Single Sing On (SSO) is a great
thing. It saves us from slave labor of entering passwords into many different systems
every time as we are already logged into trusted system (e.g. operating system)
already.
However there are scenarios
that we don’t need to be authenticated via SSO and we would like the system
asks us for logon credentials. Most basic case is when we are testing
something. And in such a cases it comes handy when we know how to suppress e.g.
temporarily the SSO.
With regards to many SAP
applications which are accessed by web browser there is a special parameter supplied
that supports SSO disabling. Usually name
of the parameter is SPNEGO. It stands for Simple and Protected GSSAPI
Negotiation Mechanism (SPNEGO). This thing actually serves as a protocol used
to determine whether common GSSAPI (Generic Security Services Application
Program Interface) mechanisms are available. If so it selects it and dispatches
all security operations to it.
Whenever SPNEGO is used we
are authenticated by SSO and there is no need to enter password again. The
parameter is provided via URL of the application. How to use the parameter to
disable the SSO?
1. SAP Portal
usage:
2. NWBC
usage:
3. example case for JAVA
AS usage:
4. example of common app usage:
2 comments:
Hi Martin
can SSO be disable for a single user?
So that only certain users are allowed to use SSO?
Many thanks
Best Regards
Mihel
Hi Mihel,
As far as I know in general it is not possible.
Also it depends against what SAP product you would want to disable the SSO for a single user.
Perhaps in case of connection via SAP GUI to SAP NetWeaver based system user can disable the SSO in SAP Logon Pad for particular SAP system.
cheers
m./
Post a Comment