Start of Content Area

Component documentation Security and User Management  Locate the document in its SAP Library structure

The Portal Platform interfaces with the security mechanisms implemented by the J2EE Engine, including user authentication, single sign-on (SSO), authorization, and secure communication. The portal depends on an authentication service to implement the SSO mechanism that uses encoded cookies, to securely resolve user authorization and authentication across multiple sources of information for a user.

Security

Using security standards such as the Secure Sockets Layer (SSL) protocol and the Generic Security Services (GSS-API) interface for all communications between users, portal components, and enterprise applications, the portal offers strong encryption and information protection.

By allowing the use of SSL certificates at runtime, the portal desktop and iViews can be securely accessed.

Another layer of security is provided by a firewall. The portal can be configured to have secured points of access to all intranet URLs and applications. It uses HTTPS encryption protocol by default for connecting the browser to the intranet.

A third party Web server that resides in the demilitarized zone (DMZ) can provide a single secure access point. This creates a gateway that includes a reverse proxy server. The reverse proxy server then enables access to the portal without exposing it directly to the Internet.

Communication from the gateway to the server and intranet resources can be HTTPS or HTTP.

For detailed information about securing the portal, refer to the Portal Security Guide

 

End of Content Area