Configuring Logon to Supported Systems

To log on to systems with one-time password (OTP) authentication, you can apply the TOTPLoginModule to a relevant policy configuration and specify the type of authentication in the Administration UI. You can use two types of authentication: single-factor and two-factor authentication.

Prerequisites

You have set your policy configuration to use the TOTPLoginModule in SAP NetWeaver Administrator. For more information, see Configuring TOTPLoginModule and RBALoginModule.

Related Information

Configuring One-Time Password Authentication for Secure Login

Context

To log on to a system using Secure Login Client, you can create an authentication profile that serves as a pointer to the configuration of the TOTPLoginModule and download the client authentication policies to the Secure Login Client.

Procedure

  1. Log on to Secure Login Administration Console (SLAC) at http(s)://<host>:<port>/ssoadmin/sls
  2. To create an authentication profile, navigate to Start of the navigation pathClient Management  Next navigation step Authentication ProfilesEnd of the navigation path and choose Create.

    The Create New Authentication Profile wizard appears. For more information about how to configure the new authentication profile, see Related Information.

  3. To create a profile group, navigate to Start of the navigation pathClient Management Next navigation step Profile GroupsEnd of the navigation path and choose Create.

    A New Profile Group pop-up window appears. For more information about how to enter the group name and set the proper properties, see Related Information.

  4. To add the authentication profile to the profile group, go to the Details of <name of profile group> pane and choose Edit.
  5. Go to the Profile group tab and choose Add.
  6. To download the client authentication policies of the Secure Login Server to the Secure Login Client in a profile group, navigate to Start of the navigation pathClient Management Next navigation step Profile Groups Next navigation step Download PolicyEnd of the navigation path. For more information about how to download client policies files, see Related Information.
Related Information

Configuring One-Time Password Authentication for SAML 2.0 Identity Provider

Prerequisites

You have configured your identity provider with the relevant trust and identity federation settings. For more information, see Related Information.

Context

To log on to a system using the AS Java Identity Provider, you can create a custom authentication context and map it to the TOTPLoginModule that will be used by the identity provider to authenticate users.

Procedure

  1. Log on to SAP NetWeaver Administrator at http(s)://<host>:<port>/nwa.
  2. To create a custom authentication context, navigate to Start of the navigation pathAuthentication and Single Sign-On: SAML 2.0 Next navigation step SAML 2.0  Next navigation step Local Provider Next navigation step Authentication ContextsEnd of the navigation path tab and choose Edit.
  3. Choose Add
  4. In the Create Authentication Context window, enter the Alias and the Name, and choose OK.
  5. Filter your authentication context and set the type as Interactive. The context should support HTTP and HTTPS. For more information, see Related Information.
  6. To configure your identity provider to use your authentication context, navigate to Start of the navigation pathIdentity Provider Settings tab Next navigation step Supported Authentication Contexts paneEnd of the navigation path, and choose Edit.
  7. Choose Add.
  8. Select your authentication context and map it to the TOTPLoginModule in the Authentication Context and Login Module Mapping pop-up window.
  9. Filter your authentication context in the Supported Authentication Contexts pane and choose Copy to.
  10. Choose Default HTTPS Authentication Contexts and Default HTTP Authentication Contexts.

    The Default HTTPS Authentication Contexts and the Default HTTP Authentication Contexts appear in separate panes.

  11. Save your configuration.
Related Information

Configuring One-Time Password Authentication for Web Applications

Context

To log on to a web application running on SAP NetWeaver AS for Java, you can apply the TOTPLoginModule to the policy configuration of your web application.

Procedure

  1. Log on to SAP NetWeaver Administrator at http(s)://<host>:<port>/nwa.
  2. Navigate to Start of the navigation pathAuthentication and Single Sign-On Next navigation step Authentication tab Next navigation step ComponentsEnd of the navigation path and set the type to Web.
  3. Select the web application you want to configure for logon with one-time password authentication.
  4. To apply the TOTPLoginModule to the policy configuration of your web application, choose Edit and navigate to Start of the navigation pathDetails of policy configuration pane Next navigation step Authentication Stack tabEnd of the navigation path.
  5. Choose Add.
  6. From the dropdown list, select the TOTPLoginModule.
  7. Set the processing flag for your login module. For more information about login module flags, see Related Information.
Related Information