Show TOC Start of Content Area

Object documentation Authentication Scheme  Locate the document in its SAP Library structure

Definition

An authentication scheme is a definition of what is required for an authentication process. This includes the following:

·        The login module stack used to determine whether a user is granted access to an application

·        The user interfaces used to gather the information required to authenticate a user

·        Priority, enabling authentication schemas to be ordered

Use

You use authentication schemes to define what type of authentication is required for a specific application. By assigning an authentication scheme to an application, you specify the type of authentication required for that application.

You can enforce different authentication mechanisms for different iViews. Each iView is assigned an authentication scheme and only users that have logged on successfully with that authentication scheme or one with a higher priority can access the iView.

When users log on to an application and satisfy the authentication requirements for the authentication scheme required by the application, this information is stored in their logon ticket. If users try to access an application that requires a stronger authentication scheme, the users must re authenticate themselves and the system issues a new logon ticket with the new authentication scheme in it.

Authentication schemes enable pluggable authentication. You can easily plug in additional authentication schemes without having to change each individual application.

Integration

SAP NetWeaver Application Server for Java ships with a set of authentication schemes. These are defined in the authschemes.xml file.

All Web Dynpro applications are automatically assigned to the default authentication scheme, which in turn references the ticket login module stack.

In the portal, each shipped iView template is assigned a reference to an authentication scheme. Initially all references to authentication schemes point to the same authentication scheme (uidpwdlogon). If you have special authentication requirements, you can define custom authentication schemes and then change the configuration of the portal so that the references point to your custom authentication schemes. This enables you to change the authentication schemes without having to modify the iViews or iView templates.

Caution

If you change the authentication scheme referenced by default, you automatically change the authentication scheme used by all Web Dynpro applications as well.

The following figure illustrates this concept:

This graphic is explained in the accompanying text

 

For more information about changing the references to authentication schemes, see Defining References to Authentication Schemes.

For more information about defining new authentication schemes, see Defining an Authentication Scheme.

End of Content Area