ep security features
TRANSCRIPT
-
7/29/2019 EP Security Features
1/58
SAP Enterprise Portal 6.0:
User Management &Security
Version: March 13, 2003
-
7/29/2019 EP Security Features
2/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 2
Disclaimer
This document contains an overview of the planned User Management & Securityfeatures of the SAP Enterprise Portal 6.0 (some of the features are planned to be
available for Unrestricted Shipment Phase only). It is subject to change. Please
take care that you are always using the newest version of that presentation!
SAP AG assumes no responsibility for errors or omissions in these materials.
These materials are provided as is without a warranty of any kind, either
express or implied, including but not limited to, the implied warranties of
merchantability, fitness for a particular purpose, or non-infringement.
SAP AG shall not be liable for damages of any kind including without limitation
direct, special, indirect, or consequential damages that may result from the use
of these materials.
SAP AG does not warrant the accuracy or completeness of the information, text,
graphics, links or other items contained within these materials. SAP AG has no
control over the information that you may access through the use of hot linkscontained in these materials and does not endorse your use of third party web
pages nor provide any warranty whatsoever relating to third party web pages.
-
7/29/2019 EP Security Features
3/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 3
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
Topics
-
7/29/2019 EP Security Features
4/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 4
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
Topics
-
7/29/2019 EP Security Features
5/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 5
Enterprise Portal 6.0 Security Features
AuthorizationSecure
Communication
User Management
User
PersistenceStore
Authentication
PortalServer
Single
Sign-On
Third-Party
System
-
7/29/2019 EP Security Features
6/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 6
Architecture Overview
Web Server
Java Application Server SAP J2EE Engine
SAP Enterprise Portal 6.0
Web Browser,
PDA, etc.
Backend Systems
Java Application Server SAP J2EE Engine
Portal Server
Portal Runtime (PRT)
Portal Services
User Management Service
User Group RolePersistence
Manager
Database
LDAPDirectory
SAP
System
Persistence
Authentication SSO
-
7/29/2019 EP Security Features
7/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 7
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
Topics
-
7/29/2019 EP Security Features
8/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 8
New Features EP 6.0 Authentication
Multiple authentication methods in parallel
Multiple user sources in parallel
Anonymous users
Logon without authentication
Authorization depending on authentication method
iView requires certain logon methods (for example digitalcertificates)
Interface for pluggable third-party authentication
Java Authentication and Authorization Service (JAAS) standard
Partner certification program Web access management products
Other external authentication services (for example hardwaretokens)
-
7/29/2019 EP Security Features
9/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 9
New Features EP 6.0 Single Sign-On (SSO)
SAP logon ticket expiration recovery
Recovery of previous state of the portal if SAP logon ticket expires
and user has to logon again
Ticket Verification Library for UNIX platforms
Web Server Filter for additional Web server platforms
Portal Server Certificate
Self-signed certificate
Issued by SAP Trust Center Service
-
7/29/2019 EP Security Features
10/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 10
New Features EP 6.0 Authorization
Authorization for Portal Content
All content under administrative control of the portal
Based on Access Control Lists (ACLs)
Code Authorization
Java Security Manager
-
7/29/2019 EP Security Features
11/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 11
New Features EP 6.0 User Management
Web-based user administration
End user self-registration User can create account in the portal
Workflow for approval of registration request by administrator
Password management & policies
Configurable expiration dates Initial passwords and change at first login
Limit of failed logon attempts
Flexible user persistence layer
LDAP directory, database or SAP system as user store
Delegated administration
-
7/29/2019 EP Security Features
12/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 12
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
Topics
-
7/29/2019 EP Security Features
13/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 13
Authentication Initial Logon Procedure
Verification of the users identity
Initial logon procedure to authenticate user
Various authentication methods
User ID / password
X.509 digital certificates
Third-party authentication Windows authentication
SAP authentication
Others through JAAS interface
Anonymous users
Logon without authentication
-
7/29/2019 EP Security Features
14/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 14
Authentication Schemes
Define the authentication process
Credentials to be supplied
User interaction required (e.g. logon screens)
Priority of the authentication scheme (how strong it is)
Attached to the users session
Allow to enforce different authentication mechanisms for differentcontent (iViews)
Re-authentication required in case the iView requires a stronger
authentication scheme
-
7/29/2019 EP Security Features
15/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 15
Authentication: User ID / Password
Logons are provided as
Form-based logon (iView)
Basic authentication (HTTP Status 401)
