A Portal Security Issue
We have one portal system with two portal applications:SAP
ESS (Employee Self Service) and SAP LMS (learning management system).
Currently when users logs in the portal will use a network LDAP to
authenticate users access. Once users are authenticated they will see one
page (one view) with two buttons:one for ESS (associate Personal Data) and
the other is for Global Learning Center (LMS). We want to implement two
other application TCI (Total Compensation) within ESS and MSS (Manager Self
Service). Several Security issues has been raised. I can describe security
requirements in two categories: One general which is not very security
sensitive and network password is enough. LMS and some features in ESS
will fall in this category. We have very sensitive application like MSS
and TCI (which a component within ESS). For the sensitive application like
MSS and for the TCI component can we add additional level of authentication
or challenge response. For example when I login to my Bank web site not
only I enter my user id or account id and password but I have to answer
another confidential question. Some web site will show you a picture and
asks you to enter additional pin number. Have any one done some thing like
that in SAP portal? Any idea how to add additional security in SAP portal?
How to create custom login module? All components that I described
above belongs to the same portal application and belong to one ECC system?
Do you think we need two portal systems: one for sensitive and another for
We are thinking for two level authentication. One use LDAP to get into
the portal main page but when a user click on MSS their should be another
authentication (a password or something similar to that) ? Is this do
able? What is the best solution for this type of situations? We have someone
suggested to implement MSS on a separate portal and then added it to the
iView which will require UME authentication when someone try to access it.
The UME password will be different from the LDAP password. What you think
of this approach? Any different idea.