Mais conteúdo relacionado
Semelhante a Sso Mac (20)
Sso Mac
- 1. SAPGUI:SSO with OSX : How to configure Sso/Mac and not die in the attempt
SAPGUI:SSO with OSX : How to configure Sso/Mac and not die
in the attempt
Applies to:
SAPGUI : SAPGUI for Java 7.00 rev 4
VM: Apple Computer, Inc. Version 1.5.0_07-87
OS: Mac OS X(i386) Version 10.4.10 / Intel-MAC
ADS: Windows 2003
Summary
How to implement the Single-sign on with Kerberos using SAPGUI for JAVA 7.00,
Author(s): Sr. Wenceslao Lacaze
Company: Bressay S.A.
Created on: 25 June 2007
Author Bio
For the past 6 yrs Wenceslao Lacaze as been working as a SAP basis Administrator and
Solution Manager consultant. Now he work in Bressay S.A. like consultant given support
and development new solution’s for several clients. He has developed a very extended
experience with medium and large scaled SAP systems ; SAP releases 3.0D up to the latest
range of SAP Netweaver products (versions 6.x and 7), supporting BI/BW, SCM, Live cache,
ITS, Portals, CRM, Web application server, SAP-XI, SAP Solution Manager, My major
expertise is in Unix and NT based SAP systems, mainly carrying Oracle databases.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com
© 2007 SAP AG 1
- 2. SAPGUI:SSO with OSX : How to configure Sso/Mac and not die in the attempt
Table of Contents
SAPGUI:SSO with OSX : How to configure Sso/Mac and not die in the attempt........................... 1
Applies to:................................................................................................................................... 1
Summary .................................................................................................................................... 1
Author Bio................................................................................................................................... 1
Table of Contents........................................................................................................................ 2
Configure Kerberos ..................................................................................................................... 2
Configure Sap Logon .................................................................................................................. 3
Related Content .......................................................................................................................... 3
Disclaimer and Liability Notice..................................................................................................... 3
Install Kerberos in OSX
To start to use Single-sign On (SSO) in Mac environments we need install the Kerberos/Seclude library in
our system.
If you don’t have installed , you can download from :
ftp://ftp.sap.com/pub/sapgui/java/misc/SNC_Krb5_SECUDE-MacOSX.tar
(control the forum https://www.sdn.sap.com/irj/sdn/message?messageID=2202442 for updates)
This TAR file have 2 files
• sncgssec.dyld for PowerPC (Secude framework must already be installed!)
• sncgssk5.dyld for Universal
Select the better library for you and rename to sncgss.dyld , then copy to “/usr/local/lib” or “/usr/lib” directory.
If you want use another directory, you have to set the SNC_LIB environment variable to the location of the
library.
i.e. export SNC_LIB=/mnt/server/lib/sncgss.dyld (for bash)
or set the user environment via file quot;~/.MacOSX/environment.plistquot; (see Developer Connection Technical
QA 1067 and Property List Editor Application which comes with the Developer Tools)
Configure Kerberos
If you work like consultant, usually you don’t include your MAC in the client domain, for use SSO you only
need type your password the first time when you logon, and then you have SSO until the ticket expire.
You need to setup the krb5.conf file in /etc with the follow lines :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com
© 2007 SAP AG 2
- 3. SAPGUI:SSO with OSX : How to configure Sso/Mac and not die in the attempt
[libdefaults]
ticket_lifetime = 24000
default_realm = SUB.DOMAIN.NET
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
[realms]
SUB.DOMAIN.NET = {
kdc = server_hostname.sub.domain.net
admin_server = server_hostname.sub.domain.net
default_domain = sub.domain.net
}
[domain_realm]
.sub.domain. = SUB.DOMAIN.NET
server_hostname.sub.domain.net = SUB.DOMAIN.NET
Configure Sap Logon
First of all, you need to configure your SAP Logon, in this example we configure the guimsg.txt in the
preference panel with file:/Library/Preferences/SAP/guimsg.txt,
The content of guimsg.txt is:
ELD : /M/server_hostname/S/3601
Click in New
Click in the drop box of System and select ELD
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com
© 2007 SAP AG 3
- 4. SAPGUI:SSO with OSX : How to configure Sso/Mac and not die in the attempt
The SAPGUI show the Group/Servers for Load balance, select the right option and click Security
In the Security TAB you see the SNC Name of the server, click in “Enable Secure Network Communication”
and Save.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com
© 2007 SAP AG 4
- 5. SAPGUI:SSO with OSX : How to configure Sso/Mac and not die in the attempt
When you try to logon, the system ask your DOMAIN password
Related Content
• Kerberos Forum
• User Authentication and Single Sign-On
• Single Sign On - FAQ
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com
© 2007 SAP AG 5
- 6. SAPGUI:SSO with OSX : How to configure Sso/Mac and not die in the attempt
Disclaimer and Liability Notice
This document may discuss sample coding or other information that does not include SAP official interfaces
and therefore is not supported by SAP. Changes made based on this information are not supported and can
be overwritten during an upgrade.
SAP will not be held liable for any damages caused by using or misusing the information, code or methods
suggested in this document, and anyone using these methods does so at his/her own risk.
SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of
this technical article or code sample, including any liability resulting from incompatibility between the content
within this document and the materials and services offered by SAP. You agree that you will not hold, or
seek to hold, SAP responsible or liable with respect to the content of this document.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com
© 2007 SAP AG 6
![SAPGUI:SSO with OSX : How to configure Sso/Mac and not die in the attempt
Table of Contents
SAPGUI:SSO with OSX : How to configure Sso/Mac and not die in the attempt........................... 1
Applies to:................................................................................................................................... 1
Summary .................................................................................................................................... 1
Author Bio................................................................................................................................... 1
Table of Contents........................................................................................................................ 2
Configure Kerberos ..................................................................................................................... 2
Configure Sap Logon .................................................................................................................. 3
Related Content .......................................................................................................................... 3
Disclaimer and Liability Notice..................................................................................................... 3
Install Kerberos in OSX
To start to use Single-sign On (SSO) in Mac environments we need install the Kerberos/Seclude library in
our system.
If you don’t have installed , you can download from :
ftp://ftp.sap.com/pub/sapgui/java/misc/SNC_Krb5_SECUDE-MacOSX.tar
(control the forum https://www.sdn.sap.com/irj/sdn/message?messageID=2202442 for updates)
This TAR file have 2 files
• sncgssec.dyld for PowerPC (Secude framework must already be installed!)
• sncgssk5.dyld for Universal
Select the better library for you and rename to sncgss.dyld , then copy to “/usr/local/lib” or “/usr/lib” directory.
If you want use another directory, you have to set the SNC_LIB environment variable to the location of the
library.
i.e. export SNC_LIB=/mnt/server/lib/sncgss.dyld (for bash)
or set the user environment via file quot;~/.MacOSX/environment.plistquot; (see Developer Connection Technical
QA 1067 and Property List Editor Application which comes with the Developer Tools)
Configure Kerberos
If you work like consultant, usually you don’t include your MAC in the client domain, for use SSO you only
need type your password the first time when you logon, and then you have SSO until the ticket expire.
You need to setup the krb5.conf file in /etc with the follow lines :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com
© 2007 SAP AG 2](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)