cancel
Showing results for 
Search instead for 
Did you mean: 

Two-factor authentication with NetWeaver 7.1

Former Member
0 Kudos

Hi all

We're creating a portal system for our clients which requires high security, and we've been asked to look into the options available for two-factor authentication.

Has anyone tried this before? Does anyone from SAP know what the intended direction is with the Portal product in this area (I don't want to go down a completely different route to that which SAP intends on using)?

Thanks in advance

Stuart

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Two-factor authentication requires that two different authentication factors are required to complete the authentication process. With NetWeaver AS Java (and therefore with the Portal on top) you can configure the authentication to include as many authentication mechanism as necessary and thus achieve two-factor or three-factor authentication. You only need JAAS login modules for each authentication mechanism. NetWeaver AS Java comes with login modules for the most commonly used mechanisms, such as user-name and password, X.509 certificate, SPNego, etc. It also provides the infrastructure to help you develop and deploy custom login modules.

The Portal uses the default set of logon screens provided with NetWeaver AS Java. They allow for customization so you can add new UI elements to request for additional credentials.

What you need to do is to:

- ensure the login modules for each authentication factor you want to have in the authentication process. Create a custom one if there is not an already provided one.

- change the authentication stack configuration of the Portal (or any application you want to protect) to include the login modules with the correct JAAS control flags.

- customize the logon application so that the end-user is asked for the different authentication factors.

You can find additional information related to the three steps above on help.sap.com.

Answers (2)

Answers (2)

Former Member
0 Kudos

Dear Donka,

Is it possible to have Digital Certificate and login/password as two factor authentication for SAP SRM?

Rgds

Rpert

donka_dimitrova
Contributor
0 Kudos

Hello Gunter,

As part of the SAP Single Sign-On 2.0 product we offer two-factor authentication with Time-Based One-Time Password solution. More information is available in this blog:

Strong Two-Factor Authentication with One-Time Password Solution

With the latest support package of the SAP Single Sign-On 2.0 product we offer also risk based authentication solution. More details you will be able to find in my blog: Risk-Based Authentication for Your Critical Business Processes

Best Regards,

Donka Dimitrova