on 07-06-2015 10:25 AM
Hello,
we have currently an authentification scenario, which i want to discuss and verify.
We want to deliver fiori Applications on a Gateway Hub, which is located in our DMZ. To use the SAP delivered two-factor authentification (OTP), we use our Identity Management on a Java Stack, which is located in our internal network.
The Gateway Hub works as an Service-Provider, the Identity Management as Identity-Provider - which asserts SAML 2.0 certificates for the Gateway Users. Both systems should communicate with a back-channel communication, as described here. So we don't need to put our Identity Management System in the DMZ.
I'm not sure if the validation of the One Time Password (created and delivered by the internal AS Java) can be done by the Gateway Frontend AS ABAP, via the backend-channel communication.
Best Regards
Julian Branahl
Hello Julian,
SAP solution for Two-factor authentication based on OTP is available with the SAP Single Sign-On product license.
Here you will be able to find how to configure Two-factor authentication using TOTPLoginModule:
You can also enforce two-factor authentication based on the risk, using the risk-based authentication offered by SAP Single Sign-On product. See: Risk-Based Authentication for Your Critical Business Processes
SAP Single Sign-On product offers also Mobile SSO solution based on the OTP. See: Mobile Single Sign-On for SAP Fiori with SAP Authenticator
I hope this will be helpful.
Regards,
Donka Dimitrova
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Donka,
thanks for your reply and delivering those relevant guides.
At the moment of my request I wasn't that deep in the topic in generell. Now I beware of the various logon procedures.
My question is answered by the fact, that when I'm setting SAML2.0 as the primary login module for the Fiori Launchpad ICF-node, it triggers an redirect to my internal Java Identity Provider. At this point the user authenticates and is then redirected back to the ABAP Stack with the Fiori Launchpad. So referring to my question, the OTP is delivered and verified by the identity provider machine.
Regards,
Julian Branahl
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.