Portal Server verifies the provided user ID / password against
user persistence store
SAP logon ticket is issued (later used for Single Sign-On)
User ID / PW User ID / PW
Verification
SSL
User ID Mapping
PortalServer
Portal
Database
User
Persistence
Store
SAP Logon Ticket
SSL
-
7/29/2019 EP Security Features
16/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 16
Authentication: Digital Certificates
Authentication of user through SSL protocol
User presents his digital certificate to Web server during SSL
handshake
Web server performs SSL client authentication
Portal Server checks if user presented the correct certificate
Prerequisite: Client certificate has to be mapped to a portal user
SAP logon ticket is issued (later used for Single Sign-On)
SAP Logon TicketUser ID Mapping
PortalServer
Portal
Database
User
Persistence
Store
X.509
Certificate
Compare Certificate
X.509
Certificate
SSLSSL
-
7/29/2019 EP Security Features
17/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 17
Getting a Digital Certificate
Digital certificates must be X.509v3 compliant
Various options possible: Using SAP Trust Center Service
For SAP users only
Free of charge
Portal Server acts as Registration Authority (RA)
Setting up internal PKI system Buy software from CA product vendor
Using external PKI system
Contract with Trust Center Service
-
7/29/2019 EP Security Features
18/58 SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 18
Log on using SAP user ID and password and
initiate the SAP Passport request1
Specify naming convention and trigger key
generation
2
WebBrowser
PortalServer
SAP Trust Center Service: Enrollment Process
Log on using the SAP Passport6
Web browser generates key pair and
sends the SAP Passport request3
SAP Trust
Center
Service
Send approved certificaterequest4
Verifies naming conventionsand issues certificate
5
-
7/29/2019 EP Security Features
19/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 19
Third-Party Authentication
Authentication using an external authentication service
Windows authentication SAP Web AS or R/3 system authenticationOther authentication methods through pluggable JAAS Login
Modules
Integration of external Web Access Management (WAM) products
possible
-
7/29/2019 EP Security Features
20/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 20
Windows Authentication
Authentication is delegated to Windows operating system*
Process with HTTP Basic Authentication:
User has to enter his or her Windows user ID and password(HTTP Basic Authentication)
Windows Domain Controller authenticates the portal user
When the Enterprise Portal is accessible from the Extranet
Process with Windows Integrated Authentication (NTLM):
Previous logon to Windows operating system can be reused
User is not required to reenter his or her Windows authenticationcredentials
When the Enterprise Portal is a pure Intranet portal and only MS IEis used
* Requires Microsoft IIS 5.0 as Web server
-
7/29/2019 EP Security Features
21/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 21
SAP Web AS or R/3 System Authentication
SAP users can be synchronized with users in an LDAPdirectory, but passwords are not synchronized*
Authentication directly against SAP Web Application Server or
R/3 System
Process: Portal user enters his or her SAP user ID and password
User credentials are authenticated against the SAP Web
Application Server or another SAP R/3 System directly
If authentication is successful, the Portal Server logs the user on
to the portal
* Only needed for SAP Web Application Server 6.10 and SAP Basis 4.5B or 4.6x
-
7/29/2019 EP Security Features
22/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 22
Pluggable Authentication
Plug-in interface for authentication modules
Interface defined by Java Authentication and AuthorizationService (JAAS) standard
Each authentication scheme can define one or more JAAS
LoginModules
http://java.sun.com/products/jaas
http://java.sun.com/products/jaashttp://java.sun.com/products/jaas -
7/29/2019 EP Security Features
23/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 23
Integration of Web Access Management Products
External Web Access Management (WAM) product authenticates
the portal user
Technical integration using JAAS LoginModule:
Reading HTTP header variable
Custom implementation (e.g. to verify a provided cookie)
Portal Server logs the user on to the portal (user must reside inportal user persistence store)
Seamless integration, only configuration required
Partner certification program for WAM vendors
or integration on a project-specific basis
T i
-
7/29/2019 EP Security Features
24/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 24
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
Topics
SSO SAP L Ti k t
-
7/29/2019 EP Security Features
25/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 25
SSO SAP Logon Tickets
SAP logon tickets represent the user credentials
Portal Server issues an SAP logon ticket to a user after
successful initial authentication
SAP logon ticket is stored as per session cookie on the client
browser
SAP logon ticket is used to authenticate user to applications
User gets access to multiple applications and services
After initial logon no further user logons required
Cross domain support
SAP L Ti k t SSO P
-
7/29/2019 EP Security Features
26/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 26
SAP Logon Tickets SSO Process
Any otherWeb page
Internet
SAP Logon Ticket
ExternalSystem
Intranet
SAP System
Initial Logon
SAP L Ti k t C t t
-
7/29/2019 EP Security Features
27/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 27
SAP Logon Ticket Contents
SAP logon tickets contain:
User ID(s)
Authentication scheme
Validity period
Issuing system
Digital signature
SAP logon tickets do NOT contain any passwords!
