Pluggable Authentication Service
Encyclopedia
Pluggable Authentication Services (PAS) allows SAP
user to be authenticated outside of SAP. When the user is authenticate by an external service, the PAS will issue an SAP Logon Ticket
or x.509
Certificate which will be used for future authentication into SAP systems. The PAS is generally regarded as an opportunity for companies to either use a new external authentication system or an existing external authentication system. In some cases, the PAS is used with an external single sign-on
system that uses SAP Logon Ticket
s or x.509
certificates.
SAP ERP
The SAP ERP application is an integrated enterprise resource planning software manufactured by SAP AG that targets business software requirements of midsize and large organizations in all industries and sectors...
user to be authenticated outside of SAP. When the user is authenticate by an external service, the PAS will issue an SAP Logon Ticket
SAP Logon Ticket
SAP Logon Tickets represent user credentials in SAP systems. When enabled, users can access multiple SAP applications and services through SAPgui and web browsers without further username and password inputs from the user...
or x.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
Certificate which will be used for future authentication into SAP systems. The PAS is generally regarded as an opportunity for companies to either use a new external authentication system or an existing external authentication system. In some cases, the PAS is used with an external single sign-on
Single sign-on
Single sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them...
system that uses SAP Logon Ticket
SAP Logon Ticket
SAP Logon Tickets represent user credentials in SAP systems. When enabled, users can access multiple SAP applications and services through SAPgui and web browsers without further username and password inputs from the user...
s or x.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
certificates.
External Authentication Systems
- Windows NT LAN Manager Authentication
- Windows NT domain controller (i.e., User ID and password verification)
- Binding LDAP to a directory server
- Authentication using the Secure Sockets Layer (SSL) protocol and x.509X.509In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
certificates - HTTP header variables (mapping userIDs)
- Authentication mechanism through the AGateAgateAgate is a microcrystalline variety of silica, chiefly chalcedony, characterised by its fineness of grain and brightness of color. Although agates may be found in various kinds of rock, they are classically associated with volcanic rocks and can be common in certain metamorphic rocks.-Etymology...
Prerequistes
- One system must be configured as the ticket-issuing system.
- Other SAP systems must be configured to accept logon tickets (and therefore preconditions for logon ticket configuration or non-logon ticket configuration, such as certificate, must be met prior).
- Usage of Secure Network CommunicationsSecure Network CommunicationsSecure Network Communications is a software layer in the SAP system architecture that enables the use of stronger authentication, encryption and single sign-on mechanism. SAP provides SNC for server to server communications only...
because authentication occurs externally. - Ticket-issuing SAP system must be able to recognize user's ID.
See Also
- single sign-onSingle sign-onSingle sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them...
- Secure Network CommunicationsSecure Network CommunicationsSecure Network Communications is a software layer in the SAP system architecture that enables the use of stronger authentication, encryption and single sign-on mechanism. SAP provides SNC for server to server communications only...
- SAPguiSAPguiSAPGUI is the GUI client in SAP R/3's 3-tier architecture of database, application server and client. It is software that runs on a Microsoft Windows, Apple Macintosh or Unix desktop, and allows a user to access SAP functionality in SAP applications such as SAP ERP and SAP Business Information...
- SAP Logon TicketSAP Logon TicketSAP Logon Tickets represent user credentials in SAP systems. When enabled, users can access multiple SAP applications and services through SAPgui and web browsers without further username and password inputs from the user...