Communication Channel Security

The following graphic displays an overview of the communication channels listed in the tables below.

This graphic is explained in the accompanying text.

Technical System Landscape and Communication Channels

The tables below show the communication channels used by SAP Learning Solution , the protocol used for the connection, and the type of data transferred.

For a better understanding of the table, you should also display the graphics, which provide an overview of the technology landscape.

Learning Portal

Communication Path	Protocol Used	Authentication	Remark
Browser	HTTP, HTTPS	All authentications supported by the SAP Web AS, typically form-based-logon or standard authentication. Anonymous is supported. However, you should not use it since unique learner assignment is not possible in the back end.	With standard authentication, passwords are transferred in plain text. Consequently, you should protect the transports using SSL.
SAP Enterprise Portal, iView Server	HTTP, HTTPS	All authentications supported by the SAP Web AS. Typically, you can use the Single-Sign-On Ticket (SSO) here since logon has been done in the Enterprise Portal already.	For SSO, you must import the Enterprise Portal certificate into the SAP Web AS.

Communication Path	Protocol Used	Authentication	Remark
ERP system	RFC	Trusted RFC
SAP Enterprise Portal / Collaboration	RFC	Ticket	User4 for authentification, User3 for RFC authorization

Content Player

See also: Content Player (LSOCP)

Communication Paths for the Learning Portal: Inbound Relationships

Communication Path	Protocol Used	Authentication	Remark
Browser	HTTP, HTTPS	All authentications supported by the SAP Web AS/J2EE. The standard system uses anonymous. You do not require advanced authentication in the standard system since access is protected by a ticket.	Access to the Content Player is protected by a ticket. The ticket ensures that content can only be called one time using the URL. Only one ticket is valid at any one time.

Communication Paths for the Content Player: Outbound Relationships

Communication Path	Protocol Used	Authentication	Remark
Content Management System	HTTP, HTTPS	Anonymous, Basic	You store the user for authentication when you configure the Content Player. If you use HTTPS, you must set up HTTPS Support of the J2EE Engine. X509 certificate management is realized using the J2EE Engine.
ERP system	RFC (JCo)	User/Password	You store the user for authentication when you configure the Content Player. You must create a service user for the Content Player in the ERP system.

Communication Path

Protocol Used

Authentication

Remark

Content Management System

HTTP, HTTPS

Anonymous, Basic

You store the user for authentication when you configure the Content Player.

If you use HTTPS, you must set up HTTPS Support of the J2EE Engine. X509 certificate management is realized using the J2EE Engine.

ERP system

RFC (JCo)

User/Password

You store the user for authentication when you configure the Content Player.

You must create a service user for the Content Player in the ERP system.

Offline Player

Communication Path	Protocol Used	Authentication	Remark
Browser	HTTP	Anonymous	The Offline Player can be called from a local PC only.

Communication Path	Protocol Used	Authentication	Remark
LSOCP	HTTP, HTTPS	All authentications of the SAP Web AS/J2EE.

Authoring Environment

Communication Path	Protocol Used	Authentication	Remark
Browser	HTTP	Anonymous	The Offline Player can be called from a local PC only.

Communication Path	Protocol Used	Authentication	Remark
Content Management System	WebDAV, via HTTP, HTTPS	Basic, Anonymous	WebDav is an enhancement of the HTTP protocol. The Authoring Environment does not contain a separate truststore for X509 certificates. The Security Provider and the truststore of the Java 2 SDK installation is used. X509 certificates may have to be imported from the Content Management System if you want to use encrypted communication with SSL.
ERP system	RFC (JCo)	User/Password	Credentials must be entered in a dialog box when switching to online mode.

Environment for the Training Administrator in the Back End

Communication Paths for the Back End: Inbound Relationships

Communication Path	Protocol Used	Authentication	Remark
SAP GUI	DIAG	Standard SAP GUI

Communication Paths for the Back End: Outbound Relationships

Communication Path	Protocol Used	Authentication	Remark
SAP Enterprise Portal	RFC	With an SSO 2 Ticket. You store the user and password for generating the ticket in Customizing.	Only necessary if integration with Collaboration for SAP NetWeaver is active.
External Learning Management System (via XI)	SOAP	Anonymous

DIAG and RFC connections can be protected using Secure Network Communications (SNC). HTTP connections are protected using the Secure Sockets Layer (SSL) protocol.

For more information, see Transport Layer Security in the SAP NetWeaver Security Guide

Instructor/Tutor Role and Course Administrator Role in the SAP Enterprise Portal

Communication Paths for the Instructor/Tutor and Course Administrator Roles in the SAP Enterprise Portal: Inbound Relationships

Communication Path	Protocol Used	Authentication	Remark
Browser	HTTP, HTTPS	All authentications of the SAP Web AS/J2EE.

Communication Paths for the Instructor/Tutor and Course Administrator Roles in the SAP Enterprise Portal: Outbound Relationships

Communication Path	Protocol Used	Authentication	Remark
ERP system	HTTP, HTTPS	Single Sign-On Ticket (SSO)	The portal user is assigned to a corresponding user in the ERP system. You must create a user in the ERP system for the instructor or course administrator.

Communication Path

Protocol Used

Authentication

Remark

ERP system

HTTP, HTTPS

Single Sign-On Ticket (SSO)

The portal user is assigned to a corresponding user in the ERP system.

You must create a user in the ERP system for the instructor or course administrator.