Set Up a Trusted Relationship Between SAP NetWeaver AS Java and ABAP for Secure SSO

  • by Robert Heidasch, Senior Manager/Senior Principal, Accenture
  • August 31, 2010
You can set up ticket authorization between two SAP systems to enable users to apply single sign-on when they need to access both systems. You can use either an HTTP connection or a Remote Function Call connection for this purpose. Use the provided guidelines to determine which authentication type can fulfill your requirement. See how to configure the connection using the destination service with ticket-based authentication in the back-end communication.
Key Concept
The user-specific and secure communication between front-end and back-end business components is a key functionality in modern component-based business applications. SAP NetWeaver Application Server Java functionality allows you to configure a secure connection to remote systems using different protocols and authentication standards. The established communication channel allows a user-specific call, which means that the back-end secure communication uses current user credentials. This guarantees that the business application provides data checking with current user permission.

Component-based business applications require a user-specific and secure communication between front-end and back-end business components. Because the components often run on different machines, establishing the identities of the communicating parties has become an important element in protecting your business operations. For example, if your business application provides access to financial or payroll reports, you have to guarantee that end-user credentials are checked before the system provides the requested information. You need to protect your business-sensitive data against unauthorized access and apply the interoperability between different business applications, which requires establishing secure communication channels.

SAP NetWeaver Application Server Java provides the destination service, which helps you configure and establish secure connections to other business applications, components, or services. The destination service supports different authentication methods, such user- and password-based authentication (e.g., basic authentication and user mapping) and ticket-based authentication (e.g., SAP logon tickets and SAP assertion tickets) in a user-specific back-end communication between remote business applications. I describe the configuration and required settings for the ticket based-configuration.

Robert Heidasch

Robert Heidasch is senior manager/senior principal in the Accenture & SAP Business Solution Group, which designs and develops new business solutions and applications provided jointly by Accenture and SAP based on the newest SAP technology. He is co-author and trainer of a couple of SAP technology-related areas (e.g., SAP HANA solution architect, SAP HANA technical architect, Business Suite on SAP HANA, and SAP HANA as a development platform delivered in Europe, US, and Asia). Robert has more than 21 years’ experience designing and developing IT systems. He has published several technical and business articles about SOA, SAP NetWeaver and its integration with non-SAP systems (e.g., Microsoft and Oracle), and SAP HANA technology. Robert is also an inventor of 18 patents granted in the US--for example, Ranking in Cascading Learning Systems, Learnable Contextual Network, Machine Learning for a Memory-Based Database, Modular Secure Data Transfer, Managing Software Component Versions within a Service Oriented Architecture, Machine Learning for a Memory-based Database, Adaptive and Secure Modular Connection, and Asynchrony Debugging Using Web Services Interface.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.