cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fiori Authentification from ABAP SP to Java IDP with OTP

Go to solution
Former Member

on ‎07-06-2015 10:25 AM

0 Kudos

Hello,

we have currently an authentification scenario, which i want to discuss and verify.

We want to deliver fiori Applications on a Gateway Hub, which is located in our DMZ. To use the SAP delivered two-factor authentification (OTP), we use our Identity Management on a Java Stack, which is located in our internal network.

The Gateway Hub works as an Service-Provider, the Identity Management as Identity-Provider - which asserts SAML 2.0 certificates for the Gateway Users. Both systems should communicate with a back-channel communication, as described here. So we don't need to put our Identity Management System in the DMZ.


I'm not sure if the validation of the One Time Password (created and delivered by the internal AS Java) can be done by the Gateway Frontend AS ABAP, via the backend-channel communication.

Best Regards

Julian Branahl

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

donka_dimitrova
Contributor
‎07-06-2015 3:36 PM
0 Kudos

Hello Julian,

SAP solution for Two-factor authentication based on OTP is available with the SAP Single Sign-On product license.

Here you will be able to find how to configure Two-factor authentication using TOTPLoginModule:

One-Time Password Authentication Administration Guide - One-Time Password Authentication - SAP Libra...

See also the blog:

You can also enforce two-factor authentication based on the risk, using the risk-based authentication offered by SAP Single Sign-On product. See: Risk-Based Authentication for Your Critical Business Processes

SAP Single Sign-On product offers also Mobile SSO solution based on the OTP. See: Mobile Single Sign-On for SAP Fiori with SAP Authenticator

I hope this will be helpful.

Regards,

Donka Dimitrova

Show replies
Show replies
Former Member
‎08-27-2015 8:35 PM
0 Kudos

Hello Donka,

thanks for your reply and delivering those relevant guides.

At the moment of my request I wasn't that deep in the topic in generell. Now I beware of the various logon procedures.

My question is answered by the fact, that when I'm setting SAML2.0 as the primary login module for the Fiori Launchpad ICF-node, it triggers an redirect to my internal Java Identity Provider. At this point the user authenticates and is then redirected back to the ABAP Stack with the Fiori Launchpad. So referring to my question, the OTP is delivered and verified by the identity provider machine.

Regards,

Julian Branahl

Answers (0)

Ask a Question