Show TOC Start of Content Area

Background documentation Authentication  Locate the document in its SAP Library structure

The SAP NetWeaver Portal offers the same authentication mechanisms as the SAP NetWeaver Application Server (AS) Java. For an overview of the available mechanisms and how to configure them, see AS Java Authentication Infrastructure and Configuring Authentication Mechanisms.

Basic Authentication

This authentication mechanism is based on the Basic Authentication feature of the HTTP protocol. When you configure the portal to use HTTP Basic Authentication as authentication mechanism, authentication data is transported in clear text (base 64 encoded). This means that passwords can easily be read by an attacker with physical access to the network path between the client and the portal server. The attacker can then impersonate portal users. This is not a weakness of the portal itself, but a weakness of the standardized HTTP Basic Authentication mechanism.

For this reason, we strongly recommend using Secure Sockets Layer (SSL) between the client and portal server, since this will encrypt all information exchanged between client and server including the authentication credentials.

End of Content Area