Show TOC Start of Content Area

Background documentation Configuring Authentication Mechanisms  Locate the document in its SAP Library structure

The J2EE Engine is shipped with a range of login modules that support the most common authentication mechanisms. In this section, you find out how to use the login modules to set up the authentication mechanism that you require.

     Using Basic Authentication (User ID and Password)

By default, the J2EE Engine uses Basic Authentication for applications that are set up to use basic or form authentication.

     Using Client Certificates for User Authentication

Use client certificate authentication for applications that require a higher level of security.

     Using Security Session IDs for Single Sign-On Between Applications

By default, the standard JSESSIONID mechanism is used to exchange the information about the user’s identity between the Web applications when performing Single Sign-On.

     Using Logon Tickets for Single Sign-On

Use SAP logon tickets for Single Sign-On in an SAP system environment.

     Using Single Sign-On with Resource Adapters

You can use SSO when working with resource adapters.

     Using SAML Assertions for Single Sign-On

Users can use SAML assertions to access the J2EE Engine. The SAP J2EE Engine accepts SAML assertions for Single Sign-On, but it cannot issue such assertions.

     Using Kerberos Authentication for Single Sign-On

You can configure the J2EE Engine to use Kerberos authentication with the Simple and Protected GSS API Negotiation Mechanism (SPNego). The Kerberos protocol is an integral part of the Windows 2000 operating system and enables Windows Integrated Authentication without an intermediary Web server. You can also use Kerberos authentication to integrate non-Windows server components into the Windows Integrated Authentication infrastructure. The J2EE Engine can use Kerberos independently of the underlying Operating System (OS) of the J2EE Engine host.

     Using Header Variables for User Authentication

You can use header variable authentication to delegate user authentication to any external product which authenticates the user and returns an authenticated user ID as part of the HTTP header.

Note

Prior to SAP NetWeaver ’04 SPS15, this option was used to support integrated Windows authentication. In this case, the Microsoft Information Server (IIS) was used as an intermediary server and the user information was passed to the J2EE Engine by the IISproxy module in a header variable. However, as of SAP NetWeaver ’04 SPS15, we recommend using the Kerberos authentication mentioned above for using integrated Windows authentication unless a specific application still requires the use of the IISproxy module.

     Using Anonymous Logon to Access the Portal

Anonymous logon allows users to access the portal in anonymous mode, without providing any form of authentication. This may be required for external portals that allow internet users to access anonymous content.

End of Content Area