on 03-06-2013 8:06 AM
Hi Guys,
I have developed a windows application(Object API based), which uses SSO(single sign on) for authentication. On passing the user credentials from my login screen, the authentication happens with SAP and connection would be established. On valid credentials, the device gets registered and authenticated, finally returns the MBO datas. But my problem is when i enter wrong credentials(either wrong user id/password), though the authentication fails with SAP the device gets registered with the user name i provide. I want to avoid this unwanted device registration though the authentication fails with SAP. This could be considered as security threat.
Currently we are using the default security provider viz No Security Provider. We havent planned for any configuration/change in security provider as of now. So the authentication happens only with SAP.
I have the following queries
1) Do we have a way/control to avoid the device registration in SCC where when SAP authentication fails via SSO.
2) Do we have any API, so that could be this handled in application code level.
3) Do we have any sup APIs, to capture the error message when authentication fails in SAP. im calling "application.registerapplication" in the code level for registration and authentication. If i could capture the error, i could use 'application.unregisterapplication'.
Regards,
Raja
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Raj,
How come you are using SSO though you using no security provider at SUP level?
For SSO , You need to deploy mbo package with SSO security.
Use HttpAuthenticationLoginModule for SAP SSO2 token authentication.
You can use siteminder concept at sup and sap level.
Check below links
http://scn.sap.com/docs/DOC-29574
Regards,
Jitendra Kansal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As Jithendra asked how you are doing a SSO with "No sec provider". No sec provider is only for development environment. You need to use other security providers for a production environment. Now I believe that you are deploying the MBO package to the default security "admin". Instead of that you need to create a new security domain and deploy the MBO package to that and authenticate against it.
Check this,
Ref:
Now you are using the default profile admin instead of that you can use other security profiles for login, which is recommended for production system.
- Midhun VP
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.