Configuring Authentication on the Server

Authentication Against an ABAP System

To access a Web application, AS ABAP uses the HTTP framework from Internet Communication Manager (ICF) that provides functions for defining the logon procedure. For more information, see Maintaining Logon Procedures below.

A simple process is available for configuring the system logon. In addition, you can customize the logon information according to your needs, for example, system ID, client, language, system messages, logon, and system information. For more information, see Creating and Configuring ICF Services under Communication between ABAP and Non-ABAP Technologies below.

With this, authentication against an ABAP system reduces to the normal authentication process as is standard for all Web-based applications on an ABAP stack, for example, BSP and Web Dynpro ABAP.

Settings for the Configuration for SSL support are particularly important for security with AS ABAP. For more information, see Configuring the AS ABAP for Supporting SSL under Network and Communication Security below. The logon ticket cache function is provided for increasing performance when multiple logons exist.

HTTPS Settings (SSL)

Install and configure SAPCRYPTOLIB.
Configure SSL in the Trust Manager ( STRUST) transaction.
Run the following test calls through a browser to verify that the HTTPS settings are configured correctly:

https://<server>:<port>/

More Information

The SAP NetWeaver Security Guide includes the useful topics below. This guide is available in the SAP NetWeaver library in the SAP Help Portal (http://help.sap.com/netweaver); choose Start of the navigation path

(relevant) SAP NetWeaver Platform Next navigation step

Security Information Next navigation step

Security Guide End of the navigation path

User Administration and Authentication:
- User Authentication and Single Sign-On
Network and Communication Security:
- Transport Layer Security (containing links to Secure Sockets and SNC, Configuring the AS ABAP for Supporting SSL
Security Guides for SAP NetWeaver Functional Units:
- Security Guides for the Application Server:
  - Security Guides for ASAP:
  - SAP NetWeaver Application Server for ABAP Security Guide:
    - User Administration and Authentication, Integration in Single Sign On Environments, Logon Tickets, Using Logon Tickets with AS ABAP
  - Security Guide: Web Dynpro ABAP

Alternatively, you can search for the above terms directly in the SAP Help Portal.

Authentication Against a Portal System

SAP Business Client uses the Ticket Issuer to log on to the J2EE server. The logon must be properly configured in the J2EE engine for this to work correctly.

Call the SAP NetWeaver Administrator.
Go to Configuration Management.
Choose Authentication.
Select component sap.com/tc~sec~sso~app*ticketissuer.

Enter the following as the assigned login modules:

Login Module Name	Flag
EvaluateTicketLoginModule	SUFFICIENT
ClientCertLoginModule	OPTIONAL
CreateTicketLoginModule	SUFFICIENT
BasicPasswordLoginModule	REQUISITE
CreateTicketLoginModule	OPTIONAL

This may appear as shown in the figure below:

Ticket Issuer

More Information

(relevant) SAP NetWeaver Platform Next navigation step

Security Information Next navigation step

Security Guide End of the navigation path

Portal Security Guide
SAP NetWeaver Application Server for ABAP Security Guide including the following topic:
- Using Logon Tickets with AS ABAP
SAP NetWeaver Application Server for Java Security Guide including the following topics:
- Transport Layer Security on the SAP J2EE Engine
- Configuring the Use of SSL on the J2EE Engine

Alternatively, you can search for the above terms directly in the SAP Help Portal.