The Single Sign-on for SAP solution is used with SAP GUI clients running on Windows systems that are joined to an Active Directory domain. The Single Sign-on for SAP installs and configures the qgsskrb5.dll module which provides a SAP Secure Network Communications (SNC) compliant Generic Security Services Application Program Interface (GSS-API) to Microsoft Security Support Provider Interface (SSPI) translation layer. You do not need to install any additional client software.
Note: The qgsskrb5.dll maps the GSS-API interfaces used by SAP GUI, to the corresponding SSPI system calls.
Once you have joined a Unix server to the Active Directory domain using Authentication Services, you can configure an SAP Server to use the GSS-API libraries provided by Authentication Services. You can then configure SAP GUI clients running on a supported operating system and joined to the same Active Directory domain (or forest) to use the credentials provided by Active Directory log-on to seamlessly authenticate to the SAP Server.
This describes and illustrates the solution's operation:
The user is never required to enter a user name and password, because authentication uses the existing Active Directory credentials acquired when the user logged onto their desktop.
Figure 1: SAP Server Configuration
The Single Sign-on for SAP solution provides increased security, identity integration, centralized auditing, data integrity, data privacy, and user experience. The integration of Unix and Linux hosts with Active Directory through Authentication Services allows SAP clients and servers to use the capabilities of the SAP Secure Network Communications (SNC) interface as a common security and authentication infrastructure and to fully leverage the ability of Active Directory to provide a secure authentication token in the form of a Kerberos ticket, while retaining the benefits of continued deployment of SAP server solutions on Unix hosts.
The topics in this section lead you through the most common configuration of Authentication Services Single Sign-on for SAP.