Strong Security:
Digitally signed by Portal Server
Authenticity and integrity protection through digital signature
SAP L Ti k t & S it
-
7/29/2019 EP Security Features
28/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 28
SAP Logon Tickets & Security
SAP logon ticket serves as authentication token andtherefore needs to be protected from unauthorized usage
Validity period
Authenticity and integrity protection using.digital signature
Confidentiality protection through SSL protocol.while in transport
Set cookie as HTTPOnly in order to prevent.XSS attacks (for Microsoft IE 6.0 SP1)
V if i th SAP L Ti k t SAP S t
-
7/29/2019 EP Security Features
29/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 29
Verifying the SAP Logon Ticket: SAP Systems
Component
System
Step 2:
Logon using the user ID which is stored in the SAP logon ticket.
No additional authentication using password or certificate necessary.
Step 1:
Verification of the digital signature provided with the SAP logon ticket.
SAP
Portal Servers
public-key
certificate
SAP Logon Ticket
Verif ing the SAP Logon Ticket Non SAP S stems
-
7/29/2019 EP Security Features
30/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 30
Verifying the SAP Logon Ticket: Non-SAP Systems
The non-SAP component must:
Make sure the SAP logon ticket has been issued by a trusted
Portal Server
Accept the certificate of the Portal Server
Verify the Portal Servers digital signature in the SAP logonticket
Ticket Verification Library that can be linked to non-SAP systems
or Web Server Filter are provided
Extract the user ID from the SAP logon ticket Ticket Verification Library or Web Server Filter are provided that
extract the user ID from the SAP logon ticket
SSO to non-SAP Components Using SAP Logon
-
7/29/2019 EP Security Features
31/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 31
Two alternatives:
SSO to non SAP Components Using SAP LogonTickets
Non-SAPComponent
System
1
Portal Servers
public-key certificate
2
HTTP Header Field:
Application User ID
Filter
Web Server Filter
WebServer
SAP Logon Ticket
Application Programming Interface (API)
Ticket Verification
Library
1
Portal Servers
public-key
certificate
2
3
Application
User ID
Non-SAP
Component
System
SAP Logon Ticket
SSO Account Aggregation
-
7/29/2019 EP Security Features
32/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 32
SSO Account Aggregation
If the external system does not support SAP logon tickets
Portal components connect to the external system with the userscredentials (user ID and password)
User mapping and credentials information are stored in the Portal
Database
Administrator maps users using administration iView Typically to map groups and roles
User maps own credentials using portal personalization function
Portal User: SAP User: Siebel UserID/Password:Michael_Schumacher d040011 903845233, {yu323ab}___
Anna_Kournikova i052340 230982029, {34u0nap}___
Tiger_Woods i043536 324098211, {wq9itxm1}__
Cathy Freeman i048347 202377724, {12onxc85}__
Topics
-
7/29/2019 EP Security Features
33/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 33
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
Topics
Authorization Concept for Portal Content
-
7/29/2019 EP Security Features
34/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 34
Authorization Concept for Portal Content
Objects in the Portal Content Directory (PCD) are controlled by
Access Control Lists (ACLs)
ACL defines permissions for principals (user, group or role)
For example, ACL specifies the roles that can access the iView
ACL Service
Enforces permissions for portal objects at runtime
Permissions Editor
GUI for administering ACLs for portal objects
Access Control Lists (ACLs)
-
7/29/2019 EP Security Features
35/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 35
Access Control Lists (ACLs)
Portal object creator is automatically the ACL owner
Only the ACL owner can Add or remove owners for the objects ACL
Grant permissions to a principal
Inheritance of permissions
If no ACL exists for a PCD object, the permissions are inherited
from the parents ACL
Administrator permissions
None
Read
Write
Full Control (ACL owner)
End-User permissions
On/Off
Read
Full Control
Write
Design Time
Run TimeOn/Off
Code Authorization
-
7/29/2019 EP Security Features
36/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 36
Code Authorization
Protection mechanism for portal code or sensitive areas in the file
