Show TOC

Background documentationMaintaining Logon Procedures Locate this document in the navigation structure


You can choose from several different logon procedures when you use a HTTP request to log on to SAP Web AS. You can configure the procedure individually for each service or for an entire service node, including all its services.


At least one HTTP request handler must have been entered for the service or service node.


This graphic is explained in the accompanying text.


  • You can specify for every ICF service what logon procedure must be used to execute it. The following options are available:

    • Standard (default): When you log on, multiple checks are run in a specified order.

    • Alternative Logon Procedure: When you select this option, you can choose the checks yourself, and the order in which they run.

    • Logon Data Required: Only the logon data specified in the service (User, Password, Client, and Language) is used to check the logon.

    • SSL Certificate Required: Logons are performed using X 509 Certificate only.

      Note Note

      You can use only one of these options for each service or service node.

      End of the note.
  • If you use the Standard or Alternative Logon Procedures, you can use the All Logons checkbox to specify whether the appropriate checks are run (in the specified order) until one of the logon procedures is successful (checkbox activated), or whether the logon is rejected with a message as soon as a logon procedure fails (checkbox not activated).

    Note Note

    A logon procedure is then only checked when the corresponding logon data is also provided by the HTTP request.

    End of the note.

    Note Note

    An HTTP request can also contain logon data for multiple logon procedures, for example, for Basic Authentication and SAP Logon Ticket.

    End of the note.
  • For each service, you can also choose the Logon via SAML option. With SAML (Security Assertion Markup Language), you can use XML-based single sign-on mechanisms for your services.

  • For each service, you can define an individual response page that appears if the logon fails.