Can we secure Trusted authentication ?

Former Member · ‎05-11-2010

Hi All,

Today I done a trusted authentication setup. My question is only by sending user name and server name if we can make the system open, then anybody from network can access the system who knows your server name.

Is there anything that we can secure the system from outsiders?

Thanks,

Rajendra

BasicTek · ‎05-11-2010

which method of trusted auth are you using (http_header, remote user, other?)

1309780 - How To Protect Trusted Authentication explains that if you want to secure TA you would need to design your own 3rd party solution using technology such as SSL and IP restrictions to prevent impersonation.

The built in TA settings do have a time value that can be set in the CMC > Authentication > enterprise which is designed to prevent packet tampering only

Trusted authentication is designed for compatibility not security it is for customers that cannot or do not want to implement a more secure SSO such as AD/kerberos

Regards,

Tim

Former Member · ‎05-11-2010

You can have the ports on your Application Server open only to your local area network, and closed to the Internet through a set of Firewall rules.

It can also be secured in a fashion based on the type of authentication you are using and your settings in the CMC. For example, if you are using LDAP authentication and have it set to the "New user accounts will not be created", then if someone tries to log in with a username that does not already exist in BOE, then the logon will fail. Only users with an existing account will be able to use it.

Hopefully this helps.

Can we secure Trusted authentication ?

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: User input for SAP LAMA/LVM custom operation

Upload file capability in landscape manager

Error getting value from 'ReadTimeout'

Re: Integrate an external task system to Cloud ALM...

[BIG PROBLEM] SAP Host Agent cannot connect to SYS...