Show TOC

Desktop Application ScenarioLocate this document in the navigation structure

Concept

This section provides an overview of the supported authentication methods for intranet application scenarios including client and front-end technologies such as, Microsoft .NET, and Java.

For this scenario, SAP Gateway supports multiple authentication options, including the following:

  • SAML 2.0 Browser SSO

    Requires an additional system, the Identity Provider (IdP), for example, SAP Identity Management (SAP ID Management) or Microsoft Active Directory Federation Service (AD FS).

    You can leverage Windows Integrated for IdP authentication. The code side should behave "like a browser" in handling of HTTP redirects, forms, and cookie processing.

  • X.509 client certificate certificates can be distributed in one of the following ways:

    • PKI infrastructure for regular certificates.

    • SAP SSO product for generation of short-lived certificates.

  • Basic (username/password)

    Secure credentials caching is needed. Password can be locked out as result of DDoS attack.

The figure below is an overview of the Desktop application scenario using SAP Gateway in a technical system landscape.

Desktop Application Scenario

The following is an explanation of the figure depicted above:

  • Consumer:

    Consumer is any desktop application directly communicating with the SAP Gateway system.

  • Consumption Layer:

    In this scenario, one of the following options is used for SAP Gateway authentication:

    1. X.509 client certificates distributed using SAP SSO or PKI.
    2. SAML assertions issued by IdP.
    3. SPNego tokens issued by domain controller.
    4. User credentials.

  • Business Layer:

    SAP Gateway uses Trusted RFC Connection to access backend services with named user.

More Information