User Authentication and Single Sign-OnAuthentication on the SAP Web Application Server ABAPUsing Logon TicketsConfiguring the System for Issuing Logon TicketsObtaining a Certificate Signed by the SAP CAUsing a Self-Signed CertificateChanging from a Self-Signed Certificate to a Certificate SignedConfiguring the System to Accept Logon TicketsConfiguring SAP Web AS ABAP to Accept Logon Tickets from AnotherConfiguring SAP Web AS ABAP to Accept Logon Tickets from the J2EProtecting User InformationUsing X.509 Client CertificatesConfiguring the System for Using X.509 Client CertificatesPluggable Authentication Services for External AuthenticationAuthentication Mechanisms Supported by the PASAuthentication Using Windows NTLMVerifying User ID/Password on the Windows NT Domain ControllerAuthentication Using X.509 Client CertificatesAuthentication Using an LDAP Bind to a Directory ServerAuthentication Using an Arbitrary Mechanism on the Web ServerAuthentication Using a Mechanism Provided by a PartnerPrerequisites for Using PASLogon TicketsPrerequisites for Using Windows NTLM AuthenticationPrerequisites for Verifying Users on the Domain ControllerPrerequisites for Using X.509 Client CertificatesPrerequisites for Using an LDAP Bind to a Directory ServerPrerequisites for Using an Arbitrary Mechanism on the Web ServerPrerequisites for Using a Partner MechanismSecure Network CommunicationsConfiguring the PASConfiguring the Use of Logon TicketsConfiguring Windows NTLM Authentication on the Web ServerConfiguring SNCConfiguring SNC on the Application ServerConfiguring SNC on the AGateConfiguring SNC on the WGateInstalling the PASConfiguring the PAS Service FileExamplesSpecifying the HTTP Header Variable to UseMaintaining the User Mapping in the SAP SystemConfiguring the PAS for Providing the SAP User ID DirectlyTesting the ConfigurationTesting the Configuration Using the ITS Administration ToolTesting the Use of SNCTesting Logon Tickets and PASChecking the HTTP Header VariableSample Trace File: SNC InitializationSample Trace File (AGate): Successful PAS Authentication Using NSample Trace File (AGate): SAP User ID not FoundAuthentication on the J2EE EngineDeclarative and Programmatic AuthenticationLogin Modules and Login Module StacksLogin ModulesLogin Module StacksManaging Login ModulesManaging Policy ConfigurationsAuthentication SchemesAuthentication SchemeChanging the authschemes.xml FileDefining an Authentication SchemeDefining References to Authentication SchemesAssigning an Authentication Scheme to an iViewAuthentication Schemes Shipped with SAP NetWeaver AS JavaConfiguring Authentication MechanismsUsing Basic Authentication (User ID and Password)Using Client Certificates for User AuthenticationConfiguring the Use of Client Certificates for AuthenticationConfiguring the Use of Client Certificates via an Intermediary SLogin Module Stack for Client Certificate AuthenticationMaintaining the User's Certificate InformationAttribute Mapping for Client CertificatesUsing Security Session IDs for Single Sign-On Between ApplicatioUsing Logon Tickets for Single Sign-OnConfiguring the Use of Logon TicketsAdjusting the Login Module Stacks for Using Logon TicketsSample Login Module Stacks for Using Logon TicketsSpecifying the J2EE Engine Client to Use for Logon TicketsReplacing the Public-Key Certificate to Use for Logon TicketsConfiguring the J2EE Engine to Accept Logon TicketsTesting the Use of Logon TicketsChanging the Login Module Options for Creating Logon TicketsConfiguring SAP Web AS ABAP to Accept Logon Tickets from the J2EUsing Single Sign-On with Resource AdaptersUsing Header Variables or Integrated Windows Authentication forAdjusting the Login Module Stacks for Using Header VariablesConfiguring Integrated Windows Authentication in the PortalInstalling the IisProxy ModuleTesting the IisProxy ModuleConfiguring the IIS for Integrated Windows AuthenticationAdjusting the Login Module StacksUsing Integrated Windows and User ID/Password AuthenticationUsing SAML Assertions for Single Sign-OnMapping SAML Principals to SAP J2EE Engine User IDsConfiguring the Use of SAMLConfiguring the SAML ParametersAdjusting the Login Module Stacks for Using SAMLAccessing an Application that Accepts SAML AssertionsChanging the Startup Mode for the SAML ServiceThe SAML Test ApplicationSetting Up the SAML Test ApplicationUsing the SAML Test ApplicationOutbound Partner Parameters Used by the Test ApplicationExample SAML Mapping Module Used by the SAML Test ApplicationUsing Anonymous Logon to Access the PortalConfiguring Anonymous Logon with Named Anonymous Users
Authentication on the PortalSingle Sign-On in a Complex System LandscapeScenario: SSO Between Portal, Web Dynpro, and ABAP SystemsTesting That Web Dynpro System Accepts Tickets From PortalTesting Single Sign-On Between the Portal and the ABAP SystemSingle Sign-On to Non-SAP Systems and ApplicationsUsing Authentication When Developing Applications on the J2EE EnAuthentication for Web Applications Users on the J2EE EngineOverview of the Login Process in JAASUsing Login Modules to Protect Web ApplicationsExample Login ModuleCreate and Configure a Login ModuleCreating a New Java ProjectImplementing the Login ModuleSetting the Classpath and Compiling the Java ProjectExporting the Login Module Class in a JAR FileCreating a New Library ProjectMaking Reference to the Security Provider ServiceSetting the Classpath to the JAR of the Login ModuleMaking Reference to the JAR FileBuilding SDA FileDeploying the SDA to the J2EE EngineConfiguring the Login Module on the J2EE EngineConfiguring the Login Module UsageAdding a Reference to the Classloader of the Security ProviderConfiguring an Application to Use the Login ModuleExample Login ModuleLogin Modules Over HTTPSAP Specific HTTP CallbacksUsing the HTTP Callback ClassesChanging the User PasswordSingle Sign-on for J2EE Web ApplicationsPropagation of Security Principals to Other Containers on the J2Remote AuthenticationSecurity SessionsObtaining the Current Security Session