Show TOC

7 Security Aspects Locate this document in the navigation structure

 

This chapter contains an overview of security aspects and recommendations relevant to using NetWeaver Business Client (NWBC). As security is a wide ranging, but important aspect that affects the server and the client, all security relevant aspects are described together here in this chapter. After the most basic recommendation to always use HTTPS for communications, the most interesting aspect is that of authentication. A large part of the chapter will be dedicated to draw parallels between the standard authentication processes which are available in any browser-based access to an SAP server and the authentication process as is supported by NWBC. This will include looking at: first authentication, also achieving single sign-on via certificates, and the subsequent re-authentication needed when each new application is started. On a small scale, the use of the Internet Communication Framework (ICF) to control access to NWBC services on the server is discussed.

This chapter will describe security concepts just at a high-level as far as they are relevant to NWBC. However, for detailed discussion of how specific security concepts are implemented in SAP servers, and especially their configuration, a reference will each time be made to the relevant documentation that covers that topic in depth.

In detail, this chapter has the following sections

  • 7.1 NWBC and Authentication

    Describes in general the authentication process from NWBC to the server. This section is important to understand that in principle the authentication process in NWBC is exactly equivalent to the authentication process as is managed in a browser.

  • 7.2 Use of Digital Certificates

    Goes into depth on how single sign-on can be achieved with the use of digital certificates.

  • 7.3 Logon Tickets

    Explains the prerequisite of logon tickets (MYSAPSSO2 cookies) to be available to handle the re-authentication process when starting a new application in the canvas.

  • 7.4 Trusted Relationships

    Extends the authentication process over multiple servers.

  • 7.5 Configuring Authentication on the Server

    Groups all relevant server configuration information. This is mostly a set of references to other relevant information for in-depth information.

  • 7.6 ICF Configuration

    Describes the use of ICF to control HTTP access to NWBC runtime.

  • 7.7 Certificate Error Popups in the Browser

    Very specifically highlights problems around the use of digital certificates that typically are perceived as error situations, although they are usually just different variations of invalid certificates.

Note Note

When using HTTPS, it is highly recommended to read at a minimum section 7.2 around the prerequisite of installing Microsoft hotfix 919477.

End of the note.