Tip

Authentication and single sign-on

Authentication and single sign-on
By Dr. Juergen Schneider

This tip is excerpted from "Internet Insights: SAP System Security for the Intranet and Internet" by Dr. Juergen Schneider in the April/May/June 2001 edition of SAP Insider.

    Requires Free Membership to View


To authenticate users when they access SAP applications, several mechanisms are supported (depending on security requirements and the SAP product release used). Everybody understands the concept of passwords, along with their advantages (easy to use, remember, and carry around) and drawbacks (weak passwords can be guessed, you may need several to access different systems, and the danger of wiretapping).

With SAP's SNC option, you can switch off passwords and achieve Single Sign-On from a separate security infrastructure deployed in your company. This can be your Windows NT or Windows 2000 network, or other security infrastructures as provided by SAP partner products. It is also possible to equip your users with digital certificates according to the X.509 standard and use them for SAP logon (with or without smartcards).

With HTTPS and SSL client authentication, digital certificates can be used for logon to SAP systems from a standard Web browser over the SAP Internet Transaction Server (ITS). A painless certificate enrollment procedure is provided with mySAP Workplace using the SAP Trust Center Service.

To allow even more options for flexible and secure user authentication and Single Sign-On, SAP recently introduced the SAP Logon Ticket mechanism. Using Pluggable Authentication Services (PAS), customers can install their favorite authentication service (for example, NT logon, LDAP logon, RADIUS, etc.) on the ITS and use it for the initial authentication to the first SAP application, such as the mySAP Workplace enterprise portal.

Upon successful authentication, an SAP Logon Ticket, which is valid for a limited period of time (typically a few hours), is created for the user and stored in the browser's main memory. This ticket is then used to access other SAP and non-SAP applications without additional user intervention.


To subscribe to SAP Insider, go to the magazine's website at http://www.sapinsider.com.

Did you like this tip? Send us an email to let us know your thoughts, or rate the tip on our tips page.

Related Book
Security Fundamentals for E-Commerce
Author : Vesna Hassler
Publisher : Artech House
ISBN/CODE : 1580531083
Cover Type : Hard Cover
Pages : 416
Published : Nov 2000
Summary:
Flexibly structured to give you a comprehensive overview or to help you quickly pinpoint topics of immediate concern, the book includes sections on basic security mechanisms, the specific requirements of electronic payment systems, address communication security, and Web- and Java-related security issues. A full section is devoted to the security aspects of code and customer mobility, specifically mobile agents, mobile devices, and smart cards. Over 70 illustrations help clarify important points throughout the book.


This was first published in May 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.