on 07-19-2012 11:16 AM
Hi.
I was wondering about the followign thing:
Is it possible to configure declarative security to go against a custom authentication / access control service and NOT against the SAP ID service (where you use your SCN credentials)?
It should be possible with programmatic security as the developer controls it and can (theoretically) build his own authentication and access control routines.
Cheers,
Uwe
Hi Uwe,
a much more flexible solution to use other authentication services/identity provider (IdP) than SAP ID Service is already in the makings and will be available in a couple of weeks.
As an account owner, you will be able to configure the required trust relationship(s) to other IdPs (e.g. in the corporate network) for your account/tenant. Users accessing applications in the account will then be redirected for authentication to the chosen IdP for the tenant, and can login to NW Cloud with their already existing (e.g. corporate) account. In addition, you are able to configure identity federation settings per IdP, e.g. which user profile attributes (provided/exposed by the IdP) will be mapped to which principal attributes of the authenticated user in the NW Cloud application.
Role assignments and authorizations are also configurable, either "hard-coded" (i.e. user with ID X is assigned to web role Y in application Z), or dynamically, based on information provided by the IdP. This can result in a mapping as follows: If the IdP provides a (user profile) attribute with name "department" which equals the value "Purchasing", then assign the user to the web role "Buyer".
There is also a TechEd session this year focusing on exactly these new concepts in NW Cloud. Session ID is CD260.
Greetings
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.