Start of Content Area

Function documentation Integration in Single Sign-On (SSO) Environments   Locate the document in its SAP Library structure

Use

Single Sign-On (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple back-end software systems. SSO enables authorized users to reliably and transparently access software resources across technical system boundaries.

Integration

Using SSO with your SAP NetWeaver systems complements user authentication and enables you to decrease the system administrative load when users need to access resources in several different systems. In addition, integrating your systems in SSO environments can strengthen the overall security protection of your systems and reduce security risks associated with securely storing authentication credentials and frequently providing them interactively to multiple back-end systems in complex system landscapes.

SAP NetWeaver enables you to configure various mechanisms, which authorized users must use to access a SAP NetWeaver server system with SSO. The mechanisms you can use and their configuration depends on the underlying technology of the SAP NetWeaver system and the communication channel used for accessing the system.

Features

For an overview of the user authentication mechanism, their integration in SSO environments and the underlying SAP NetWeaver technologies that support them, see the table below.

User Authentication Mechanism

SSO

AS ABAP

AS Java

User ID and Password

N

Y

Y

User Mapping

Y

Y

Y

Secure Network Communications (SNC)

Y

Y

N

Logon Tickets

Y

Y

Y

Assertion Tickets

Y

Y

Y

X.509 certificates/SSL

Y

Y

Y

Kerberos

Y

Y

Y

SAML

Y

N

Y

Header Variables

Y

N

Y

Activities

For more information about configuring the AS ABAP and AS Java for integration in SSO environments, see the following sections:

·        Single Sign-On for SAP GUI

·        Single Sign-On for Web Based Access

·        Single Sign-On for Web Services

·        Interaction Between Systems (RFC and HTTP)

·        Single Sign-On for Java Remote Method Invocations

·        Single Sign-On for Resource Adapters and JCA

 

See also:

Authentication Concepts

Authentication Infrastructure

Developing Authentication Enhancements

End of Content Area