on 08-30-2008 11:52 PM
We have one portal system with two portal applications:SAP
ESS (Employee Self Service) and SAP LMS (learning management system).
Currently when users logs in the portal will use a network LDAP to
authenticate users access. Once users are authenticated they will see one
page (one view) with two buttons:one for ESS (associate Personal Data) and
the other is for Global Learning Center (LMS). We want to implement two
other application TCI (Total Compensation) within ESS and MSS (Manager Self
Service). Several Security issues has been raised. I can describe security
requirements in two categories: One general which is not very security
sensitive and network password is enough. LMS and some features in ESS
will fall in this category. We have very sensitive application like MSS
and TCI (which a component within ESS). For the sensitive application like
MSS and for the TCI component can we add additional level of authentication
or challenge response. For example when I login to my Bank web site not
only I enter my user id or account id and password but I have to answer
another confidential question. Some web site will show you a picture and
asks you to enter additional pin number. Have any one done some thing like
that in SAP portal? Any idea how to add additional security in SAP portal?
How to create custom login module? All components that I described
above belongs to the same portal application and belong to one ECC system?
Do you think we need two portal systems: one for sensitive and another for
non-sensitive components?
We are thinking for two level authentication. One use LDAP to get into
the portal main page but when a user click on MSS their should be another
authentication (a password or something similar to that) ? Is this do
able? What is the best solution for this type of situations? We have someone
suggested to implement MSS on a separate portal and then added it to the
iView which will require UME authentication when someone try to access it.
The UME password will be different from the LDAP password. What you think
of this approach? Any different idea.
Hi Amr,
We also have HR related (sensitive info) integrated into our Portal. One of the main strenght of teh Portal is SSO and if you create more layer of authentication, its taking that Portal strength away from your project. Yes, HR related info are sensitive but I'm also very sure that your company has a STRONG user rule that they have to lock their screen everytime they are away from their hardware. Also, your IT infrastructure and support team can also help to enforce or change the screensaver for the users, such that the screen will lock itself when the screensaver kicks in.
If the above is not discuss-able and that its a MUST, then I could suggest the below (may not be the best suggestions):
1) Create another account for the user in the Portal UME. This means that the user will have to login via the Portal login screen, depending on which function he/she wants to use. Thus user will have 2 different accounts.
2) Develope custom Authentication into Portal with a custom logon application. Search the post with the subject (Custom Authentication into Portal) by Jeff Walberg (Posted: Jun 5, 2008 3:51 PM ).
Hope that helps.
Ray
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
For the portal page it's possible to define a "Authentication Scheme". It can be some standard or your own scheme. Using this you can ask user for an additional password.
Regards,
Andrei
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.