User Authentication and Single Sign-On
Authentication Concepts
Authentication for SAP GUI
User ID and Password Authentication for SAP GUI
Authentication Security for SAP Shortcuts
Client Certificate Logon for SAP GUI
Kerberos for SAP GUI Authentication
Windows NT LAN Manager (NTLM) Authentication
Authentication for Web Based Access
Anonymous Logon
Basic Authentication (User ID and Password)
Logon Tickets
X.509 Client Certificates
SAML Assertions
Kerberos Authentication
Header Variables
Authentication for Web Services
HTTP Transport Level Authentication
SOAP Message Level Authentication
SAML Token Profile
WS Security UsernameToken
Authentication for Communication between Systems
Authentication Infrastructure
AS ABAP Authentication Infrastructure
Profile Parameters for Logon and Password (Login Parameters)
Secure Network Communications (SNC)
System Logon
Security Aspects for BSP
Web Dynpro ABAP Security Guide
Defining the Logon Procedure
Logon Checks: Overview
Standard Logon Order
Alternative Logon Order
Logon Ticket Cache
Logon Using Service Data
Determining the Client
Determining the Logon Language
Inserting an HTTP Request Handler
AS Java Authentication Infrastructure
Declarative and Programmatic Authentication
Login Modules
Managing Login Modules
Creating the Configuration File for Login Modules
Policy Configurations and Authentication Stacks
Managing Authentication Policy for AS Java Components
User Mapping and the AS Java
Portal Authentication Infrastructure
Authentication Schemes
Authentication Scheme
Changing the authschemes.xml File
Defining an Authentication Scheme
Defining References to Authentication Schemes
Assigning an Authentication Scheme to an iView
User Mapping and the Portal
Single Sign-On to Back-End ABAP Systems
Integration in Single Sign-On (SSO) Environments
Single Sign-On for the SAP GUI
Logon and Password Security for SAP GUI
Password Rules
Customizing Switches for Generated Passwords
Logging Off Inactive Users
Single Sign-On for SAP Shortcuts
Configuring Component Systems to Accept Portal Logon Tickets
Using Transaction STRUSTSSO2 in SAP System >= 4.6C
Importing Portal Certificate into SAP System < 4.6C
Importing Portal Certificate into SAP System >= 4.6C
Integrate SAP GUI for Windows in a Portal iView
Single Sign-On with Client Certificates
Preparing the Central Instance
Activating SSO on the SAP Logon
Importing Public-Key Certificates on the AS ABAP
Single Sign-On with Microsoft Kerberos SSP
Preparing the Primary Application Server Instance
Configuring the SAP Front End
Configuring the SAP Logon
Mapping Windows Users to SAP Users for Kerberos SSO
Single Sign-On with Microsoft NT LAN Manager SSP
Starting the Windows LM Security Support Provider Service
Configuring the Application Server
Configuring SAP GUI and SAP Logon for Single Sign-On
Mapping Windows Users to SAP Users for NTLM SSO
Single Sign-On for Web-Based Access
Using Anonymous Logon to Access the Portal
Configuring Anonymous Logon with Named Anonymous Users
Using User ID and Password Authentication
Logon Using Basic Authentication
Logon Using User ID and Password on the AS Java
Configuring User Mapping with User ID and Password on an AS Java
Logon Using User ID and Password on the Portal
Configuring User Mapping with User ID and Password on a Portal
Using Logon Tickets
Using Logon Tickets with AS ABAP
Configuring the AS ABAP for Issuing Logon Tickets
Configuring the AS ABAP to Accept Logon Tickets
Accepting Logon Tickets Issued by another AS ABAP
Accepting Logon Tickets Issued by the AS Java
Using Logon Tickets with AS Java
Configuring the AS Java to Issue Logon Tickets
Specifying the Client to Use for Logon Tickets
Replacing the Key Pair to Use for Logon Tickets
Configuring the AS Java to Accept Logon Tickets
Manual AS Java Configuration for Accepting Logon Tickets
Testing the Use of Logon Tickets
Sample Login Module Stacks for Using Logon Tickets
Using Logon Tickets with the Portal
Configuring the Portal for SSO with Logon Tickets
Configuring Component Systems to Accept Portal Logon Tickets
Using Transaction STRUSTSSO2 in SAP System >= 4.6C
Importing Portal Certificate into SAP System >= 4.6C
Importing Portal Certificate into SAP System < 4.6C
Using More Than One Portal
Logon Tickets for Multiple Domains
How it Works
