I have a SAP sso2 service enabled in the company, how would I enable single sign-on in code? What do I need to insert to my code and possibly where?
When I log in to portal, single sign-on feature works, as I am not asked for password every time. I would like to have the same thing for my SAPUI5 application.
Can I possibly use cookies? If yes, how?
Yes, you can have the same thing for your SAPUI5 application. You don't need to code anything. SSO for ABAP is standard configuration. You can use any of these:
SPNego for ABAP (included in SAP Single Sign-On 2.0)
SAML to Active Directory (assuming your users are there and that's why you have SSO to Portal)
When your company has implemented SSO for Portal, they should of course do the same for SAP GUI and ABAP HTTP. :-)
Note that there is a licensing cost for SAP Single Sign-On 2.0.
If you use ABAP on-premise system for your SAPUI5 app, then you need to have SAP Single-Sign-On solution installed, it includes SAML support.
SAML implementation on AS ABAP is provided by CommonCryptoLib (SAPCRYPTOLIB) so what you need here:
Install SAPCRYPTOLIB library server-side.
Not needed on Netweaver 72x/74x kernel PL released after November 2013, because now built-in kernel.
Enable SAML provider in AS ABAP in SAML2 transaction
Configure AS ABAP as service provider
Set up SAP SSO
After that you will be able to connect to ABAP system from your app.
If you connect to SCP cloud ABAP or HANA system, then this is even more simply because it supports SAML natively.
Related
We have a peculiar request from a customer who uses Oracle's Access Manager (OAM) as their SSO solution: They wish to add One-Time Password functionality, but they'd rather employ Keycloak's functionality for this.
So my question is, can one integrate Keycloak with OAM in order to leverage Keycloak's OTP functionality, while keeping the core SSO functionality served by OAM?
The One-Time Password, OTP integration in Oracle OAM is done via the Adaptive Authentication Service- refer the doc from version 12c, read section 32.2. Integration with Keycloak is not an option. Using the Adaptive Authentication Service (which is out of the box in 12c version) will provide you the One-Time Password functionality. However, if your requirement is to use Keycloak OTP then you will have to develop your own Custom Authentication plugin for integration with your third party, i.e. Keycloak. refer this doc on "Developing Custom Authentication Plugins".
Note: I have provided url for reference/docs from the latest version of Oracle Identity Management 12c since I do not know your current OAM version. There is significant development involved in writing your own custom authentication plugin. The out of the box OTP functionality with OAM (in version 12c) would be a much straightforward option.
There is an SAP ABAP standard table that I'm trying to access in SAPUI5.
I have created an RFC. How do I use this RFC in SAPUI5 to get the data there without using NetWeaver Gateway?
You can use a rest service or Web Service on the SAP system and consume the URL in your SAPUI5 application. You can create a SICF service and developer a handler for the service. In the handler you can fetch the content from the table and return the content.
Thanks and Regards,
Veera
I agree with Veera's answer and think that this is the best way of doing it without the Gateway when your application is deployed on the ABAP system (i.e. in the BSP repository). For completeness sake, I will also describe an alternative way of doing it if you are interested in exposing the application on the HANA Cloud Platform (HCP).
ABAP RFCs can be consumed through the HANA Cloud Connector (HCC) by HCP applications. So, if you would want to put your application in the HCP, then an idea would be to expose the RFC through the HCC, consume it e.g. in a Java application and the expose it to a UI5 app through this Java app (e.g. with a Servlet or a JAX-RS service). You can find an example of such a scenario in this repository and here you can find the SAP documentation about this.
Another HCP example is SFlight Sample Application.
Open source python and nodejs rfc connectors are also available, if RFC connection required.
I am reading alot about federated identity management and technologies like SAML, which can be used for implementing SSO for web applications, and Kerberos, which can be used for implementing SSO für desktop applications.
This is how I understood it so far. If we have the case, that we want to have SSO for a set of web applications and desktop applications, what are the technologies that are available for that? Do I have to combine SAML and Kerberos or is there another technology that fits better?
AFAIK, Microsoft ADFS and Oracle Access Manager are SSO products which supports SAML, Kerberos and other related protocols, does Windows based authentication and thus provide SSO access across webapps and desktop.
Check,
http://blogs.technet.com/b/abizerh/archive/2013/04/11/more-information-about-sso-experience-when-authenticating-via-adfs.aspx
https://docs.oracle.com/cd/E29542_01/doc.1111/e15740/wna.htm
We are looking forward to implement ADFS to implement SSO across our organization for various set of web applications such as (SAP, Siebel, Custom java based, Asp.net etc.).
I understand based on my research that ADFS can be used to achieve SSO for third party applications using SAML. It can act as an identity provider for third party applications. Please correct me if I am wrong.
Can we use the ADFS to implement cookie based SSO for the various internal web based apps which I mentioned above?? (For Ex: CA Siteminder, ORacle Access manager can work with almost every internal web based application)
In other words: we have one application using apache webserver, one using IIS webserver, one using IHS webserver; can ADFS be used to achieve Single sign on with all these applications??? If yes, How ???
Thanks in Advance...!!
Ashish
ADFS implements SSO via federation using either WS-Fed or SAML 2.0.
If these applications can support these protocols, then yes just federate these products with ADFS and you will get SSO.
e.g. SalesForce SSO with ADFS.
For Java you need a SAML stack e.g. Spring Security.
For ASP.NET, use OWIN or WIF.
My company is using shibboleth to perform Single sign on.
The applications we use to sign in are wordpress and Owncloud. Now, We are planning to include Tuleap Open ALM (Application Lifecycle Management) to use shibboleth to do single sign on.
So is there a plug-in to do it, A way it can be done or is it possible or impossible, Could you provide your views and thoughts to help me?
There is no explicit plugin for Tuleap to use shibboleth. However, I think shibboleth can be used with openId and that Tuleap can also be configured to use openId. The other Tuleap authentication methods are native and ldap.