Authentication and Single Sign
Authentication and Single Sign Authentication and Single Sign
SAP Logon Tickets – Prerequisites Prerequisites • At least same user IDs in connected backend systems (portal user ID can be different) • In case portal user ID is different than backend user ID, you need to maintain a user mapping for the ”SAP Reference System” • Trust configured Public key certificate of issuing system is available in verifying system ( necessary for verification of digital signature) Trust access control lists maintained (ABAP: strustsso2) SAP Reference System User Mapping • Standard user mapping functionality • PLUS: Retrieval of user ID from LDAP Directory Server © SAP AG 2005, Authentication and Single Sign On / Patrick Hildenbrand / 18
SSO to Non-SAP Components Using SAP Logon Tickets Portal WebAS ITS 3rd party application 5 mySAP.com user ID Application user ID Initial logon Access 1 2 3 Ticket Verification Library SAPSSOEXT Security product (SAPSECULIB) 4 Access Control List Workplace server Public address book (if not SAPSECULIB) SAP Logon Ticket © SAP AG 2005, Authentication and Single Sign On / Patrick Hildenbrand / 19
- Page 1 and 2: Authentication and Single Sign-On P
- Page 3 and 4: Authentication Identifies a Subject
- Page 5 and 6: Why Use Single Sign-On? Typical sit
- Page 7 and 8: What the Administrator Wants … Ce
- Page 9 and 10: Web-Based Authentication Methods
- Page 11 and 12: Authentication and SSL with X.509 C
- Page 13 and 14: Obtaining a X.509 Certificate Digit
- Page 15 and 16: SAP Logon Tickets - SSO Process Por
- Page 17: What is a SAP Logon Ticket • SAP
- Page 21 and 22: Multi Domain SSO Recommendation:
- Page 23 and 24: Adding the User Name Header • The
- Page 25 and 26: Header Based Authentication Best Pr
- Page 27 and 28: SAML - SSO Process Authentication A
- Page 29 and 30: Pluggable Authentication Service (P
- Page 31 and 32: Pluggable Authentication Service: A
- Page 33 and 34: JAAS Authentication J2EE Browser Wi
- Page 35 and 36: Single Sign-On for SAP GUI for Wind
- Page 37 and 38: SSO From Web to Traditional - ITS
- Page 39 and 40: Prerequisites 1) Users have the sam
- Page 41 and 42: System Preparation 1. Export Portal
- Page 43 and 44: Agenda Authentication and Identitie
- Page 45 and 46: Single Sign-On Possibilities Authen
- Page 47 and 48: Further Information Public Web: ww
SSO to Non-SAP Components Using SAP Logon Tickets<br />
Portal<br />
WebAS<br />
ITS<br />
3rd party<br />
application<br />
5<br />
mySAP.com<br />
user ID<br />
Application<br />
user ID<br />
Initial<br />
logon<br />
Access<br />
1<br />
2<br />
3<br />
Ticket Verification Library<br />
SAPSSOEXT<br />
Security product<br />
(SAPSECULIB)<br />
4<br />
Access Control List<br />
Workplace server <br />
<br />
Public address book<br />
(if not SAPSECULIB)<br />
SAP Logon Ticket<br />
© SAP AG 2005, <strong>Authentication</strong> <strong>and</strong> <strong>Single</strong> <strong>Sign</strong> On / Patrick Hildenbr<strong>and</strong> / 19