Show TOC

Desktop Application ScenarioLocate this document in the navigation structure


This section provides an overview of the supported authentication methods for intranet application scenarios including client and front-end technologies such as, Microsoft .NET, and Java.

For this scenario, SAP Gateway supports multiple authentication options, including the following:

  • SAML 2.0 Browser SSO

    Requires an additional system, the Identity Provider (IdP), for example, SAP Identity Management (SAP IDM) or Microsoft Active Directory Federation Service (AD FS).

    You can leverage Windows Integrated for IdP authentication. The code side should behave “like a browser” in handling of HTTP redirects, forms, and cookie processing.

  • X.509 client certificate Certificates can be distributed in one of the following ways:

    • PKI infrastructure for regular certificates.

    • SAP NetWeaver SSO product for generation of short-lived certificates.

  • Basic (username/password)

    Secure credentials caching is needed. Password can be locked out as result of DDoS attack.

The figure below is an overview of the Desktop application scenario using SAP Gateway in a technical system landscape.

Figure 1: Desktop application scenario

The following is the explanation for the illustration above:

  • Consumer

    Consumer is any desktop application directly communicating with the SAP Gateway system

  • Consumption layer

    One of the following options are used for SAP Gateway authentication:

    • X.509 client certificates distributed using SAP NetWeaver SSO or PKI

    • SAML assertions issued by IdP

    • SPNego tokens issued by domain controller

    • User credentials

  • Business Layer

    SAP Gateway uses Trusted RFC Connection to access backend services with a named user.