2 Replies Latest reply: Apr 25, 2012 4:34 AM by Ramesh Kupusamy RSS

Users getting access to other users' accout in SAP EP  using Google Chrome

Shravan Kumar
Currently Being Moderated

Hello All

 

We have found that when Google Chrome browser is used for accessing SAP

Enterprise Portal system, the users are able to access a different

person's profile/account.

 

We have not seen this issue happening with Internet Explorer. and Mozilla Fire fox

 

How can it be overcomed ? Is it possible  How exactly its happening , share me the toughts

 

Thanks

Kumar

  • Re: Users getting access to other users' accout in SAP EP  using Google Chrome
    Kevin Comegys
    Currently Being Moderated

    Hi Kumar,

     

      We'll need a little more information to help out such as... how you've configured your login module stack... what your default authentication scheme is... are there any front-end servers in play (like web dispatcher or reverse proxy)... is this machine used by only 1 user or is it more 'public'... etc.

     

      The simplest answer I can offer in the absence of any additional information is that the session-based cookies held in the local browser are being corrupted and the wrong user's cookies are represented to the Portal server.

     

      Simply put, the SAP logon ticket is a session-based browser cookie. If that cookie were properly signed (came from authorized ticket-issuing system in your landscape, usually Portal), and not expired or invalidated in any way (DNS domain changes, etc.), and it were offered to the NW Portal... you could certainly be SSO'd right along.

     

      Like I said, there are many ways this might happen but without additional info, the best I can say is "you've got a cookie problem".

     

    -Kevin

Actions