User Authentication and Single SignOn - SAP Security

what do you mean by Sap Single Sign-On Concept?

Single Sign-On (SSO) is one of the key concept that helps the user to login into individual system. It provides you to access multiple systems at the backend. SSO helps the user to access software resources across SAP systems in the back-end.
The SSO with NetWeaver platform supplies user authentication that helps the system administrators to manage in a complex SAP system environment with lot of user loads. SSO configuration simplifies user logon in to the SAP systems and applications in landscape by increasing the security measures and also helps in reducing the risk of the password management tasks for multiple systems.
SSO helps an organization in increasing the productivity of the business users by reducing the operation cost with the decrease in number of calls to the Service Desk related to password issues. SAP NetWeaver integration mechanism helps you to easily incorporate SAP NetWeaver system in the SSO concept and regulates easy access to backend systems in SAP System Landscape Environment.

SAP Single Sign-On Concept

The Single Sign-On can be configured with mySAP Workplace where the user can login to mySap workplace every day and can access the applications without entering the details of password and username every time.
You can configure SSO with mySAP Workplace using the following authentication methods −
  • Username and password
  • SAP Logon Tickets
  • X.509 client Certificates

Integration in Single Sign-On

The SSO with NetWeaver platform provides user authentication and helps system administrators to manage the user loads in a complex SAP system landscape. SSO configuration simplifies the process how user login to SAP systems and applications in landscape by enhancing the security measures and reduces the password management tasks for multiple systems.
SAP NetWeaver allows the user to configure different mechanisms that are accessed by the authorized users using SSO method. The login details and mechanism in system works on the technology of SAP NetWeaver system and different communication channels are used for accessing those systems.

Configuring Single Sign-On in a SAP GUI

To configure a Single Sign-On, you need to have access to the following T-codes −
  • RZ10
Once you have these T-codes, you should follow the steps given below -
Step 1 − Login to any SAP ECC System using the SAP GUI, go to T-code RZ10.
Step 2 − Select the Default profile and Extended Maintenance after that.
Step 3 − Click on Change and you will see the list of parameters for the profile.
Step 4 − Change the following profile parameters −
  • login/create_sso2_ticket = 1
  • login/accept_sso2_ticket = 1list_of_parameters
Step 5 − Save and Activate the profile. New profile will be generated.
Step 6 − Export the R3SSO certificate from the Trust Manager, go to transaction STRUST.
Step 7 − Double-click the text box to the right of Own Certificate. The certificate information is displayed. Note down the values of this certificate that you need to enter the values.
Step 8 − Click on Icon Export Certificate.
export certificate(1)
Step 9 − Save the file as <R3_Name>-<Client>.crt.

Example − EBS-300.crt
Step 10 − Click on the tick box to create the file in the parent directory.
Step 11 − Import R3 SSO certificate to the Java engine using the administrator tool.
Note − Make sure the Java engine is started.
Step 12 − Open the Java Administration tool.
Step 13 − Enter the Java Engine Administrator password and click on Connect.
Step 14 − Choose Server → Services Key → Storage.
Step 15 − Click on the Ticket Key Store in the View panel.
Step 16 − Click on Load in the Entry group box. Select the .crt file you exported in the previous step.
Step 17 − Configure the Security Provider service in the SAP Java engine using the Administrator tool.
Step 18 − Choose Server Services Security Provider.
Step 19 − Choose ticket in the Component panel and go to the Authentication tab.
Step 20 − Modify or make certain changes to Evaluate Ticket Login Module and add the following properties to each backend system on which you want to configure SSO.

Single Sign-On for Web-Based Access

The user can configure several options with SSO to access SAP NetWeaver system. Web browser is also other option to access SAP NetWeaver system or you can access from any other web clients. Using SSO, users can access backend systems and other secured information located in the company network.
SSO helps you to use several security authentication methods to integrate web based user access on NetWeaver Application servers. You can also develop various network communication security methods like Cryptography to send the information over network.
The Following authentication methods can be arranged with SSO to access data over Application servers −
  • Using User ID and Password Authentication
  • Using Logon Tickets
  • Using X.509 Client Certificates
  • Using SAML Browser Artifacts
  • Using SAML 2.0
  • Using Kerberos Authentication
Use of security mechanism and transport layer is advisable when the user access the data over the internet.

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd Protection Status

SAP Security Topics