Single Sign On is a key feature of SAP Enterprise Portal (SAP NetWeaver
Portal – SAP EP) which is used to provide access across systems with
single login id-password. Here the user is authenticated once and then
user can access other systems through portal. This authenticates the
user for all the applications they have been given rights to and
eliminates further logon prompts when they switch applications during a
particular session.
Single Sign-On is a key feature of SAP Enterprise Portal (SAP NetWeaver Portal or SAP EP) which is used to provide access across backend systems with single login id-password. Here the user is authenticated once and then user can access other systems through portal. This authenticates the user for all the applications they have been given rights to and eliminates further logon prompts when they switch applications during a particular session.
The Enterprise Portal SSO mechanism is available in two variants depending on security requirements and the supported external applications:
SSO by user mapping
- Using User Mapping
- Using Logon Tickets (Recommended)
SSO by user mapping can be used when the system is not capable of accepting SAP Logon Tickets. In this method the Portal user ID is mapped to the user ID and password of the ECC system. Here Portal login id and ECC login id can be different.
Steps in brief
As the user’s user ID and password are sent across the network, you should use a secure protocol such as Secure Sockets Layer (SSL) for sending data.
- Create a system in Portal for ECC.
- Set the required properties for the system.
- Set the Logon Method property to UIDPW.
- Set user mapping to access SAP ECC.
SSO by Logon Tickets:
SAP logon tickets represent the user credentials. The Portal Server issues a logon ticket to a user after successful initial authentication. The logon ticket itself is stored as a cookie on the client and is sent with each request of that client. It can then be used by external applications such as SAP systems to authenticate the portal user to those external applications without any further user logons being required.
SAP logon tickets contain information about the authenticated user. They do not contain any passwords.
Specifically, logon tickets contain the following items:
Thus SSO is very powerful technique to get access to all the resources with just one password.
- Portal user ID and one mapped user ID for external applications
- Validity period
- Information identifying the issuing system
- Digital signature
You don’t have to remember passwords for accessing each resource once SSO is implemented.
But we must be very careful while using SSO as only one password is used for accessing multiple systems.
No comments:
Post a Comment