Hi Appana,
Below is a detailed information about SSO, hope it helps:
Symptom
- SSO (Single Sign-On, or silent login, automatic logon) typically describes the process where a user authenticates once and that authentication is used to access other systems and applications.
- BusinessObjects Enterprise can accomplish front end SSO via 2 methods and pass credentials to back end databases SSO via 4 methods
Environment
- SAP Business Objects Enterprise 3.1 (XI 3.1)
- SAP BusinessObjects Business Intelligence Platform 4.0 (BI4)
Resolution
Front End SSO
- Challenge Response (AD SSO, vintela SSO, Kerberos SSO, java SSO) is accomplished by securing a web site/portal and forcing a 401 (not authorized) when a browser attempts to access. The browser then (based on its configuration) will attempt to authenticate by passing the operating system credentials to the application (this process is called spnego) using NTLM logon token or Kerberos ticket
- Trusted Authentication (TA SSO, Siteminder SSO and Enterprise Portal SSO) Trusted auth is accomplished by having authentication take place external to Business Objects, then passing a username via several supported methods to the application. The application “trusts” the username because it has been sent from a trusted source. Available sources include SAP Enterprise Portal (MYSAPSSO2), Siteminder shared secret, remote user (AD spnego), query string (URL), http header, web session, user principal, or cookie
Back End SSO aka Database SSO or SSO2DB
- Challenge Response (AD SSO, Kerberos SSO) requires that the client has been logged into the system with Active Directory either manual Kerberos AD or with Kerberos AD SSO will pass the Kerberos ticket to the DB (supported for MS SQL, MS SSAS, Oracle integrated with AD, and hana integrated with AD)
- SAP secondary credentials (SAP SSO) SAP user logs into front end application, username and password are stored in CMS DB to be later sent to SAP BW when accessing reports. Only supported for SAP database products (BW, ECC)
- SAP Certificate based SSO (SNC, STS) Similar to trusted auth in that only an SAP username is used to authenticate once a certificate trust is setup between Business objects and the SAP server. It allows non SAP users to impersonate SAP users to access data without requiring the SAP username and password. Only available for SAP products (BW, ECC)
- Stored DB credentials (DBuser/DBpass, BOuserBOpass) DB credentials are stored in variables associated with user accounts (enterprise, AD, LDAP) and later sent to most supported DB when refreshing reports
When combining front end SSO and back End SSO the term End to End SSO can be used (typically accomplished with AD Kerberos and/or SAP datasources only)
Please go through SAP note "1748508 - What is Single Sign-On (SSO) " for more details.
Thanks,
Arun
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.