system
Uses Java access control mechanisms
Java Security Manager
Controls what application code has access to portal code
Policy file with permissions
Topics
-
7/29/2019 EP Security Features
37/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 37
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
Topics
Architecture Overview User Management Engine
-
7/29/2019 EP Security Features
38/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 38
SAPEnterprise
Portal
ApplicationsAccessing User
Management
User Management
Core Layer
Persistence Manager
Database
Replication
Manager
LDAP
Directory
SAP
System
External
System
Persistence
Adapters
User
API
User
Account
API
Group
API
Role
API
Architecture Overview User Management Engine
User Persistence
Store
Persistence Manager
-
7/29/2019 EP Security Features
39/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 39
Persistence Manager
Central place for reading and writing user-specific data
Users
Groups
Role assignments
Uses Persistence Adapters to read/write data
Supports database, LDAP directory and SAP system asrepository
User Management
Core LayerPersistence Manager
DatabaseLDAP
Directory
SAP
System
Persistence
Adapters
User Persistence
Store
Persistence Manager
-
7/29/2019 EP Security Features
40/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 40
Persistence Manager
User Partitioning
Specific user sets can be distributed across different repositories
Persistence Manager
DatabaseLDAP
DirectoriesSelf-registered,
external usersInternal users
Example:
Persistence Manager
DatabaseLDAP
DirectoryRole assignments
(portal-specific data)
General user data
(application independent)
Example:
Attribute Partitioning
Specific user attributes can be distributed across different
repositories
Persistence Supported Repositories
-
7/29/2019 EP Security Features
41/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 41
Persistence Supported Repositories
Portal Database
Oracle 9.2
Microsoft SQL Server 2000
LDAP Directory
Novell eDirectory
Sun ONE Directory Server Microsoft ADS
Siemens DirX
SAP System
SAP Web Application Server 6.20 or higher
For details please see the Product Availability Matrix at
http://service.sap.com/pam60
Portal Database
http://service.sap.com/pam60http://service.sap.com/pam60 -
7/29/2019 EP Security Features
42/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 42
Portal Database
Basic user data
Basic group data
User groupassignment
User/group roleassignment
User mapping (forSSO purposes)
User Roles
(Metadata)
Content roleassignment
Users
personalization data
PortalServer
PCD InstanceUM Instance
LDAP Directory Portal Database SAP System
User
Persistence
Store
Portal
Database
Store portal-specific data
Replication Manager
-
7/29/2019 EP Security Features
43/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 43
Replication Manager
Replication of user data to external systems
Provisioning for external systems that cannot use supported userrepositories
Notification when users are created or modified
Data exchange via XML documents
One-way replication of user data (Portal External System)
Replication Manager
External
System
User Management
Core Layer
Replication Supported External Systems
-
7/29/2019 EP Security Features
44/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 44
Replication Supported External Systems
External System
SAP Basis 4.6D,SAP Web Application Server 6.10 or higher
Replication Manager
BW SRM
Portal User
Provisioning to
SAP Systems
Example:
CRM
User Management with SAP Systems: DirectoryI t ti
-
7/29/2019 EP Security Features
45/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 45
Integration
LDAP Directory
LDAP
Synchronization*
* Since CUA release 6.10
Central User Administration
(CUA)
Child Systems
of CUA
Mapping on directory
schema
Synchronization procedure
User Administration
-
7/29/2019 EP Security Features
46/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 46
User Administration
Administration GUI completely based on iViews
User Administration Functions: Create users
Copy users
Modify users
Search for users
Assign users and groups to role(s)
Set or auto-create password
Set date & time for user account activation
Lock/unlock users
View user account history
Approve/deny self-registered users
Adapt attributes contained in self-registration
E-Mail notifications for specified events
Password Management
-
