on 04-20-2015 9:28 AM
Good day!
We are going to implement an authentication of users in kiosk by theirs contactless cards as described in note 1970286.
But we have a business requirement to make an additional check before login - user must enters some secret word, password, private information before he/she will be logged in.
So the scenario is:
1) User puts his card to the reader
2) As described in the note he gets a one-time certificate
3) The system shows a window to enter secret word
4) Log in
How can we achieve it? Thanks in advance.
ps Login to ABAP server through a browser
Hello,
such dual authentication is supported.
We designed the RFID based certificate enrollment to run on a Kiosk PC system with a dedicated Windows Desktop user performing the (unattended) TLS or SPNego authentication to Secure Login Server.
But you can add an interactive JAAS login module to the security policy, e.g. SAP Authenticator or Active Directory/LDAP, to get one more user credential into the certificate enrollment procedure. Your policy may look like this:
Now Secure Login Client & Server are performing...
1. a silent SPNego authentication of the Windows Desktop user,
2. a prompted SAP Authenticator login of the real person in front of the Desktop,
3. an Active Directory identification of the RFID token UID,
and a fresh certificate for the person mapped to this RFID token is issued.
-- Stephan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Stephan, thank you for your answer!
Do your users enter through Java AS? Because settings of authentication stack and JAAS is dedicated for Java. And yes, that is what I need, but we have to enhance login sequence for ABAP AS. Do you have such kind of experience?
Anyway your answer is helpful:).
The idea of Secure Login (Server) is to use X.509 certificates to login to AS ABAP, and to define authentication stacks on AS JAVA / SLS to get the desired level of security.
So your short-lived X.509 acts like a strong ticket to AS ABAP, and AS JAVA/SLS is your strong ticket generator.
-- Stephan
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.