- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SSO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2007 4:54 AM
I am trying to understand SSO. I understand this could be done using different methods. I dont understand what is SSO using SAP LOG on Ticket. what are the advantages and disadvantages using LDAP and SAP Log on Ticket. How does Java Connector comes into picture in SSO
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2007 3:56 PM
SSO just means "Single Sign-On"; it describes a functional feature; it does not denote any specific mechanism.
There are multiple SSO mechanisms; each for a specific (set of) scenario(s) and use-case(s). So, it is very important to know the overall picture:
- Which system components are used:
(a) on the client side: SAPGUI / browser / ...
(b) on the server side: ABAP / Java server / ...
- Where does the user authenticatication take place?
(a) at the operating system level (e.g. -> Windows Domain Controler)
(b) at the Enterprise Portal
(c) at a backend system
- Which type of user authentication is performed?
(a) Windows credentials (also: MS ADS)
(b) LDAP uid/pwd (not: MS ADS)
(c) userID and password (uid/pwd), locally (e.g. ABAP, UME: DB)
(d) X.509 client certificates
(e) Kerberos
(f) ... (3rd party)
- How does the user communicate with the server components?
(a) direct client/server communication
(b) indirect client/server communication (e.g. client-to-server-to-server)
(c) mix of both
etc.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2007 10:18 AM
Hi ,
SSO is a very simple term. I understand that you are asking it in Portal context .
So say you have a portal and you plan to show some iviews
i) BW
ii) Abap
and so on
SSO would imply that once you log on to the portal , you wont need to login again to view the bw report or abap report . And that can be true for n number of systems , say you need to access your yahoo account through portal , so you would just login into the portal and see your mail . You would not need to relogin into yahoo.
On your other question as to what is logon ticket .this is one of the method of implementing sso , where in you dwnload the logon ticket from a sytem and upload it in the system with which you want tio establish a SSO . The ticket would contain information about the issuing system , the username . So whenver a system with which a SSO is established is accessed the system knows that it is a trusted system that is trying to access it
Kindly use this link for further help on logon ticket
http://help.sap.com/saphelp_nw04s/helpdata/en/62/c0503e1dac5b46e10000000a114084/frameset.htm
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2007 10:19 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2007 1:23 PM
Namit,
Thanks for the info on SAP Log on Ticket. So it does not matter what kind of SSO we use, in the back end with SAP we always use SAP Log on Ticket?
I am sure you know SMAL and JAAS are two SSO methods. Both would use SAP log on ticket method? then what would be the advantages and disadvantages?
As you said, SAP Log on ticket carries the information about the user, which system creates that ticket and how............for example a client is implementing EP, a user will go on to the EP and screen and try to log in........and lets say we integrated BW and R/3 with EP, in this case which system would create the SAP log on Ticket and how?
are there other ways SSO could be implemented WITHOUT SAP Log on Ticket?
I believe user authentication could be done using LDAP..........how does SAP log on ticket works with LDAP........are there ways for authentication???
I am sorry if I asking too many question and some of them might be wrong as at this stage I am quite confused.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2007 1:35 PM
Dear Neha,
Kindly go through this document for Windows Platform
Regards
Shantanu A Sardeshmukh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2007 3:57 AM
Hi Neha,
you can check all the possibilities of SSO between SAP and microsoft in this document:
About the tickets:
Hope this helps.
Eduardo.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2007 3:56 PM
SSO just means "Single Sign-On"; it describes a functional feature; it does not denote any specific mechanism.
There are multiple SSO mechanisms; each for a specific (set of) scenario(s) and use-case(s). So, it is very important to know the overall picture:
- Which system components are used:
(a) on the client side: SAPGUI / browser / ...
(b) on the server side: ABAP / Java server / ...
- Where does the user authenticatication take place?
(a) at the operating system level (e.g. -> Windows Domain Controler)
(b) at the Enterprise Portal
(c) at a backend system
- Which type of user authentication is performed?
(a) Windows credentials (also: MS ADS)
(b) LDAP uid/pwd (not: MS ADS)
(c) userID and password (uid/pwd), locally (e.g. ABAP, UME: DB)
(d) X.509 client certificates
(e) Kerberos
(f) ... (3rd party)
- How does the user communicate with the server components?
(a) direct client/server communication
(b) indirect client/server communication (e.g. client-to-server-to-server)
(c) mix of both
etc.
- SAP Managed Tags:
- Security
