cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MII 12.1 SSO and MII Login Security

Go to solution
Former Member

on ‎10-28-2010 7:45 PM

0 Kudos

Currently, we have an SSO and ABAP security system that allows the customer to maintain and deploy users to MII. The issue that the customer sees as a potential security risk is if the user is not available in the ABAP system, the MII login screen appears to the user and allows them to type in a username and password. If, by chance, the user is available in the UME system of NW, then the operator could gain access to MII and its features. Our customer would like the MII login screen to be either disabled or we put some logic in to prevent the screen from appearing if the SSO certificate was invalid or rejected. I would like to know if there is a feature in either NW or MII that we could simply turn off the MII login screen or if anyone has done this in the past? What is the best practice to approach this?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

jcgood25
Active Contributor
‎10-29-2010 11:59 AM
0 Kudos

If the user does not belong to the XMII Users / Developers / Administrators roles then even if they get to the NW login screen (not sure how you would prevent that since it just redirects there when you're not logged in properly) they won't be able to do very much. The moment they would attempt to access anything inside the XMII web application, like the Menu.jsp or any other relevant URL the security aspects should prevent them from doing anything, and they should get nowhere.

I would suggest setting up an acceptible test situation to prove or disprove the security paranoia.

Show replies
Show replies

Answers (0)

Ask a Question