cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to force workflow to request user for login (at Fiori My inbox)?

tina_petry
Explorer

on ‎05-05-2021 5:13 PM

0 Kudos

Dear community,

my customer has following request: if a certain approver wants to appoves a trip at Fiori App "My Inbox" then the user needs to authenticate again (although he is already logged in at Fiori Launchpad).

Customer proposed to ask the user for his SAP password as authentication.

Does anyone have any idea how to solve this?

My first idea was to define a special dialog workitem, that calls a new Z-App when workitem is exceuted.
When this Z-App is opened system should show logon popup. I hoped to setup the service of the App at transaction SICF in a way that system asks for password again. I tried different things at tab "Logon Data" but nothing calls a logon when opening the App from workitem.

Another idea is to ask for the password in the app: a new field at the App view where user can enter his password. The app would forward the password to the backend in order to check it (e.g. with Fuba SUSR_LOGIN_CHECK_RFC). But this seams not to be secure, as the password is transfered as clear text.

Is there any possibility in an Z-App or at workflow to call a logon function?

Thank for Your support
Tina

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

gabmarian
Active Contributor
‎05-06-2021 5:44 PM

Isn't multi-factor authentication what you are looking for like in this app?

If that is not an option, I'd give a try to the custom app asking for the password. If you make sure it will not be stored in the browser and the communication is done over HTTPS it can be considered secure. (I don't know how easy is to implement the validation on the back-end though.)

Enforcing reauthentication by standard means seems more problematic, if feasable at all.

Show replies
Show replies
tina_petry
Explorer
‎05-07-2021 3:12 PM
0 Kudos

Thanks very much for Your answer.

I think the first option (Approve Bank Payments App) is not suitable, as accounts in SAP Authentication 365 are needed.

A colleague gave me the tip to call an own app and closing the session before, then the system should ask for login again:

If ( sap.ushell !&& sap.ushell.Container ) {
sap.ushell.Container.logout();
window.location.href = "/sap/bc/ui5_ui5/sap/… Dein neues Ziel…";
}

I don't know if this will works, need to try it.

And yes, my colleague also think that it is not unsecure if the cutomer app itself asks the user for a password, if the communication is done over HTTPS.

gabmarian
Active Contributor
‎05-07-2021 7:36 PM
0 Kudos

tina.petry Be careful with closing the session, as this may also affects other browser tabs of the user with Fiori apps running.

TheGokke
Active Participant
‎05-06-2021 12:12 PM
0 Kudos

I would convince them that it's a stupid idea, what is the reason?

Show replies
Show replies
tina_petry
Explorer
‎05-06-2021 12:28 PM
0 Kudos

The customer is a university -> public sector. I already asked if they really need this and the answer was yes, the need this.

TheGokke
Active Participant
‎05-06-2021 1:54 PM
0 Kudos

I'm still missing the reason. We need this is not a reason. Tell them the internet thinks it's stupid 😉

arghadipkar3013
Contributor
‎05-05-2021 6:12 PM
0 Kudos

I think this would be a BASIS Or Security Question. You can switch on SSO.

Show replies
Show replies
tina_petry
Explorer
‎05-06-2021 6:09 AM
0 Kudos

Hello arghadip kar,

thanks for Your reply, but what do You mean with: You can switch on SSO?

Where I can switch it on? I thought SSO is used to avoid additional logons?

Kind regards Tina

Ask a Question