on 05-05-2021 5:13 PM
Dear community,
my customer has following request: if a certain approver wants to appoves a trip at Fiori App "My Inbox" then the user needs to authenticate again (although he is already logged in at Fiori Launchpad).
Customer proposed to ask the user for his SAP password as authentication.
Does anyone have any idea how to solve this?
My first idea was to define a special dialog workitem, that calls a new Z-App when workitem is exceuted.
When this Z-App is opened system should show logon popup. I hoped to setup the service of the App at transaction SICF in a way that system asks for password again. I tried different things at tab "Logon Data" but nothing calls a logon when opening the App from workitem.
Another idea is to ask for the password in the app: a new field at the App view where user can enter his password. The app would forward the password to the backend in order to check it (e.g. with Fuba SUSR_LOGIN_CHECK_RFC). But this seams not to be secure, as the password is transfered as clear text.
Is there any possibility in an Z-App or at workflow to call a logon function?
Thank for Your support
Tina
Isn't multi-factor authentication what you are looking for like in this app?
If that is not an option, I'd give a try to the custom app asking for the password. If you make sure it will not be stored in the browser and the communication is done over HTTPS it can be considered secure. (I don't know how easy is to implement the validation on the back-end though.)
Enforcing reauthentication by standard means seems more problematic, if feasable at all.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks very much for Your answer.
I think the first option (Approve Bank Payments App) is not suitable, as accounts in SAP Authentication 365 are needed.
A colleague gave me the tip to call an own app and closing the session before, then the system should ask for login again:
If ( sap.ushell !&& sap.ushell.Container ) {
sap.ushell.Container.logout();
window.location.href
= "/sap/bc/ui5_ui5/sap/… Dein neues Ziel…";
}
I don't know if this will works, need to try it.
And yes, my colleague also think that it is not unsecure if the cutomer app itself asks the user for a password, if the communication is done over HTTPS.
I would convince them that it's a stupid idea, what is the reason?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think this would be a BASIS Or Security Question. You can switch on SSO.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
9 | |
9 | |
7 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.