Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Architecture NetWeaver and Plugin MOB-APP-TRC

Go to solution
Former Member

‎08-13-2012 12:50 PM

0 Kudos

Hi Colleagues,

I am information gathering about NetWeaver Security Architecture with use case below.

Security Document:

Administrator's Guide for SAP Travel Receipt Capture 2.2.0 ¦ 22.06.2012

“2.4.1 Authorizations

SAP Travel Receipt Capture uses the authorization concept provided by the SAP NetWeaver AS ABAP. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide ABAP also apply to SAP Travel Receipt Capture"

Summary: Statement is the NetWeaver principle applies here.

Scenerio for Security Token Service

  Landscape:

      Instanz NetWeaver 7.1 EHP6 with SAP Travel Receipt capture, MOB-APP-TRC

     (Security put on NetWeaver)

      Active Directory

  Interface:

      Trusted System connection from NetWeaver to HR

Question:

-What is recommend to do on device, SUP and NetWeaver regarding SSO in the scenerio.

            -example:

              At this point, do we use Token or certificate?

              NetWeaver Authenticating the corporate User with separate Password

-What should end device access SUP?

            -example: private Certificate? Registered Manually ?

-How can avoid Man-in-the-middle Attack?

Thank you in advance,

1 ACCEPTED SOLUTION

Go to solution
koehntopp
Product and Topic Expert
Product and Topic Expert

‎08-13-2012 2:29 PM

0 Kudos

Hi Stuart,

actually, it's all in the guide you linked to...

You could configure the landscape to use SSO through logon tickets, but as the guide says it may be preferrable to start with user ID / password instead to have something like a "mobile identity" with the same user ID, but a different password on Gateway.

Registering users in SUP is mostly a matter of preference. You can also configure SUP to allow self-registration, it depends on how you want to manage users and devices.

The MitM topic is also covered on page 52 of the guide.

Hope that helps,

Frank.

1 REPLY 1

Go to solution
koehntopp
Product and Topic Expert
Product and Topic Expert

‎08-13-2012 2:29 PM

0 Kudos

Hi Stuart,

actually, it's all in the guide you linked to...

You could configure the landscape to use SSO through logon tickets, but as the guide says it may be preferrable to start with user ID / password instead to have something like a "mobile identity" with the same user ID, but a different password on Gateway.

Registering users in SUP is mostly a matter of preference. You can also configure SUP to allow self-registration, it depends on how you want to manage users and devices.

The MitM topic is also covered on page 52 of the guide.

Hope that helps,

Frank.