This is enabled through Kerberos, browser-based cookies, client certificates, or Security
Assertion Markup Language (SAML) tokens.
Using passwords to enter business applications. In this case, the SSO software
automatically enters the user credentials into
the password prompts or dialog boxes.
SAP has supported the first option for a long
time, with SAP logon tickets, Kerberos, and SAML.
Now, with SAP Net Weaver Single Sign-On, SAP
has greatly strengthened its support for both
options. Let’s take a closer look at two major
new capabilities now available within the SAP
Net Weaver Single Sign-On toolbox.
At the core of the new SAP NetWeaver Single
Sign-On solution is SAP’s new Secure Login
component (see Figure 1), which enables identity authentication through client certificates
(security tokens) across both SAP and non-SAP
applications. (In the past, customers needed to
turn to SAP partners to support authentication
through client certificates.)
A major benefit of using X.509 client certificates is that so many applications support this
method; it is a stable and widely accepted
standard (which translates into lower TCO).
Furthermore, this method provides more security than passwords do, protecting the user from
accidentally giving away or losing any private
credentials. On top of that, Secure Login provides customers with a lean, easy-to-use instance
that issues client certificates to users when they
Using Secure Login
If your company chooses to use Secure Login,
users will first have to authenticate against the
Secure Login SSO infrastructure. This initial
authentication needs to happen only once, as
long as users do not log out or shut down their
computer. For this initial authentication, Secure
Reuse of Windows credentials, which are
stored in an Active Directory. This process
happens in transparent mode, so users do not
have to type in their credentials again; rather,
they receive the client certificate as soon as
they log in to Windows. (Note: This feature
will be available in support package 1, planned
for October 2011.)
FIGURE 1 Q SSO in SAP GUI
with Secure Login
SAP Net Weaver
SAP Net Weaver
SAP’s Classic SSO Technologies Are Here to Stay
SAP has supported SSO through logon tickets and SAML* and will continue
to do so to enable web-based SSO scenarios.
In addition, SAP will continue to support the Kerberos open standard
method of SSO. SAP applications that support Kerberos for authentication
include SAP Net Weaver Portal. Users that work in a Windows domain with
Kerberos enabled will still be able to log in to the portal using Kerberos
without an external SSO solution.
* For more information, see “Taking SSO to the Next Level” by Dimitar Mihaylov and Yonko
Yonchev in the July-September 2010 issue of SAPinsider ( sapinsider.wispubs.com), as well as
“How to Future-Proof the Security of Your System Infrastructure in a Service-Enabled World”
by Yonko Yonchev in the July-September 2008 issue.
Jul n Aug n Sep 2011 | sapinsider.wispubs.com | © 2011 Wellesley Information Services.
No portion of this publication may be reproduced without written consent.