on 05-04-2018 8:08 AM
In order to force users to use SNC, there is a parameter snc/accept_insecure_gui in RZ10 (SAP GUI). Once it is set to 0 or U, users are obliged to use SNC over the less secure password authentication method. However, this setting does not prevent the user from being able to perform an authentication with the password via the web interface (UI5😞
https://%HOST_NAME%/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html
Which parameter in SNC/RZ10 is responsible for only SNC-authentication via the web interface of UI5? How can I disable a password authentication via the web interface in favour of SNC?
Thanks.
I understood you want to disable Basic Authentication (user + pwd). Instead you want to force authentication via certificates. And you are talking about "web authentication" (browser). If I understood correctly, then please try the following:
That should work, unless the SICF node I mentioned above is the wrong one.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nabi,
thanks for the manual, I tried to follow the steps, and after I select SICF / default_host / Logon Data / Required with SSL Certificate, I achieve the result that the system doesn't accept username & password authentication but at the same time SNC doesn't work as well, although in SAP GUI Logon everything is working.
Do you have any idea what do I miss to take into account in order make SNC working in UI5 authentication?
Thanks.
Secure Network Communications (SNC) is not for browser security/authentication:
"SNC protection only applies to connections that use SAP protocols (dialog, RFC or CPIC) protocols. For internet protocols, use SSL for protection."
If you want to avoid Basic Authentication (user + password) then you could use certificates as I already mentioned (of course over SSL).
Best,
Nabi
You just added information that changes the context now. Anyway... Now, I understand you still have web based authentication, while most users should be allowed to authenticate via certificate only and some others should authenticate with basic authentication.
The more I think I believe it's a little weired what you are trying to achive... Maybe that's because you did not describe "why" you are trying to do thi. I'd do the following:
Keep in mind that users with installed certificated will be authenticated via certificate by default. However, they could config their browsers to ask for confirming whcih certificate to use or even not to use certs...
Thanks for the clarification, I actually performed the following steps:
There is a Logon Procedure List with 9 items:
I tried different combinations of Logon Through SSL Certificate and Basic Authentication, such as:
and some other combinations, but none of them didn't return the wanted outcome.
Is there is something important that I left out of focus?
Thanks.
Hi Nabi,
I checked the subject one more time, and paid attention that the password authorization can be blocked if I remove the following parameters:
BUT, it works if I do it on a highest level — /default_host.
When I try to remove the Basic Authentication parameter on the /default_host/sap/bc/ui5_ui5/ui2/ushell level, I get a warning: «You have already activated the system logon» and the item is not removed from the list.
Do you know why it's impossible to remove the Basic Authentication parameter on the /default_host/sap/bc/ui5_ui5/ui2/ushell level?
Thanks.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.