Integration in Single Sign-On Environments

SAP NetWeaver Application Server (AS) ABAP supports a number of mechanisms for authenticating users and providing for a Single Sign-On (SSO) environment.

• Secure Network Communications (SNC)

  SNC is available for user authentication and provides for an SSO environment when using SAP GUI for Windows or Remote Function Calls.

• Logon tickets

  SAP NetWeaver AS for ABAP supports the use of logon tickets for SSO when using a Web browser as the frontend client. In this case, users can be issued a logon ticket after they have authenticated themselves with the initial SAP system. The ticket can then be submitted to other systems (SAP or external systems) as an authentication token. The user does not need to enter a user ID or password for authentication but can access the system directly after the system has checked the logon ticket.

• Client certificates

  As an alternative to user authentication using a user ID and passwords, users using a Web browser as a frontend client can also provide X.509 client certificates to use for authentication. In this case, user authentication is performed on the Web server using the Secure Sockets Layer Protocol (SSL Protocol) and no passwords have to be transferred. User authorizations are valid in accordance with the authorization concept in the SAP system.

For the security aspects involved when using any of these mechanisms, see the following sections:

• Secure Network Communications (SNC)

• X.509 Client Certificates

• Logon Tickets

• Using X.509 Client Certificates on the AS ABAP

• Using Logon Tickets with AS ABAP

• Configuring AS ABAP as a Service Provider

• Using Kerberos Authentication on SAP NetWeaver AS for ABAP
• SAP Single Sign-On 2.0