菜单

闻名海外E途观P厂商的SSO单点登录化解方案介绍一

2019年3月9日 - 2017赌博网站开户送金

      SSO英文全称Single Sign
On,单点登录。SSO是在多个使用系统中,用户只须求登录3次就足以访问具有互相信任的使用系统。它包含能够将本次重点的报到映射到其它使用中用于同贰个用户的登录的机制。认证体系的基本点意义是将用户的报到音讯和用户音信库比较,对用户展开登录认证;认证成功后,认证系统应该变更统一的认证标志(ticket),返还给用户。它是相比流行的商号工作重组的缓解方案之一。
      公司应用集成(EAI, Enterprise Application
Integration)。公司应用集成能够在不相同层面上进行:例如在数码存款和储蓄层面上的“数据大集中”,在传输层面上的“通用数据沟通平台”,在行使规模上的“业务流程整合”,和用户界面上的“通用公司门户”等等。事实上,还有1个范畴上的合一变得越发首要,这正是“身份认证”的组成,也便是“单点登录。
      在音信安全保管中,访问控制(Access
Controls)环绕多少个进度:Identification;Authentication;Authorization;Accountability。单点登录(Single
Sign On)属于Authorization授权系统,除单点登录外还包涵:Lightweight
Directory Access Protocol 和 Authorization ticket。

我们介绍一下 SAP SSO Single Sign-On 单点登录

SAP portfolio

2017赌博网站开户送金 1

SAP Single Sign-On provides simple, secure access to IT applications for
business users. It offers advanced security
capabilities to protect your company data and business applications.

Simple and secure access
Ÿ Single sign-on for native SAP clients and web applications
Ÿ Single sign-on for mobile devices
Ÿ Support for cloud and on-premise landscapes
Secure data communication Ÿ Encryption of data communication for SAP GUI
Ÿ Digital signatures
Ÿ FIPS 140-2 certification of security functions
Advanced security capabilities
Ÿ Two-factor authentication
Ÿ Risk-based authentication using access policies
Ÿ RFID-based authentication
Ÿ Hardware security module support

 

Two-Factor Authentication

With two-factor authentication you can implement a strong form of
authentication for access to corporate resources – for example, for
especially critical systems or securing access from outside the company.
SAP Single Sign-On 2.0 supports two-factor authentication via time-based
one-time passwords (TOTP) generated by the SAP Authenticator mobile app.
Alternatively, out-of-band transport of tokens, including one-time
passwords sent via SMS or email or RSA/RADIUS, are supported.

Risk-Based Authentication

SAP Single Sign-On 2.0 (since SP5) offers risk-based authentication.
This means that an authentication process can dynamically adapt to the
context of an individual authentication request based on custom-defined
access policies. First, you check the context information of an
authentication attempt. This could be the IP address of the client,
location, date/time, device information, or user attributes such as
groups, for example. Secondly, based on this context information you
then make a dynamic decision on whether you accept or deny access, or
alternatively enforce two-factor authentication in case the context
indicates a higher risk. You could even reduce the privileges of the
person accessing the backend system, thus limiting the business
functionality available to this user.

RFID-Based Identification

For scenarios where users need quick access to a system to perform short
tasks, you can use fast user identification via radio-frequency
identification (RFID). The user is identified via an RFID token, such as
a company batch card. RFID authentication is ideally suited to warehouse
and production scenarios with dedicated kiosk PCs for authentication.

Digital Signatures

Digital signatures uniquely identify the signer, protect the integrity
of the data, and provide the means for a binding signature that cannot
be denied afterwards. SAP Single Sign-On supports digital signing using
the Secure Store and Forward (SSF) interface. The Secure Login Client
for SAP GUI can use X.509 certificates for digital signatures in an SAP
environment. Server-side digital signatures are supported by the SAP
Common Cryptographic Library. In addition, SAP Single Sign-On includes
support for server-side digital signatures via hardware security
modules, offering increased security and performance.

