SPNEGO and Kerberos

SAP Business Client was originally designed to enable users to access data using multiple UI technologies from a single ABAP back-end system. To make data access secure, SAP recommends combining SAP Business Client with SAP Single Sign-On.

This solution is both simple and secure.

As of release SAP Single Sign-On 2.0, SAP Single Sign-On offers support for SPNEGO for ABAP.

Prerequisites

SAP NetWeaver Business Client 4.0, SAP Single Sign-On 2.0, SAP NetWeaver 7.3

Procedure

Setting up SPNEGO for ABAP is a simple and straightforward process that involves the following, manual configuration steps:

Install the Secure Login Library on the SAP NetWeaver AS for ABAP backend.
Set the system parameters spnego/enable and spnego/krbspnego in the SAP NetWeaver Application Server for ABAP, and configure the key Tab generated by the Active Directory Server in transaction SPNEGO.
Map the user’s Kerberos principal name to the ABAP user name using transaction SU01.

Leveraging this Kerberos-based SSO technology, you can implement an SAP Single Sign-On solution for your SAP Business Client quickly and easily, and without the need for a Java stack.

With SAP Single Sign-On 2.0 and SAP Business Client, you can simply reuse your Windows domain authentication for SSO, even across different domains.

Connecting Securely to Single and Multiple ABAP Backend Systems

To do this, search for NWBC Meets Single Sign-On on SCN.