Integration into Single Sign-On Environments

Use

Composite Application Framework Core (CAF Core) supports the Single Sign-On (SSO) mechanisms provided by the SAP NetWeaver Application Server. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Application Server Security Guide also apply to CAF Core.

The supported mechanisms are listed below.

Secure Network Communications (SNC)

SNC is available for user authentication and provides an SSO environment when using the SAP GUI for Web Services or Remote Function Calls (RFCs).

For more information, see Secure Network Communications (SNC) in the SAP NetWeaver Application Server Security Guide.

SAP Logon Tickets

CAF Core does not support the use of logon tickets for SSO when using a Web browser as the frontend client. For business entity connectivity, use X509 client certificates.

Client Certificates

As an alternative to authentication with a user ID and password, users using a Web browser as a frontend client can also provide X.509 client certificates for authentication. In this case, user authentication is performed on the Web server with the Secure Sockets Layer Protocol (SSL Protocol) and no passwords have to be transferred. User authorizations are valid in accordance with the authorization concept in the SAP system.

You can find more information under Client Certificates in the SAP NetWeaver Application Server Security Guide.