Certificate Lifecycle Management for ABAP Application Servers

2017赌博网站开户送金,SAP Single Sign-On 2.0 (since SP6) supports automated renewal of X.509
certificates for SAP NetWeaver Application Server ABAP using Secure
Login Server. This reduces manual efforts and prevents downtime.

 

2017赌博网站开户送金 2

2017赌博网站开户送金 3

2017赌博网站开户送金 4

2017赌博网站开户送金 5

2017赌博网站开户送金 6

2017赌博网站开户送金 7

2017赌博网站开户送金 8

2017赌博网站开户送金 9

2017赌博网站开户送金 10

2017赌博网站开户送金 11

2017赌博网站开户送金 12

2017赌博网站开户送金 13

2017赌博网站开户送金 14

2017赌博网站开户送金 15

2017赌博网站开户送金 16

Mobile SSO with SAP Single Sign-On

The SAP Single Sign-On solution brings simplicity for your end-users by
eliminating the need for multiple passwords and user IDs. In addition,
you can lower the risks of unsecured login information, reduce help desk
calls, and help ensure the confidentiality and security of personal and
company data. In order to meet evolving security demands, you can extend
your single sign-on solution even further and offer your end-users
mobile single sign-on”. Your mobile users will have only one
password to remember, less typing of complicated user IDs and passwords,
and more time for actual work!

SAP Single Sign-On 2.0 (since SP4) supports single sign-on from mobile
devices, offering both a simple and secure solution for mobile access to
your corporate business processes. The solution is based on time-based
one-time passwords (TOTP) generated by the SAP Authenticator mobile app.
The SAP Authenticator mobile app is available for both iOS and Android,
and supports the IETF standard RFC
6238
.

We assume that the user already started the SAP Authenticator
application earlier in same day and now he wants to start using one of
his bookmarked web applications, for example SAP Mobile Portal.

 

2017赌博网站开户送金 17

When the user clicks on the Mobile Portal bookmark, the SAP
Authenticator generates a new passcode and creates a URL (for example
https://portal_host/irj/portal?j_username=%5Busername%5D&j_passcode=%5Bpasscode%5D),
providing in the URL the UserName and the Passcode necessary for
authentication. Then SAP Authenticator sends the URL to the browser and
the browser opens the requested resource. The user sees only the
authentication result when the requested resource appears.

 

2017赌博网站开户送金 18

Significant performance increase on all major platforms
• RSA, AES, SHA-2
• Perfect Forward Secrecy for TLS
• Ephemeral key agreement
• Elliptic curve Diffie-Hellman key exchange
• Elliptic curves P-224, P-256, P-384, P-521
• TLS 1.2 cipher suites in Galois Counter Mode (GCM)
• New command “sapgenpse tlsinfo” to help configure
cipher suite profile parameters for TLS


愿意对你集团公司消息化IT架构与治本有协助。 其余您大概感兴趣的稿子:
软件项目危机管理介绍
商行项目化管理介绍
智能集团与音信化之一
由公司家基本素质想到的
迅猛软件品质担保的法子与履行
创设便捷的研究开发与自动化运营
IT运行监控化解方案介绍
IT持续集成之品管
浓眉大眼公司环境与集团文化
信用合作社绩效管理种类之平衡记分卡
商户文化、团队文化与知识共享
高功用的团体建设
伙食连锁集团IT消息消除决方案一

如有想询问更加多软件研究开发 , 系统 IT集成 , 企业音讯化,项目管理,企管等信息,请关心自笔者的微信订阅号:

2017赌博网站开户送金 19

 

作者:Petter Liu
出处:http://www.cnblogs.com/wintersun/
本文版权归小编和果壳网共有,欢迎转发,但未经小编同意必须保留此段证明,且在文章页面显然地方给出原作连接,不然保留追究法律义务的职分。
该文章也同时公布在本人的独门博客中-Petter Liu
Blog

相关文章

发表评论

电子邮件地址不会被公开。 必填项已用*标注

网站地图xml地图