Single Sing On (SSO) is a great
thing. It saves us from slave labor of entering passwords into many different systems
every time as we are already logged into trusted system (e.g. operating system)
already.
However there are scenarios
that we don’t need to be authenticated via SSO and we would like the system
asks us for logon credentials. Most basic case is when we are testing
something. And in such a cases it comes handy when we know how to suppress e.g.
temporarily the SSO.
With regards to many SAP
applications which are accessed by web browser there is a special parameter supplied
that supports SSO disabling. Usually name
of the parameter is SPNEGO. It stands for Simple and Protected GSSAPI
Negotiation Mechanism (SPNEGO). This thing actually serves as a protocol used
to determine whether common GSSAPI (Generic Security Services Application
Program Interface) mechanisms are available. If so it selects it and dispatches
all security operations to it.
Whenever SPNEGO is used we
are authenticated by SSO and there is no need to enter password again. The
parameter is provided via URL of the application. How to use the parameter to
disable the SSO?
1. SAP Portal
usage:
2. NWBC
usage:
3. example case for JAVA
AS usage:
4. example of common app usage:
No comments:
Post a Comment