SAP Security Online - Enterprise Portal Architecture


	R/3 Security
	BW Security
	Enterprise Portal
		Installation Guide
	CUA
	Single Sign On
	SOX/ SoD
	OSS
	HR Security
	Other SAP Apps
	Solution Manager
	Interview Questions

Enterprise Portal

SAP Enterprise Portal offers users a single point of access to all applications, information, and services needed to accomplish their daily tasks. Links to back-end and legacy applications, self-service applications, company intranet services, and Internet services are all readily available in the user’s portal.

Portal Architecture overview

The security features of SAP Enterprise Portal include:
•Authentication – Confirms or denies user identity through user ID and password, This can be done by using the existing LDAP Server
•Authorization – Enforces role-based authorization for all content under the administrative control of the portal and prevents unauthorized access.

If you plan to have external users (internet users ) access your portal or backend system. Have a proxy server installed and place it in DMZ. Follow the link below at the bottom of this page for installing proxy server. The advantage is you don’t have your portal server facing the world, and disadvantage is that you have additional hardware.

I prefer proxy server for internal users also. I can hide the port number from users.

ep_diagram

Single Sign-On (SSO) Single Sign-On (SSO) provides secure access to multiple systems without requiring users to reenter ID and password information for each application. In a portal environment, an SSO mechanism maps portal authentication information to each application for which a user holds predefined access permissions. This reduces user frustration, providing enhanced interaction with enterprise resources via the portal. You can have SSO enable for Portal using third party tool like Siteminder from Netegrity. This will use Windows authentication. This means once you sign on to your windows operating system,you don’t have to sign on to portal again.

Then you have to enable SSO between Portal and R3 system so that you don’t have to sign on to R3 or any other SAP system if you are accessing data from any of these systems. This can be done using SAP logon. Logon ticket, verifies the digital signature, and extracts the appropriate user ID.

If you plan to have external users access your portal / backend system. You can have additional layer of security by giving them secureID or digital certificate.

Apache Configuration for J2EE Web Applications

This document explains and describes how to set up the Apache Web server for use with the SAP J2EE Engine. This example is based on a Red Hat Linux installation and is transferable to all other operating systems. It will give you instructions how to configure the Apache with Proxy Mode The backend used in the tests was a SAP J2EE Server running Enterprise Portal 6.0. ....more

SAP Help | SAP Service Market Place | SAP SDN