|
|
|
The SiteMinder Agent for SAP Web AS provides seamless single-sign on (SSO) integration among the following types of applications:
The Web AS J2EE engine lets you integrate a third-party authentication product with the standard Pluggable Authentication Module (PAM) framework. You can protect applications that are deployed on the Web AS J2EE engine with a Login Stack or Authentication template. Create the template from a standard or custom Java Authentication and Authorization Service (JAAS) login module.
The Java Authentication and Authorization Service (JAAS), from Sun Microsystems, implements a Java technology version of the standard PAM framework, and supports user-based authorization.
You can customize the Login Stack or the Authentication template to use a set of JAAS-based login modules arranged in a particular order in the login stack. A custom login module that is based on the JAAS framework can be developed and registered with the Security Provider service offered with the Web AS J2EE engine. This engine provides a pluggable mode of developing and deploying the login modules independently of the application, which uses it as a part of a login stack protecting the application.
The Enterprise Portal from SAP also allows usage of the custom login module, as part of the login stack, to act as an authentication mechanism for access to Enterprise Portal. You can modify the Enterprise Portal.authentication scheme. The authentication scheme references an authentication template or login stack inside the SAP Web AS.
The SiteMinder Agent for SAP Web AS is the SSO solution for integration with SAP Web AS. The agent specifically addresses SSO with J2EE-based applications deployed on the SAP Web AS J2EE engine, including the Enterprise Portal application. The current solution allows extension of these SSO capabilities with applications deployed outside of SAP Web AS too.
The SiteMinder Agent for SAP Web AS solution provides increased security using a Tier 2 session validation whereby the point of trust is moved from the web server to the SAP Web AS J2EE engine.
Many web-based applications use an independent session management scheme, such as a session cookie or session ticket. Therefore, these applications can bypass the SiteMinder replay prevention and session management logic. The possibility that the SiteMinder and application sessions can become asynchronous to each other is one of the main security problems when integrating applications that maintain their own sessions. The SiteMinder Agent for SAP Web AS solution includes the SessionLinker component to prevent session synchronization issues. The SessionLinker web server plug-in monitors the SiteMinder Session ID header against the Web AS session ticket. When the two sessions diverge, the SessionLinker acts. The SessionLinker prevents the application from operating until a new session within the SAP Web AS is established.
In addition to providing enhanced security, SiteMinder Agent for SAP Web AS allows leveraging the increased number of authentication mechanisms available with SiteMinder.
Note: The SiteMinder Agent for SAP Web AS only controls the authentication for the applications that are deployed on the SAP Web AS and for the Enterprise Portal. The SAP Web AS J2EE engine itself controls and administers all authorizations and roles.
| Copyright © 2012 CA. All rights reserved. |
|