What is Single Sign On (SSO) ?
Single sign-on (SSO) is a method of access control that enables a user to log in once and gain access to the resources of multiple software systems without being prompted to log in again (enter Id and password).

“Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.”

Single Sign-On (SSO) is a key feature of the Enterprise Portal that eases user interaction with the many component systems available to the user in a portal environment. Once the user is authenticated to the enterprise portal, he/she can use the portal, to access external applications. With SSO in the Enterprise Portal, the user can access different systems and applications without having to repeatedly enter his or her user information for authentication.

Why should we use SSO?

  • A Typical net user needs at least nine passwords
  • 30% never change passwords, 29% less than once a year
  • 70% have forgotten a password at least once
  • 35% of people use the same password for multiple applications
  • 60% of people cycle two passwords across all applications

(Figures are approximated)

How to use it in SAP NetWeaver?
There are several user authentication and Single Sign-On (SSO) mechanisms available with SAP NetWeaver.
The Enterprise Portal SSO mechanism is available in two variants depending on security requirements and the supported external applications:

  1. SSO with ID and password
  2. SSO with SAP logon tickets

Both variants eliminate the need for repeated logons to individual applications after the initial authentication at the enterprise portal.SSO with user ID and password forwards the user’s logon data (user ID and password) to the systems that a user wants to call, Whereas SSO with SAP logon tickets is based on a secure ticketing mechanism.

Single Sign-On with User ID and Password:
The Single Sign-On (SSO) mechanism with user name and password provides an alternative for applications that cannot accept and verify SAP logon tickets. With this SSO mechanism the Portal Server uses user mapping information provided by users or administrators to give the portal user access to external systems.The portal components connect to the external system with the user’s credentials.

Either the end user or the administrator must map each user’s user ID and password to the user ID and passwords used in the component systems, if these are different to the portal user data.As the user’s user ID and password are sent across the network, you should use a secure protocol such as
Secure Sockets Layer (SSL) for sending data.

Single Sign-On with SAP Logon Tickets:
SAP logon tickets represent the user credentials. The Portal Server issues a logon ticket to a user after successful initial authentication. The logon ticket itself is stored as a cookie on the client and is sent with each request of that client. It can then be used by external applications such as SAP systems to authenticate the portal user to those external applications without any further user logons being required.SAP logon tickets contain information about the authenticated user. They do not contain any passwords.
Specifically, logon tickets contain the following items:

  • Portal user ID and one mapped user ID for external applications
  • Validity period
  • Information identifying the issuing system
  • Digital signature

Thus SSO is very powerful technique to get access to all the resources with just one password.
You don’t have to remember passwords for accessing each resource once SSO is implemented.
But we must be very careful while using SSO as that one password is the only key which can unlock all the other locks; hence it should be in safe hands.

Please send us your questions, comments or assistance, and our team would be glad to assist you.

By Nikhil Joshi. (on behalf of SAP Consulting Team)


Apprisia
SAP :: Streamlined

We offer variety of services including SAP ECC ,SAP HR,SAP BW,SAP CRM, SAP SCM,SAP BPM, Business Objects, SAP ABAP DevelopmentSAP BASIS and SAP NetWeaver consulting. We have expertise in providing implementation,development, SAP Migration and SAP support services to SAP customers across diverse industries at a global level.
Have a question on SAP? Write to our SAP Architect.

(We promise a no-obligation consulting reply)