCO$Pool.initPool(JCO.java:4726)
            at com.sap.mw.jco.JCO$PoolManager.getClient(JCO.java:6181)
            at com.sap.mw.jco.JCO$PoolManager.getClient(JCO.java:6136)
            at com.sap.mw.jco.JCO.getClient(JCO.java:8804)
            at com.sap.mw.jco.webas.WebDynproExtension.addClientPool(WebDynproExtension.java:133)
            at com.sap.mw.jco.webas.WebDynproExtension.addClientPool(WebDynproExtension.java:74)
            at com.sap.tc.webdynpro.serverimpl.core.sl.AbstractJCOClientConnection.createPool(AbstractJCOClientConnection.java:322)
    The user details is useSSO so there is no R/3 or portal user involved as per my knowledge
    If any one has faced the above problem ,please help me with the solution

    Hi,
    It clearly says "User is locked". What you can do is goto http://<hostname>:50<sysnr>0 -> Content Administrator-> Web Dynpro Tools-> Maintain JCO destinations.
    Here you can see the list of JCOs that are maintained. Check the user that is used in the JCO for your scenario. This user will have got locked in the backend ECC system. Goto SU01 Tcode of the ABAP system and unlock it.
    Rgds,
    Soujanya

  • SSO between devinf page and CBS.CMS,DTR

    Hello,
    After navigating to NWDI home page , http://host:port/devinf    -> If I choose CBS /CMS/DTR it should login automatically.
    Is there any configuration required to achieve the same?
    Regards,
    Koti Reddy

    Hi Koti,
    Please have a look at http://help.sap.com/saphelp_nwce72/helpdata/en/af/7d7a8db8a44ff0880bc481a29b6447/frameset.htm but its for CE7.2...
    I am using the SSO enabled NWDI, checking for more details, if i found that i will let u know.
    Hope it helps
    Regards
    Arun

  • Are there any applications that help improve compatibility between Microsoft Powerpoint and OS X Mavericks versión?

    when I want to view the presentation in full screen the program crashes.
    -PowerPoint 2011.versión14.0(100825)
    -MacBook Air
    -OS X Mavericks(10.9.2)

    You will need to contact Microsoft for Mac Support  and/or post in their forums.

  • SSO between SAP Portal 7.3 and Ruby on Rails

    Hello Everyone,
    We are planning to integrate SAP Portal 7.3 and a RoR application and I am wondering If someone can share some experience (If you have any of course) on how to establish SSO between SAP Portal and RoR.
    The SAP Portal will act as service provided and RoR as a consumer, we don't have LDAP, so the Portal UME is in ABAP and RoR uses an own UME database. We have SSO between our Portal and SAP Backend systems.
    In RoR customers will have access to their own information (Invoices, etc..) that will be provided by the backend system.
    URL transaction and iFrames is not an option for us.
    The second option is to call Web Services, directly or through the SAP Portal (we are using a central sr).
    I am a NetWeaver consultant who heard about RoR but have no experience in this field.
    All help and tips are greatly appreciated!.
    Regards,
    Ridouan

    We used Client certificates. Still working on the PoC.

  • Enabling SSO betwen MOSS 2007 and SAP

    Hi Experts ,
    I have a requirement where we have to achieve SSO between MOSS 2007 and SAP .We should be able to access SAP based applications . We had earlier integrated iviews from EP into MOSS , some of which are even fetching data from ECC systems . Do we also need to change configurations on EP side ? Any suggestions will be highly appreciated .

    Hi ,
    enabling MOSS 2007 and SAP is upcoming now.
    please go through the links
    http://download.microsoft.com/download/c/6/c/c6c42b9f-66f4-47b3-99be-8e5afa1ddc9a/SSO%20with%20MS%20and%20SAP.pdf
    http://blogs.msdn.com/joanna_bichsel/archive/2007/09/25/sap-integration-with-moss.aspx
    regards
    nag

  • SSO between ITS 620 R/3 and EP

    Hi,
    I need to use ITS 620 for R/3 4.7 and EP 6.0 for ess/mss implementation
    I have to configure SSO between R/3 and EP.
    Do I also need to configure SSO between ITS and R/3 , ITS and EP also for this?
    If yes can any one tell me the steps in configuring SSO between ITS and R/3, ITS and EP ?
    advance thanks,
    PK

    UPDATE:
    I have installed a portal (SAp netweaver 7.0 Java stack) and have connected it to a ECC6.0 SR3 backend and I needed only to configure the SSO between portal and backend abap instance, and all worked fine. There was no need to configure the SSO between the integrated ITS and abap instance.
    About the error  message mentioned in my previous forum entry:
    I did not only do the steps for SSO between portal and backend as described in the blog "Configuring the Business Package for Employee Self-Service (ESS)", but I also did all the additional steps as mentioned in "10 golden rules of SSO".
    After that the error message "SSO logon not possible; logon tickets not activated on the server" did not appear anymore. (Instead a screen that asks for username and password always appears with the warning "No switch to HTTPS occurred, so it is not secure to send a password". But I think that's ok.)

  • Microsoft VM and Sun VM

    I wounder if smbd could explain me. Is there any problems with communication between Microsoft VM and programs that were compiled with Sun JDK.
    I develop a applet and compile it with Sun JDK. But I doesn't work on the Microsoft VM in my IE. Could it be really a problem? And how to avoid it?
    Thnks

    Yes. I'm using java2 and I have IEv6.0 and my java
    applet doesn't work.No, it doesn't. Microsoft's VM is Java version 1.1.4.
    What do I need to do in order my applet make workable?Two options:
    1) Use Sun's VM.
    2) Use only Java 1.1.4.
    I strongly recommend the first option.

Maybe you are looking for