SiteMinder Agent for SAP Web AS Guide › Overview and Architecture › SiteMinder SSO Options for SAP Web Application Server

SiteMinder SSO Options for SAP Web Application Server

SiteMinder supports the following SSO deployment options for the SAP Web Application Server (SAP Web AS):

Tier-1

A SiteMindera Web Agent hosted on a front-end web server provides authentication. The web server acts as a proxy for requests to the SAP Web Application Server.

A Tier 1 solution is the minimum requirement for SSO. However, Tier-1 solutions have the following limitations:

• The ERP Solution trusts information sent from the security solution and does no verification.
• The point of trust is the web server, which can reside in the DMZ.

Two security options apply:

Option 1

User credentials are stored in the ERP database/directory. The database/directory may not be encrypted, and may be located on the web server leaving user information vulnerable to attack.

Option 2

Users log on to the ERP solution as a super user, masking the identity of the true user.

Tier-2

A SiteMinderERP Connector hosted on the ERP System provides authentication. SiteMinderand ERP session linkages are maintained using the SessionLinker.

The SiteMinder Agent for SAP Web AS is a Tier-2 solution that enables the ERP solution to verify that information that is passed by SiteMinderwas sent by SiteMinder. This critical capability ensures that even internal users are not attempting to compromise the SAP system.

Using the SiteMinder Agent for SAP Web AS has the following benefits:

• The points of trust are the ERP Connector and the SiteMinderPolicy Server.
• Users can be authenticated at the main application site when they first log in and then move seamlessly to any ERP application without being prompted for credentials.

• SiteMinderassumes responsibility for authentication.
• SiteMinderintegrates with the user directory and/or database so there is no need to store user credentials in multiple locations.