SAP Single Sign-On

ASUG Webinar: New Features in SAP Single Sign-On 2.0 SP05 and the SAP Application Servers

On June 3, Christian Cohrs, SAP’s Product Owner for the SAP Single Sign-On product, conducted a webinar for the Americas’ SAP User Group (ASUG) with the focus on “New features in SAP Single Sign-On 2.0 SP05 and the SAP Application Servers”. Both SAP Single Sign-On and the SAP application servers are constantly enhanced to provide SAP customers with new single sign-on and security capabilities. These allow you to further reduce …

Read More »

Kerberos Authentication Flow for Browser-Based Applications Provided by the AS ABAP

The employees of your company use Microsoft Windows operating systems and SAP business applications for their daily work. You want to enable single sign-on for your employees. They use PCs in a Microsoft Windows environment. They log on to a Microsoft Windows operating system, which determines the respective Windows users from the domain controller of Active Directory. Kerberos is the authentication method used. The Kerberos key distribution center, which is …

Read More »

Stronger security for your business data at risk

Understanding simple Risk-based authentication scenarios and how to implement them easily using sample JavaScript. By Dimitar Mihaylov and Donka Dimitrova In this blog we would like to offer several simple scenarios for risk-based authentication using 2FA (OTP) and risk-based authorizations for protecting corporate resources. We offer also several scripts that you can use as examples in order to implement and test these sample scenarios in your corporate environment. Prerequisites: SAP …

Read More »

Configuring SAP Fiori Client for Single Sign-On with Android SAP Authenticator

Overview You can locally build an SAP Fiori Client plugin to work with Android SAP Authenticator by installing Apache Cordova. After this implementation, your users will be able to log on to SAP Fiori Client through single sign-on (SSO). For more information about the SSO configuration, see Setting Mobile Single Sign-On. For this process, SAP Authenticator should use the URL for an identity provider (IdP) initiated SSO, starting with sapfioriclient:// …

Read More »

NW SSO Project Implementation with Apache Reverse Proxy

My First Single Sign-On Project In my opinion, every enterprise must have an Identity Management (IDM) system and a Single Sign-On (SSO) system. These two are very important and critical for companies, since they are  increasing security and productivity while decreasing cost, downtime and repetitive tasks. Let me give brief descriptions of IDM and SSO firstly. Identity management (IDM) describes the management of individual principals, their authentication, authorization and privileges …

Read More »

Configuring SAP Fiori Client for Single Sign-On with iOS SAP Authenticator

Overview SAP Fiori Client is now available for signle sign-on (SSO) with SAP Authenticator. With this integration, users can benefit from the SAP Authenticator’s SSO feature that allows them to log on to SAP Fiori applications without providing credentials. For more information about the SSO configuration, see Setting Mobile Single Sign-On. Furthermore, you need to do minimal changes on SAP Fiori Client for this setup before you locally build and …

Read More »

SP5 for SAP Single Sign-On 2.0 Now Available

This week, SAP released the latest support package for SAP Single Sign-On 2.0. Support Package 5 contains a number of new features and functions as we continuously enhance the product to fulfill customer requests and upcoming security demands. Here is an overview of all that’s new with SP5: Two-Factor Authentication Support for 8-digit passcodes (SAP Authenticator mobile app) Support strong digest algorithms (SHA-256 and SHA-512) Two-factor authentication using out-of-band (OOB) …

Read More »

RFID-Based Identification of SAP Applications Using Employee Badges

The typical case of identification with RFID tokens is a hardened kiosk PC on theshop floor. The PC’s Windows account belongs to an Active Directory domain. Productionworkers use it to easily log on to a kiosk application (SAP GUI orbrowser-based), for example to order material. Short-lived certificates arevalid for the length of each session. Easy access to the kiosk application isgranted by the RFID tokens. The workers need not type …

Read More »

SNC Product Migration: Now is the time

Where we come from   Since we first released it in 2011, SAP Single Sign-On has become a very popular product (thanks to all of you for that). Many customers decided to increase the security of their SAP landscape and the efficiency and satisfaction of their end users by implementing it. Even customers who were already using a product for SAP GUI Secure Network Communication (SNC) decided to switch to …

Read More »

A simple solution to enabling SSO on email links

I came across (again!) with the requirement to enable SSO on links contained in emails that are generated by the Extended Notifications for Business Workflow. e.g. for Timesheet Approval the WDA link contained in the email be something like https://<erp-host>/sap/bc/webdynpro/sap/HRMSS_A_CATS_APPROVAL?<params>&<etc.> The generated links/URLs point directly to WDAs in the backend ERP system, and by clicking on the link(s) the WDA page prompts for logon. I can see this as a …

Read More »