Authentication

SAP Enterprise Portal offers the same authentication mechanisms as SAP NetWeaver Application Server for Java.

For more information about the available mechanisms and how to configure them, see AS Java Authentication Infrastructure and Single Sign-On for Web-Based Access .

Basic Authentication

This authentication mechanism is based on the Basic Authentication feature of the HTTP protocol. When you configure the portal to use HTTP Basic Authentication as authentication mechanism, authentication data is transported in clear text (base 64 encoded). This means that passwords can easily be read by an attacker with physical access to the network path between the client and the portal server. The attacker can then impersonate portal users. This is not a weakness of the portal itself, but a weakness of the standardized HTTP Basic Authentication mechanism.

For this reason, we strongly recommend using Secure Sockets Layer (SSL) between the client and portal server, since this encrypts all information exchanged between client and server including the authentication credentials.