This section provides an overview of the supported authentication methods for intranet application scenarios including client and front-end technologies such as, Microsoft .NET, and Java.
For this scenario, SAP Gateway supports multiple authentication options, including the following:
SAML 2.0 Browser SSO
Requires an additional system, the Identity Provider (IdP), for example, SAP Identity Management (SAP ID Management) or Microsoft Active Directory Federation Service (AD FS).
You can leverage Windows Integrated for IdP authentication. The code side should behave "like a browser" in handling of HTTP redirects, forms, and cookie processing.
X.509 client certificate certificates can be distributed in one of the following ways:
PKI infrastructure for regular certificates.
SAP SSO product for generation of short-lived certificates.
Basic (username/password)
Secure credentials caching is needed. Password can be locked out as result of DDoS attack.
The figure below is an overview of the Desktop application scenario using SAP Gateway in a technical system landscape.
The following is an explanation of the figure depicted above:
Consumer:
Consumer is any desktop application directly communicating with the SAP Gateway system.
Consumption Layer:
In this scenario, one of the following options is used for SAP Gateway authentication:
Business Layer:
SAP Gateway uses Trusted RFC Connection to access backend services with named user.