on 03-04-2008 5:02 PM
Hello, we are getting ready to implement an SOA strategy within our company and have decided to use XI as the interface to SAP from any other system. We have some (I have) questions on what some of the different approaches are for security. If anyone could help me with the following info (I have searched and searched and just not clear)
So before reading the scenario's here is the main thing I am trying to accomplish. Have webservices that take in a userID and password that is not stored in XI but on our LDAP server (like we have in the portal) and pass this to the back end ensuring user has writes to do desired function in sap. We want every user id so we can track if someone creates an purchase request etc, (instead of setting up a system id, audit puposes) So with that background I have the following scenarios
Scenario 1: Have a single sign on like the portal, so the user signs on with there normal account and XI accepts and forwards the request (this would mainly be a webservice) (I have seen some single sign on documentation but curious if it works in XI as it does in the portal)
Scenario 2: Same as one, but use ADS/LDAP as our authentication engine.
Scenario 3: Have userid put in, but no authentication is done on the front end but user is authenticated against the sap system and if allowed rfc/proxy is executed otherwise error message unauth is returned.
Scenario 4: Is the propagate principle mainly just to ensure the user has all rights to run all calls within internal XI procedures and wouldn't really apply to just ensuring user has rights in the backend?
I am sorry for the long question, I do reward points and I am just trying to get started on the right path with XI
Cheers
Devlin
Hi,
For your above cocern XI have provided the feature of Principal propagation with SSO ie.e Single sign On.
refer
Principal Propagation in SAP XI
/people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi
/people/sap.user72/blog/2004/11/30/user-mapping-based-single-sign-on
http://help.sap.com/saphelp_nw04/helpdata/en/32/1c1041a0f6f16fe10000000a1550b0/frameset.htm
also you could provide SSL Configuration across the firewall
You need to setup SSL layer for HTTPS endpoint.
Possible HTTP security levels are (in ascending order):
HTTP without SSL
HTTP with SSL (= HTTPS), but without client authentication
HTTP with SSL (= HTTPS) and with client authentication
HTTPS comes in two flavors, both ensuring the confidentiality of data sent over the network
Thanks
Swarup
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Devlin,
We have implemented this kind of security features in real time enviornment.
As in Warranty Module implementation the dealers will request for the specific information in the R/3 system through the Webservice. In SAP we have the specific authorizations to the dealer specific ID. The principal propagatuion have created the SAP asserstion ticket that will carry the same dearler ID for SAP login.
Its successfully implemented and working fine.
Thanks
Swarup
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.