Authentication Security for SAP Shortcuts
SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP users can launch the SAP GUI from SAP shortcuts to directly access frequently used SAP NetWeaver Application Server for ABAP functions or transactions. SAP shortcuts enable transparent user authentication by saving the logon information of the user, including the password of the user.
SAP shortcuts can be created either from the standard toolbar of the SAP GUI or manually in a Microsoft Windows environment. Once they are created, shortcuts appear as regular desktop icons that you can store in your file system or send by e-mail.
When using SAP shortcuts you can store a user ID and password to log on transparently to the target AS ABAP system. You can either save the user ID and the password when you create the SAP shortcut or enter one at a later stage, for example when establishing the connection.
Access rights to the SAP shortcuts, and respectively to the logon information stored in them, are configurable from the operating system (OS) of the client workstation. Therefore, when you use SAP shortcuts for storing authentication information, any users with sufficient OS level permissions are able to use the SAP shortcut to log on to the AS ABAP system.
We recommend that you do not save user IDs and passwords with the SAP shortcuts. To enable transparent user authentication for SAP shortcuts you can use Secure Network Communications to enable Single Sign-On (SSO).
SNC Client Encryption does not support SSO.
SAP shortcuts also enable you to log on transparently web portal users with SSO using logon tickets. In this scenario, the authentication information in the logon ticket is passed to the SAP shortcut from a portal iView and used for the user authentication.
