Winshuttle Server 10.x Admin Tool Guide: Configuring integrated logon (SSO)
The Integrated Logon section of the Server Admin Tool enables you to configure Winshuttle Server for SAP SSO (Single-Sign-on).
If your SAP environment only supports SSO, you need to enable integrated logon for Winshuttle SERVER.
Note: Integrated logon affects only the behavior of published Transaction and Query services. It does not impact scheduled or automated Transaction and Query scripts.
Note: Autopost and SSO
- The integratedLogon attribute applies only to SSO logon and does not affect Autopost functionality.
- Autopost with SSO is not supported through Winshuttle Central.
There are 2 types of SAP SSO logon methods supported by Winshuttle Server:
Kerberos-based SAP SSO logon
In this case, the published web service does not use the RunWithSapCreds method to send credentials to the SAP Server. Instead, an extra parameter called WindowsCreds is used with the Run method. If the WindowsCreds method is used, the user will need to successfully authenticate using windows credentials.
Note: You must also deploy the appropriate SSO client on the Winshuttle Server computer.
X509 certificate-based SAP SSO logon
In this case, the published web service does not have/use the RunWithSapCreds method. Instead, only one type of Run method is generated with no extra parameters.
The IntegratedLogon settings correspond to <integratedLogon> element in the web.config file. The <IntegratedLogon> element has the following attributes:
- Value: Set ‘True’ to enable integrated logon. Default value is ‘False’.
- X509SSO: Set ‘True’ is SSO logon is based on x509 certificates. Default value is ‘False’.