SAP Single Sign-On

SAP Single Sign-On 3.0 SP01 – Secure Login Server with Enterprise PKI

The new Secure Login Server version of SAP Single Sign-On 3.0 enhanced its X.509 capabilities by adding support for Enterprise PKI products like Microsoft Active Directory Certificate Services or Certificate Management over CMS (CMC) based solutions. Up to version 2.0, multiple internal or HSM based certificate authorities (CAs) were provided. With version 3.0, a “Remote CA” can be implemented as registration authority, connecting to a PKI web service. Of course, …

Read More »

SAP Single Sign-On 3.0 – Secure Login Server REST API

The new Secure Login Server version of SAP Single Sign-On 3.0 comes with a new REST based X.509 certificate enrollment protocol. It allows other SAP products, third party developers, and customers to develop and implement their own “Secure Login” clients, using the full range of authentication, user mapping, and certificate configuration functionality of Secure Login Server. What’s the point? Secure Login Server comes with interfaces to multiple clients, like Secure …

Read More »

SAP Single Sign-On 3.0 Now Available

On July 4, 2016, SAP released the latest version of the SAP Single Sign-On product. Release 3.0 expands the existing coverage for mobile and cloud scenarios, modernizes the X.509 certificate-based scenario, simplifies implementation through close platform integration, and offers continuous improvement of security protocols based on market requirements, among other new features and enhancements. SAP Single Sign-On 3.0 continues to offer the sophisticated security functionality customers are looking for while …

Read More »

Single Sign-On and data protection for SAP GUI in an Enterprise Portal scenario

SAP GUI and Enterprise Portal Many customers use transaction iViews in the SAP Enterprise Portal to launch the SAP GUI for Windows. This allows them to provide role-based access to SAP GUI transactions to their end users. In addition the Portal is also able to issue logon tickets, which in the past were sometimes used for SAP GUI single sign-on to an ABAP backend system. Need for change The described …

Read More »

Simple Configuration Example for Implementing Two-Factor Authentication (2FA)

How to protect your AS JAVA application with Two-Factor-Authentication (2FA) based on Time-Based One-Time Passwords (TOTP) Goal: You want to improve the security for an application running on AS Java server using а simple 2FA solution Prerequisite: You have а license for the SAP Single Sign-On product. In this blog you will find the simple steps for configuring 2FA based on ТOTP for an AS JAVA application using the SAP …

Read More »

How to use the SAP Identity Provider for SSO to the AWS Management Console

After reading the great blog from Nikola Simeonov about the ‘Competitive Advantages of the Identity Provider Delivered by SAP‘, I have been looking at opportunities to use the technology that the SAP Identity Provider (IDP) provides for both SAP & non-SAP scenarios. This blog shows a common use case for enabling SAML 2.0 federated users access to the Amazon Web Services (AWS) Management Console via the SAP Identity Provider. How …

Read More »

SP6 for SAP Single Sign-On 2.0 Now Available

This week, SAP released the latest support package for SAP Single Sign-On 2.0. Support Package 6 contains a number of new features and functions as we continuously enhance the product to fulfill customer requests and upcoming security demands. New features include: Certificate Lifecycle Management for ABAP Application Servers Automated renewal of certificates for SAP NetWeaver Application Server ABAP using Secure Login Server (see SAP Note 2194174) Reduces manual efforts and …

Read More »

SSO operational documentation with Kerberos

Dear all, after SSO rollout with Kerberos we created a SSO operational documentation which can be useful for similar SSO operational issues. Here are the most important themes from our document, due to the data protection just a common information provided. – Troubleshooting Server AD Client – Normal operation User creation SSO mass user change reworking after system copy SSO certificates – Case study for different SSO problems Kerberos tickets …

Read More »

Kerberos/SPNEGO for SAP AS ABAP in a Multi Domain Environment.

What to consider when implementing Kerberos/SPNego scenario for SAP AS ABAP using SAP Single Sign-On product in a Multi Domain environment. Windows domain and forest containers are used to meet different authentication and authorization requirements in the corporate landscape, like for example centralizing resource management, organizing network objects into a logical hierarchical structure, implementing rules for sharing resources across a network, etc. Domain containers can be segregated into Domain Name …

Read More »

Helpful SSO links!

Hello all! Following these notes and SCN links is really helping me on my journey to setup SSO ! SCN community: http://scn.sap.com/community/sso Important BLOGS: http://scn.sap.com/community/sso/blog/2012/08/17/how-to-configure-sap-netweaver-single-sign-on-for-sap-gui-for-windows-with-kerberos-integration –> Nice blog.  Good detail on how to use kerberos to do SSO purely for SAP GUI for windows http://scn.sap.com/community/sso/blog/2015/03/04/reusing-kerberos-token-for-issuing-an-x509-client-certificate-with-secure-login-server –> interesting, http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/50e92ab8-a2a4-3210-aebe-9f21db341d3e?QuickLink=index&overridelayout=true&59983513260820 –> SPNEGO based Single Sign-On using Secure Login Server X.509 Client Certificates http://scn.sap.com/community/sso/blog/2013/09/18/mobile-single-sign-on-from-ios-7-to-sap-netweaver –> interesting for a mobile solution.  We can make …

Read More »