SES 6: Single Sign-On and User Authentication

Folks, now that we’ve learn about security in SAP Fiori system, let’s dig deep into advanced security concepts in authentication in SAP Fiori landscape.

The SAP Fiori systems needs to know the identity of a user. Knowing a user’s identity allows SAP Fiori system to provide customized experience and allow user permission to access data from the backend servers. The authentication concept for SAP Fiori apps include initial user authentication on ABAP frontend server, followed by authentication of all requests to the backend systems.

#Insight

Authentication is a process in which the credentials provided by a user from the client/browser are compared to those on file in a database of authorized users. After the user is authenticated, it then creates a security session between the client and SAP Gateway server for that particular user.

Take a look at the table below. It shows different types of SAP Fioir apps which support authentication methods for SSO.

Authentication
Method
for SSO
Transactional
Apps
Fact Sheet
Apps
Analytical
Apps (via
SAP HANA XS)
Search (Fact
Sheet) Apps
Username /
Password
YES YESYES YES
SPNego/Kerberos
(with SAP
NetWeaver
SSO)
YESYESNONO
SAML 2.0YESYESNONO
SAP logon ticketsYESYESYES YES
X.509YESYESYESYES

Kerberos/SPNego

It is a network authentication protocol developed by MIT and arobust protocol which protects from all kinds of attacks. Kerberos offers a trusted third-party and a protocol for authentication. It is built on symmetric-key cryptography and uses tickets to authenticate. It also avoids storing and sharing passwords locally over the internet.

You can enable Kerberos/SPNego authentication for the ABAP frontend server to access SAP Fiori apps in your corporate network. Because active directory system is typically located in your corporate network, Kerberos authentication cannot be used outside the network. To enable SSO outside your corporate network, you need to setup a virtual private network (VPN) connection.

Advantages of Kerberos/SPNego

  • SSO setup within your system landscape will be simplified by using Kerberos for both SAP GUI or HTTP.
  • It is supported by most mobile device vendors.
  • A separate logon to the ABAP frontend server is not necessary.
  • Kerberos/SPNego simplifies the logon process to the ABAP frontend server by using the user’s window logon data.

#Insight

The configuration process of Kerberos/SPNego authentication requires significant involvement from your Active Directory Administration Team. The entire procedure for configuring Kerberos/SPNego authentication is documented in the implementation guide on SAP help portal.

Follow our Blog for more updates and current offers!

[hubspot type=form portal=5934508 id=b37ebdfc-5650-4300-9817-b74e08369d72]

Business Consultation and Business Model

At SAP Expert Solutions, apart from SAP services, we actively indulge ourselves in Business Consultation and improve ourselves for the good too, helping small-scale business to scale-up their business growth and individuals to make extra income!

Thus, we have started an initiative to help some of you, on a regular interval basis. Get our Business Guide on Top Successful Business Models & Ideas, specially designed and curated by our Business Support Team. 

The Event Sale Timeline: 1st June 2019 – 1st October 2019

Follow and Stay tuned at SAP Expert Solutions for upcoming events and offers. So, gear up, brace yourselves and get ready for the Business Revolution!


CLICK HERE TO GET YOURSELF A COPY OF BUSINESS GUIDE!

Leave a Reply

%d bloggers like this: