Show TOC Entering content frame

Object documentation Authentication Scheme Locate the document in its SAP Library structure

Definition

An authentication scheme is a definition of what is required for an authentication process. This includes:

·        The login module stack that is used to determine whether a user is granted access to an application

·        The user interfaces that are used to gather the information required to authenticate a user

·        Priority, allowing authentication schemas to be ordered

Use

You use authentication schemes to define what type of authentication is required for a certain application. By assigning an authentication scheme to an application, you specify the type of authentication required for that application.

For iViews, you can enforce different authentication mechanisms for different iViews. Each iView is assigned an authentication scheme and only users that have logged on successfully with that authentication scheme or one with a higher priority can access the iView.

When users log on to an application and satisfy the authentication requirements for the authentication scheme required by the application, this information is stored in their logon ticket. If users try to access an application that requires a ‘stronger’ authentication scheme, the users will have to re-authenticate themselves and will be issued a new logon ticket with the new authentication scheme in it.

Authentication schemes enable pluggable authentication. You can easily ‘plug in’ additional authentication schemes without having to change each individual application.

Integration

SAP Web Application Server Java is shipped with a set of authentication schemes. These are defined in the authschemes.xml file.

All Web Dynpro applications are automatically assigned to the default authentication scheme, which in turn references the ticket login module stack.

In the portal, each shipped iView template is assigned a reference to an authentication scheme. Initially all references to authentication schemes point to the same authentication scheme (uidpwdlogon). If you have special authentication requirements, you can define custom authentication schemes and then change the configuration of the portal so that the references point to your custom authentication schemes. This allows you to change the authentication schemes without having to modify the iViews or iView templates.

Caution

If you change the authentication scheme referenced by default, you automatically change the authentication scheme used by all Web Dynpro applications as well.

The following diagram illustrates this concept:

This graphic is explained in the accompanying text

For details on changing the references to authentication schemes, see Defining References to Authentication Schemes.

For details on defining new authentication schemes, see Defining an Authentication Scheme.

 

 

Leaving content frame