cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SCC Authentication Failure and Registration Handling - Object API Native App

Former Member

on ‎03-06-2013 8:06 AM

0 Kudos

Hi Guys,

I have developed a windows application(Object API based), which uses SSO(single sign on) for authentication. On passing the user credentials from my login screen, the authentication happens with SAP and connection would be established. On valid credentials, the device gets registered and authenticated, finally returns the MBO datas. But my problem is when i enter wrong credentials(either wrong user id/password), though the authentication fails with SAP the device gets registered with the user name i provide. I want to avoid this unwanted device registration though the authentication fails with SAP. This could be considered as security threat.

Currently we are using the default security provider viz No Security Provider. We havent planned for any configuration/change in security provider as of now. So the authentication happens only with SAP.

I have the following queries

1) Do we have a way/control to avoid the device registration in SCC where when SAP authentication fails via SSO.

2) Do we have any API, so that could be this handled in application code level.

3) Do we have any sup APIs, to capture the error message when authentication fails in SAP. im calling "application.registerapplication" in the code level for registration and authentication. If i could capture the error, i could use 'application.unregisterapplication'.

Regards,

Raja

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

midhun_vp
Active Contributor
‎08-19-2013 7:01 AM
0 Kudos

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/506b82a3-53ea-3010-fea6-a4b087c96...

- Midhun VP

Show replies
Show replies
Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎08-18-2013 12:49 PM
0 Kudos

Hi Raj,

How come you are using SSO though you using no security provider at SUP level?

For SSO , You need to deploy mbo package with SSO security.

Use HttpAuthenticationLoginModule for SAP SSO2 token authentication.

You can use siteminder concept at sup and sap level.

Check below links

http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01092.0221/doc/html/sau1347910896054...

http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01092.0221/doc/html/sau1347910596605...

http://scn.sap.com/docs/DOC-29574

Regards,

Jitendra Kansal

Show replies
Show replies
midhun_vp
Active Contributor
‎08-19-2013 6:39 AM
0 Kudos

As Jithendra asked how you are doing a SSO with "No sec provider". No sec provider is only for development environment. You need to use other security providers for a production environment. Now I believe that you are deploying the MBO package to the default security "admin". Instead of that you need to create a new security domain and deploy the MBO package to that and authenticate against it.

Check this,

  • No Security Provider
    A NoSec provider offers pass-through security for Unwired Server, and is intended for use in development environments or for deployments that require no security control. Do not use this provider in production environments— either for administration, or device user authentication.
  • LDAP Security Provider
    (Not applicable to Online Data Proxy) The LDAP security provider includes authentication, attribution, and authorization providers. Add an LDAP provider to a security configuration to authenticate administrator logins (on the "admin' security configuration on the "default" domain) or device user logins (any custom security configuration for that purpose).
  • NTProxy Security Provider
    (Not applicable to Online Data Proxy) NTProxy — sometimes known as native Windows login — is an Unwired Server provider that integrates with existing Windows login security mechanisms. Add an LDAP provider to a security configuration to authenticate administrator logins (on the "admin" security configuration on the "default" domain) or device user logins (any custom security configuration for that purpose).
  • SAP SSO Token Security Provider
    The SAPSSOTokenLoginModule has been deprecated and will be removed in a future release. Use HttpAuthenticationLoginModule for SAP SSO2 token authentication.
  • Certificate Security Provider
    Use the Unwired Server CertificateAuthenticationLoginModule authentication provider to implement SSO with an SAP enterprise information system (EIS) with X.509 certificates.
  • HTTP Authentication Security Provider
    Use HttpAuthenticationLoginModule provider to use Basic authentication to enable automatic application registration. This provider is required when registration is set to automatic. It can also be used to enable SSO into SAP servers in place of the deprecated SAPSSOTokenLoginModule.

Ref:

http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc01703.0213/doc/html/aba13...

Now you are using the default profile admin instead of that you can use other security profiles for login, which is recommended for production system.

- Midhun VP

Ask a Question