Skip to Content
author's profile photo Former Member
Former Member

MII 12.1 SSO and MII Login Security

Currently, we have an SSO and ABAP security system that allows the customer to maintain and deploy users to MII. The issue that the customer sees as a potential security risk is if the user is not available in the ABAP system, the MII login screen appears to the user and allows them to type in a username and password. If, by chance, the user is available in the UME system of NW, then the operator could gain access to MII and its features. Our customer would like the MII login screen to be either disabled or we put some logic in to prevent the screen from appearing if the SSO certificate was invalid or rejected. I would like to know if there is a feature in either NW or MII that we could simply turn off the MII login screen or if anyone has done this in the past? What is the best practice to approach this?

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Best Answer
    Posted on Oct 29, 2010 at 10:59 AM

    If the user does not belong to the XMII Users / Developers / Administrators roles then even if they get to the NW login screen (not sure how you would prevent that since it just redirects there when you're not logged in properly) they won't be able to do very much. The moment they would attempt to access anything inside the XMII web application, like the Menu.jsp or any other relevant URL the security aspects should prevent them from doing anything, and they should get nowhere.

    I would suggest setting up an acceptible test situation to prove or disprove the security paranoia.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.