cancel
Showing results for 
Search instead for 
Did you mean: 

Questions on user security etc

Former Member
0 Kudos

Hello, we are getting ready to implement an SOA strategy within our company and have decided to use XI as the interface to SAP from any other system. We have some (I have) questions on what some of the different approaches are for security. If anyone could help me with the following info (I have searched and searched and just not clear)

So before reading the scenario's here is the main thing I am trying to accomplish. Have webservices that take in a userID and password that is not stored in XI but on our LDAP server (like we have in the portal) and pass this to the back end ensuring user has writes to do desired function in sap. We want every user id so we can track if someone creates an purchase request etc, (instead of setting up a system id, audit puposes) So with that background I have the following scenarios

Scenario 1: Have a single sign on like the portal, so the user signs on with there normal account and XI accepts and forwards the request (this would mainly be a webservice) (I have seen some single sign on documentation but curious if it works in XI as it does in the portal)

Scenario 2: Same as one, but use ADS/LDAP as our authentication engine.

Scenario 3: Have userid put in, but no authentication is done on the front end but user is authenticated against the sap system and if allowed rfc/proxy is executed otherwise error message unauth is returned.

Scenario 4: Is the propagate principle mainly just to ensure the user has all rights to run all calls within internal XI procedures and wouldn't really apply to just ensuring user has rights in the backend?

I am sorry for the long question, I do reward points and I am just trying to get started on the right path with XI

Cheers

Devlin

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi,

For your above cocern XI have provided the feature of Principal propagation with SSO ie.e Single sign On.

refer

Principal Propagation in SAP XI

/people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/808d3048-638c-2a10-35a6-faa48e50...

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/808d3048-638c-2a10-35a6-faa48e50...

/people/sap.user72/blog/2004/11/30/user-mapping-based-single-sign-on

http://help.sap.com/saphelp_nw04/helpdata/en/32/1c1041a0f6f16fe10000000a1550b0/frameset.htm

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/69d95112-0d01-0010-8297-fa31feea...

also you could provide SSL Configuration across the firewall

You need to setup SSL layer for HTTPS endpoint.

Possible HTTP security levels are (in ascending order):

HTTP without SSL

HTTP with SSL (= HTTPS), but without client authentication

HTTP with SSL (= HTTPS) and with client authentication

HTTPS comes in two flavors, both ensuring the confidentiality of data sent over the network

Thanks

Swarup

Former Member
0 Kudos

Do these scenerios seem feasible though for anyone who has done this at there company?

Former Member
0 Kudos

Hi Devlin,

We have implemented this kind of security features in real time enviornment.

As in Warranty Module implementation the dealers will request for the specific information in the R/3 system through the Webservice. In SAP we have the specific authorizations to the dealer specific ID. The principal propagatuion have created the SAP asserstion ticket that will carry the same dearler ID for SAP login.

Its successfully implemented and working fine.

Thanks

Swarup

Answers (0)