Thanks both methods working fine. Now we are planning to figure out best approach. Currently we configured SAP Single Sign-On for both ABAP & JAVA systems to work with X.509 certificates using Secure Login Server(SLS).
Thinking of Kerberos token approach without Secure Login Server(SLS).
1)It appears this approach need SPNEGO configuration in each ABAP/JAVA system separately unlike just parameters adjustment with SLS approach.
2)we need to have Service Principal Name(SPN) for each of ABAP/JAVA systems to be maintained in Windows serverice AD account unlike SLS, where we just need to maintain SPN's for SLS server.
Please suggest is it better approach to think about Kerberos without SLS?, to us it appears only benefit will be, will save Server resources for SLS. Other than that Approach of X.509 Certificates with SLS appears to be best. Also it appears SAP recommending customers to move towards digital(x.509) certificate based SSO instead of Logon tickets. Also thinking whether Keberos approach would be fine for ECC --> Portal SSO, as it is currently based on logon tickets. It does work with X.509 certificates approach didn't tried if Kerberos token approach will also work for ECC-->Portal SSO ?
Please provide your comments.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.