Skip to Content
avatar image
Former Member

SCC Authentication Failure and Registration Handling - Object API Native App

Hi Guys,

I have developed a windows application(Object API based), which uses SSO(single sign on) for authentication. On passing the user credentials from my login screen, the authentication happens with SAP and connection would be established. On valid credentials, the device gets registered and authenticated, finally returns the MBO datas. But my problem is when i enter wrong credentials(either wrong user id/password), though the authentication fails with SAP the device gets registered with the user name i provide. I want to avoid this unwanted device registration though the authentication fails with SAP. This could be considered as security threat.

Currently we are using the default security provider viz No Security Provider. We havent planned for any configuration/change in security provider as of now. So the authentication happens only with SAP.

I have the following queries

1) Do we have a way/control to avoid the device registration in SCC where when SAP authentication fails via SSO.

2) Do we have any API, so that could be this handled in application code level.

3) Do we have any sup APIs, to capture the error message when authentication fails in SAP. im calling "application.registerapplication" in the code level for registration and authentication. If i could capture the error, i could use 'application.unregisterapplication'.

Regards,

Raja

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Aug 18, 2013 at 11:49 AM

    Hi Raj,

    How come you are using SSO though you using no security provider at SUP level?

    For SSO , You need to deploy mbo package with SSO security.

    Use HttpAuthenticationLoginModule for SAP SSO2 token authentication.

    You can use siteminder concept at sup and sap level.

    Check below links

    http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01092.0221/doc/html/sau1347910896054.html

    http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01092.0221/doc/html/sau1347910596605.html

    http://scn.sap.com/docs/DOC-29574

    Regards,

    Jitendra Kansal

    Add comment
    10|10000 characters needed characters exceeded

    • As Jithendra asked how you are doing a SSO with "No sec provider". No sec provider is only for development environment. You need to use other security providers for a production environment. Now I believe that you are deploying the MBO package to the default security "admin". Instead of that you need to create a new security domain and deploy the MBO package to that and authenticate against it.

      Check this,

      • No Security Provider
        A NoSec provider offers pass-through security for Unwired Server, and is intended for use in development environments or for deployments that require no security control. Do not use this provider in production environments— either for administration, or device user authentication.
      • LDAP Security Provider
        (Not applicable to Online Data Proxy) The LDAP security provider includes authentication, attribution, and authorization providers. Add an LDAP provider to a security configuration to authenticate administrator logins (on the "admin' security configuration on the "default" domain) or device user logins (any custom security configuration for that purpose).
      • NTProxy Security Provider
        (Not applicable to Online Data Proxy) NTProxy — sometimes known as native Windows login — is an Unwired Server provider that integrates with existing Windows login security mechanisms. Add an LDAP provider to a security configuration to authenticate administrator logins (on the "admin" security configuration on the "default" domain) or device user logins (any custom security configuration for that purpose).
      • SAP SSO Token Security Provider
        The SAPSSOTokenLoginModule has been deprecated and will be removed in a future release. Use HttpAuthenticationLoginModule for SAP SSO2 token authentication.
      • Certificate Security Provider
        Use the Unwired Server CertificateAuthenticationLoginModule authentication provider to implement SSO with an SAP enterprise information system (EIS) with X.509 certificates.
      • HTTP Authentication Security Provider
        Use HttpAuthenticationLoginModule provider to use Basic authentication to enable automatic application registration. This provider is required when registration is set to automatic. It can also be used to enable SSO into SAP servers in place of the deprecated SAPSSOTokenLoginModule.

      Ref:

      http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc01703.0213/doc/html/aba1314126284841.html

      Now you are using the default profile admin instead of that you can use other security profiles for login, which is recommended for production system.

      - Midhun VP

  • Aug 19, 2013 at 06:01 AM
    Add comment
    10|10000 characters needed characters exceeded