SAP Gateway Authentication and Single Sign-On
Your SAP NetWeaver AS for ABAP provides the user authentication and single sign-on (SSO) functions for SAP Gateway.
SAP Gateway supports the use of the following authentication mechanisms:
-
X.509 client certificates
SAP Gateway recommends the use of client certificates for user authentication. Users need to receive their client certificates from a Certification Authority (CA) as part of a public-key infrastructure (PKI).
-
Security Assertion Markup Language
SAP Gateway also supports the use of SAML assertions for user authentication. The assertions can be issued by an Identity Provider (IdP) system, or by the SAP NetWeaver host with single sign-on capabilities.
Scenarios for Supported and Recommended Authentication Methods
The following is a list of the supported and recommended authentication methods for use in SAP Gateway scenarios:
|
Consumer and Authentication Option |
Basic |
X.509 Certificate |
SAML 2.0 |
SAP Enterprise Portal |
|
Web application (HTML5, Silverlight, Flex) |
√ |
√ |
Recommended |
√ |
|
Desktop application (Microsoft .NET, Java) |
√ |
Recommended |
√ |
√ |
|
Mobile application |
√ |
Recommended |
√ |
|
|
Cloud application |
√ |
Recommended |
||
|
Social network integration |
Recommended |
|||
|
Web server side (PHP/ASP.NET) |
Recommended |
√ |
A checkmark (√) indicates the supported authentication method for the consumer scenario. Empty spaces do not have any comments. SAP Gateway can use the SAP Gateway Portal as an authentication provider, trusting the portal to handle authentication.