Editing the Authentication Policy of AS Java Components

The authentication management functions of SAP NetWeaver Administrator enable you to determine what kind of authentication is required for users to access a component. You can create custom policy configuration templates and apply them to components. You can modify the policy configurations of components directly. These policy configurations determine what login modules are in the authentication stack and any configurations that apply to that stack.

When you change the configuration options for login modules in the authentication stack of a policy configuration, the login module options apply only to the component policy configuration where the login module is used. To apply a global change, you need to modify the login module itself.

For more information, see Managing Login Modules.

The authscheme and authscheme reference policy configuration types are only useful if you have the SAP Portal available. For more information, see the Portal Authentication Infrastructure section.

Procedure

Start SAP NetWeaver Administrator with the quick link /nwa/auth.
Choose the tabs Configuration Management Authentication and Single Sign-On Authentication Components .
Select a policy configuration.
Choose the Edit pushbutton.

Determine whether you want to use an existing template, or to change the policy configuration of the current component.

To use an existing template, select a template from the Used Template field.
For authscheme references, select a template from Used Authscheme.

The component uses the settings and authentication stack from the template. To edit these settings, edit the settings of the policy configuration template. To create a new template, see Creating Authentication Stack Templates for Policy Configurations.

To change the policy configuration of the current component, do the following:

Add and remove login modules as required.
The system applies the login modules in the order they appear in the list.
Set a processing flag for each login module.
For more information about login module flags, see Policy Configurations and Authentication Stacks.
Add options to and/or remove options from the login modules.

Set the authentication stack parameters in accordance with the type of policy configuration.

The following table lists the parameters available for the different types of policy configurations.

Parameters of the Policy Configuration Types
Parameter	Policy Configuration Types	Description
Frontend Target	Authscheme Authscheme Reference	Defines which iView the system launches when a user’s session does not satisfy the authentication scheme.
Policy Domain	Web	A user that accesses a Web application in a policy domain can access another Web application in the same policy domain without reauthenticating. For more information, see Single Sign-on for Web Applications.
Priority	Authscheme Authscheme Reference	A user that accesses an iView with one authentication scheme can access an iView with a lower priority authscheme without reauthenticating.
Session Fixation Protection	Custom Template Web	Determines how the component handles parallel HTTP requests. By default, the Common Session Management applies a strict policy, allowing access to resources only when the authentication types are identical and within the grace period. By default, the grace period is 2 seconds. Caution Use this property with caution. For more information, see Parallel HTTP Requests and Session Fixation Protection. End of the caution. To allow parallel requests with different authentication types within the grace period, choose `Grace Period`. Otherwise, choose `Strict`.

Save your entries.