Authentication and Single Sign
Authentication and Single Sign Authentication and Single Sign
Communication in Integration Scenarios User Id / Password Kerberos NTLM Web access management products SAP Enterprise Portal Applications SAP Logon Ticket X.509 Certificate SAML Artifact WAM Token - Plug-In / Agent © SAP AG 2005, Authentication and Single Sign On / Patrick Hildenbrand / 44
Single Sign-On Possibilities Authentication Type SSO to non-SAP Applications SSO to SAP Applications User ID / Password •EP User Mapping •EP User Mapping X.509 Digital Certificates SAP Logon Tickets Integrated Windows Authentication EAM-Authentication SAML •Direct client connection •SAP Web Server Filter •SAP Ticket Verification Library •NTLM/Kerberos via direct client connection to IIS applications •Using EAM SSO Agent Software •Application specific •Direct Client Connection •Certificate sent by EP Server •SAP Application configuration •NTLM/Kerberos via IIS (plus IISProxy) to WebAS Java 6.40 or SAP EP 6.0 •Using WAM SSO Agent plus HTTP Header Authentication to WebAS Java 6.40 or SAP EP 6.0 •WebAS Java 6.40 Other •Application specific •JAAS (Custom Authentication Modules) © SAP AG 2005, Authentication and Single Sign On / Patrick Hildenbrand / 45
- Page 1 and 2: Authentication and Single Sign-On P
- Page 3 and 4: Authentication Identifies a Subject
- Page 5 and 6: Why Use Single Sign-On? Typical sit
- Page 7 and 8: What the Administrator Wants … Ce
- Page 9 and 10: Web-Based Authentication Methods
- Page 11 and 12: Authentication and SSL with X.509 C
- Page 13 and 14: Obtaining a X.509 Certificate Digit
- Page 15 and 16: SAP Logon Tickets - SSO Process Por
- Page 17 and 18: What is a SAP Logon Ticket • SAP
- Page 19 and 20: SSO to Non-SAP Components Using SAP
- Page 21 and 22: Multi Domain SSO Recommendation:
- Page 23 and 24: Adding the User Name Header • The
- Page 25 and 26: Header Based Authentication Best Pr
- Page 27 and 28: SAML - SSO Process Authentication A
- Page 29 and 30: Pluggable Authentication Service (P
- Page 31 and 32: Pluggable Authentication Service: A
- Page 33 and 34: JAAS Authentication J2EE Browser Wi
- Page 35 and 36: Single Sign-On for SAP GUI for Wind
- Page 37 and 38: SSO From Web to Traditional - ITS
- Page 39 and 40: Prerequisites 1) Users have the sam
- Page 41 and 42: System Preparation 1. Export Portal
- Page 43: Agenda Authentication and Identitie
- Page 47 and 48: Further Information Public Web: ww
<strong>Single</strong> <strong>Sign</strong>-On Possibilities<br />
<strong>Authentication</strong> Type SSO to non-SAP Applications SSO to SAP Applications<br />
User ID / Password<br />
•EP User Mapping<br />
•EP User Mapping<br />
X.509 Digital<br />
Certificates<br />
SAP Logon Tickets<br />
Integrated Windows<br />
<strong>Authentication</strong><br />
EAM-<strong>Authentication</strong><br />
SAML<br />
•Direct client connection<br />
•SAP Web Server Filter<br />
•SAP Ticket Verification Library<br />
•NTLM/Kerberos via direct client<br />
connection to IIS applications<br />
•Using EAM SSO Agent<br />
Software<br />
•Application specific<br />
•Direct Client Connection<br />
•Certificate sent by EP Server<br />
•SAP Application configuration<br />
•NTLM/Kerberos via IIS (plus<br />
IISProxy) to WebAS Java 6.40 or<br />
SAP EP 6.0<br />
•Using WAM SSO Agent plus<br />
HTTP Header <strong>Authentication</strong> to<br />
WebAS Java 6.40 or SAP EP 6.0<br />
•WebAS Java 6.40<br />
Other<br />
•Application specific<br />
•JAAS (Custom <strong>Authentication</strong><br />
Modules)<br />
© SAP AG 2005, <strong>Authentication</strong> <strong>and</strong> <strong>Single</strong> <strong>Sign</strong> On / Patrick Hildenbr<strong>and</strong> / 45