Show TOC Start of Content Area

Background documentation Authentication  Locate the document in its SAP Library structure

SAP NetWeaver Portal offers the same authentication mechanisms as SAPNetWeaver Application Server (AS) Java.

For more information about the available mechanisms and how to configure them, see AS Java Authentication Infrastructure and Single Sign-On for Web-Based Access.

Basic Authentication

This authentication mechanism is based on the Basic Authentication feature of the HTTP protocol. When you configure the portal to use HTTP Basic Authentication as authentication mechanism, authentication data is transported in clear text (base 64 encoded). This means that passwords can easily be read by an attacker with physical access to the network path between the client and the portal server. The attacker can then impersonate portal users. This is not a weakness of the portal itself, but a weakness of the standardized HTTP Basic Authentication mechanism.

For this reason, we strongly recommend using Secure Sockets Layer (SSL) between the client and portal server, since this encrypts all information exchanged between client and server including the authentication credentials.

End of Content Area