7/29/2019 EP Security Features
47/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 47
Password Management
Administration Functions
Configure password policies
Set initial password for user
Let system auto-create password for user
Reset password
Customizable Forgot Password process
Password Policies Min/max. length
Numeric characters allowed/mandatory
Password different from UID
Mixed case required
Special characters required
Password expiry time period (days)
Password must be changed at next logon
Number of failed logon attempts before account is locked
User Self-Service
-
7/29/2019 EP Security Features
48/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 48
User can change his or her profile
User can set a new password During logon (for initial passwords, when expired)
By changing user profile
User can request new password (sent to user by E-Mail)
Use self-registration User fills out a simple registration form
User immediately becomes a guest user
User waits for approval by administrator to become a registered user
Security Logging & Auditing
-
7/29/2019 EP Security Features
49/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 49
y gg g g
Logging of all security relevant information
User login (successful/failed)
IP address of user logged in
User logoff
User created/modified
User approval/denial
User locked/unlocked
Role assignment changed
Topics
-
7/29/2019 EP Security Features
50/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 50
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
p
Secure Communication Features
-
7/29/2019 EP Security Features
51/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 51
Secure, encrypted communication between client, Portal Server,
persistence layer, and backend systems
Support of industry-standard security protocols
Secure Sockets Layer (SSL)
Secure Network Communications (SNC)
Features Confidentiality
Authenticity
Integrity
Secure Communication Overview
-
7/29/2019 EP Security Features
52/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 52
Web
Browser
Web
ServerSSL
Database
LDAP
Directory
SAP
System
SSL
User Persistence Store
SNC
SSL
SSL
SAP
System
SNC
Web Appl.
(SAP,
non-SAP)
SSL
Backend Systems
HTTP
HTTP
LDAP
RFC
RFC
DMZ Intranet
HTTP
JDBC
Portal Server
Dispatcher
SAP J2EE Engine
P4
Topics
-
7/29/2019 EP Security Features
53/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 53
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
p
Secure Network Architecture Overview
-
7/29/2019 EP Security Features
54/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 54
Network architecture needs to protect your business
needs without allowing unauthorized access
Highly sensitive systems and components need to beprotected (Portal Server, Persistence Layer, Backend
Applications)
Locate them in a separate area that is sealed off fromnetwork attacks from outside and inside
Application servers, database servers, and directoryservers should only be accessible via a demilitarizedzone (DMZ) that is protected by firewalls
Secure Network Architecture Enterprise Portal 6.0
-
7/29/2019 EP Security Features
55/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 55
DMZ BackendFront End
Client
Web Servers
(with Plug-In)
External
Firewall
Internal
Firewall
Intranet
Portal Servers
(incl. Content
Management)
Persistence Layer
Firewall
Application
Servers
Retrieval &
Classification
(TREX)
Database
Servers
Corporate
Directory Server
Topics
-
7/29/2019 EP Security Features
56/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 56
Overview
New Features EP 6.0
Authentication
Single Sign-On (SSO)
Authorization
User Management
Secure Communication
Secure Network Architecture
Enterprise Portal 6.0 A Portal For More Security
-
7/29/2019 EP Security Features
57/58
SAP AG 2002, SAP Enterprise Portal 6.0: User Management & Security / 57
Authentication using various methods
User ID/password, digital certificates, third-party authentication
Single Sign-On (SSO)
Secure, digitally signed SAP logon tickets
Account aggregation via user ID/password mapping
Authorization ACL-based authorization for portal content
Secure communication
Between client, portal, and enterprise application servers (SSL, SNC)
User Management Support for LDAP directory servers, databases or SAP systems as user
persistence store
User self-registration (incl. approval process)
Delegated administration
-
7/29/2019 EP Security Features
58/58
Questions?