Show TOC

Password Logon ScenariosLocate this document in the navigation structure

Use

The system logon can be used with every ICF logon procedure. Three scenarios are supported for logging on with user and password:

  • Logon using the logon ticket

  • Logon Using Basic Authentication.

  • Logon when application is started

Logon Using the Logon Ticket (SSO Logon)

Once the user and password have been entered on the logon page, the MYSAPSSO2 cookie is created that serves as the logon ticket. Any applications started after this are authenticated using this ticket. The authentication remains active until the browser window is closed.

For more information, see:

Password Changes in the SSO Environment

Prerequisites

  • The logon procedures Fields Authentication and SSO Authentication must be permitted in transaction SICF for the ICF node of your application.

    In transaction SICF in your application, on the title element Logon Data select the logon sequence Standard as the Procedure.

  • SSO must be configured correctly

  • Cookies must be allowed in the Web Browser

  • The URL must be fully qualified for starting the logon (FQDN)

    Note

    Logon using basic authentication becomes active when the SSO logon has been explicitly switched off (no logon with procedure SSO Authentication), or the SSO logon cannot be started due to an error in the configuration.

Logon Using Basic Authentication.

With basic authentication the authentication data is retrieved from the Web browser itself using a user dialog. For this reason on the system logon page these fields are inactive and are not activated until the user chooses the Logon pushbutton. The authentication remains valid until the browser window is closed.

For more information, see:

Changing Your Password with Basic Authentication

Prerequisites

The logon procedure Basic Authentication must be permitted in transaction SICF for the ICF node of your application. In transaction SICF in your application, on the title element Logon Data choose the entry Standard as the Procedure, or make sure that the entry Basic Authentication is available in the list below if you are using Alternative Logon Sequence.

Logon When Application is Started (session-based)

Caution

This procedure works only for applications that are stateful.

The authentication is valid only for the application just started. Once the application is closed or if the user switches to a different application the user must log on again.

The following applications work with the session-based logon procedure:

  • ITS applications

  • Web Dynpro applications

  • BSP applications that are stateful

Prerequisites

  • The logon procedure Fields Authentication must be permitted in transaction SICF for the ICF node. The logon procedures SSO Authentication and Basic Authentication must not be permitted.

    To do this, in your application in the SICF on the title element Logon Data choose Alternative Sequence as the Procedure and delete the entry SSO Authentication.

  • Cookies must be allowed in the Web Browser

  • The URL must be fully qualified for starting the logon (FQDN)

    Caution

    If SSO is configured for the system, a logon ticket is nevertheless issued. This can lead to security problems. For this reason ensure that SSO is deactivated for the system.