Single Sign-On (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple back-end software systems. SSO enables authorized users to reliably and transparently access software resources across technical system boundaries.
Using SSO with your SAP NetWeaver systems complements user authentication and enables you to decrease the system administrative load when users need to access resources in several different systems. In addition, integrating your systems in SSO environments can strengthen the overall security protection of your systems and reduce security risks associated with securely storing authentication credentials and frequently providing them interactively to multiple back-end systems in complex system landscapes.
SAP NetWeaver enables you to configure various mechanisms, which authorized users must use to access a SAP NetWeaver server system with SSO. The mechanisms you can use and their configuration depends on the underlying technology of the SAP NetWeaver system and the communication channel used for accessing the system.
For an overview of the user authentication mechanism, their integration in SSO environments and the underlying SAP NetWeaver technologies that support them, see the table below.
User Authentication Mechanism |
SSO |
AS ABAP |
AS Java |
User ID and Password |
N |
Y |
Y |
User Mapping |
Y |
Y |
Y |
Secure Network Communications (SNC) |
Y |
Y |
N |
Logon Tickets |
Y |
Y |
Y |
Assertion Tickets |
Y |
Y |
Y |
X.509 certificates/SSL |
Y |
Y |
Y |
Kerberos |
Y |
Y |
Y |
SAML |
Y |
N |
Y |
Header Variables |
Y |
N |
Y |
For more information about configuring the AS ABAP and AS Java for integration in SSO environments, see the following sections:
· Single Sign-On for Web Based Access
· Single Sign-On for Web Services
· Interaction Between Systems (RFC and HTTP)
· Single Sign-On for Java Remote Method Invocations
· Single Sign-On for Resource Adapters and JCA
See also: