Set Up a Trusted Relationship Between SAP NetWeaver AS Java and ABAP for Secure SSO

  • by Robert Heidasch, Chief Innovation and Technology Lead, Accenture
  • August 31, 2010
You can set up ticket authorization between two SAP systems to enable users to apply single sign-on when they need to access both systems. You can use either an HTTP connection or a Remote Function Call connection for this purpose. Use the provided guidelines to determine which authentication type can fulfill your requirement. See how to configure the connection using the destination service with ticket-based authentication in the back-end communication.
Key Concept
The user-specific and secure communication between front-end and back-end business components is a key functionality in modern component-based business applications. SAP NetWeaver Application Server Java functionality allows you to configure a secure connection to remote systems using different protocols and authentication standards. The established communication channel allows a user-specific call, which means that the back-end secure communication uses current user credentials. This guarantees that the business application provides data checking with current user permission.

Component-based business applications require a user-specific and secure communication between front-end and back-end business components. Because the components often run on different machines, establishing the identities of the communicating parties has become an important element in protecting your business operations. For example, if your business application provides access to financial or payroll reports, you have to guarantee that end-user credentials are checked before the system provides the requested information. You need to protect your business-sensitive data against unauthorized access and apply the interoperability between different business applications, which requires establishing secure communication channels.

SAP NetWeaver Application Server Java provides the destination service, which helps you configure and establish secure connections to other business applications, components, or services. The destination service supports different authentication methods, such user- and password-based authentication (e.g., basic authentication and user mapping) and ticket-based authentication (e.g., SAP logon tickets and SAP assertion tickets) in a user-specific back-end communication between remote business applications. I describe the configuration and required settings for the ticket based-configuration.

Robert Heidasch

Robert is the chief innovation and technology lead in the global Accenture Technology Platform, which is responsible for SAP Leonardo and the new digital technology defining business value and driving the digital transformation of complex enterprise solution for Accenture diamond and strategic clients. Before that he was responsible as innovation and solution lead for the design and architecture of new business applications developed jointly by Accenture and SAP based on the newest SAP and non-SAP technology. Robert is the Accenture certified Senior Digital Architect and Senior Technology Architect. He is coauthor and trainer of a couple of SAP technology-related trainings for the in-memory platform and architecture of new business applications (e.g., SAP HANA, SAP Cloud Platform, and SAP Leonardo applications for solution architects and technical architects, all of which were provided by Accenture in Europe, the US, and Asia). Robert has more than 23 years’ experience designing and developing IT systems. He published several technical and business articles about SOA, SAP NetWeaver and its integration with non-SAP systems (e.g. Microsoft, Oracle, etc.), and SAP HANA technology. He is also an inventor of 38 patents in the US in the area of in-memory technology, artificial intelligence and machine learning, security, semantics, and SOA. He is a frequent speaker in international business conferences and SAP Forum. He is a subject matter expert in customer projects worldwide and has extended experience in team leadership in Europe, the US, and India.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.