Configuring Logon Tickets for Multiple Domains
Configuring User Mapping with Tickets for SSO
Using an LDAP Directory for User Mapping with Tickets for SSO
Configuring User Mappings on the Behalf of Users
Using X.509 Client Certificates
Using X.509 Client Certificates on the AS ABAP
Logon with SSL Crtificates
Configuring the AS ABAP to Use X.509 Client Certificates
Using SAP Passports Provided by the SAP Trust Center Service
Configuring the System to Use the SAP Trust Center Service
Using X.509 Client Certificates on the AS Java
Configuring the Use of Client Certificates for Authentication
Modifying Client Certificate Authentication Options
Using Stored Certificate Mappings
Maintaining the User's Certificate Information
Maintaining Certificate Mappings Automatically
Using Rules Based on Client Certificate Subject Names
Using Rules Based on Client Certificate V3 Extensions
Defining Rules for Filtering Client Certificates
Using Client Certificates via an Intermediary Server
Enabling Certificate Revocation
How the Certificate Check Revocation Service Works
Modifying Additional Settings
Checking Certificates Manually
Removing or Updating CRL Cache Entries
Using SAML Browser Artifacts
Configuring AS Java as a SAML Destination Site
Adjusting the Login Module Stacks for Using SAML
Using SAML with the AS ABAP
Establishing a Connection Between AS ABAP and AS Java
Activating SAML for Resources in the AS ABAP
Logon via SAML
Mapping SAML Principals to AS ABAP User IDs
Using SAP NetWeaver for a SAML Source Site
Changing the Startup Mode for the SAML Service
Configuring the Portal as a SAML Source Site
Accessing an Application that Accepts SAML Assertions
Integrating a SAML-Enabled Application in the Portal
Example: Accessing Web Dynpro Application in a Portal Using SAML
The SAML Test Application
Setting Up the SAML Test Application
Using the SAML Test Application
SAML Parameters
Inbound Partner Parameters
Outbound Partner Parameters
General SAML Settings
Using Kerberos Authentication
Key Distribution Center Configuration
Configuring the UME
Configuring the UME when Using ADS Data Sources for Kerberos
Configuring the UME when Using Non-ADS Data Sources
Wizard-based Configuration for Kerberos Authentication
Step 1: Prerequisites
Step 2: Kerberos Realm
Step 3: Resolution Mode
Step 4: Policy Configuration
Step 5: Confirmation
Troubleshooting
Accessing AS Java with Kerberos Authentication
Using Header Variables
Single Sign-On for Web Services
Using Transport Level Authentication
Using Message Level Authentication
Message-Based Authentication with WS-Security
Configuring Single Sign-On with SAML Token Profiles
Preparing the SAML-Token-Profile-Issuing WS Consumer AS ABAP
Exporting the AS ABAP Certificate
Preparing the WS Provider AS ABAP for Accepting SAML Token Profi
Configuring a Trust Relationship for SAML Token Profiles Without
Single Sign-On for Interaction between Systems
Maintaining Remote Destinations
Displaying, Maintaining, and Testing Destinations
Entering Destination Parameters
Connection Types
Maintaining Trust Relationships between SAP Systems
Logon/Security
Destination Service
Maintaining HTTP Destinations
Maintaining RFC Destinations
Single Sign-On for Java Remote Method Invocation
Authentication for RMI-P4 Clients
Using P4 Protocol Over a Secure Connection
Security for RMI-IIOP Applications
Configuring the AS Java for IIOP Security
Single Sign-On for Resource Adapters and JCA
Developing Authentication Enhancements
Authentication Enhancements for the AS ABAP
System Logon
User-specific Changes
Creating Error Pages
Authentication Enhancements with SNC
Integration of SNC and an External Security Product in SAP Syste
External Security Products
Interfaces to External CPIC Programs
Interfaces to External RFC Programs
Developing Authentication Enhancements on the AS Java
Overview of the Login Process in JAAS
Integration of AS Java and UME Authentication
Using Login Modules to Protect Web Applications
Configuring Authentication
Using the HTTP Callback Classes
SAP Specific HTTP Callbacks
Changing the User Password
Single Sign-on for Web Applications
Security Sessions
Security Aspects for Web Services
Remote Authentication
Propagating Security Principals between Application Containers
Single Sign-On to Non-SAP Systems and Applications