Scribd Logo
Carica

Benvenuto in Scribd!

  • OpenSAP HANACLOUD1 Week 04 User Authentication and Security

    Caricato da

    w1r41984
    84 visualizzazioni24 pagine
    Sap Hana

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Sap Hana

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    84 visualizzazioni24 pagine

    OpenSAP HANACLOUD1 Week 04 User Authentication and Security

    Caricato da

    w1r41984
    Sap Hana

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 24

    Week 4 Unit 1: Security Development

    October, 2013

    Security Development
    Enabling Authentication for Browser-based Applications

    Browser

    Access-protected Web Resources

    Your SAP HANA Cloud Application(s)

    User
    Authenticate

    SAP HANA Cloud Platform Delegate Authentication & Identity Management

    Identity Provider (IdP)


    (for example, SAP ID Service, SAP NetWeaver SSO, 3rd party SAML 2.0 IdP, )

    2013 SAP AG. All rights reserved.

    Public

    Security Development
    Standards-based SSO for Browser-based Applications with SAML 2.0

    Browser

    User with Web Browser

    Access-protected Web Resources

    Your SAP HANA Cloud Application(s)

    2 4

    SAML Request

    SAML Response

    SAP HANA Cloud Platform

    3
    Authenticate

    SAML 2.0-compliant Identity Provider

    2013 SAP AG. All rights reserved.

    Public

    Security Development
    Enabling Authentication for Browser-based Applications

    Configuration in Java-based SAP HANA Cloud Applications web.xml:


    <login-config> <auth-method>FORM</auth-method> </login-config> <security-constraint> <web-resource-collection> <web-resource-name>Protected</...> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Administrator</role-name> </auth-constraint> </security-constraint> <security-role> <description>Administration users</...> <role-name>Administrator</role-name> </security-role>
    2013 SAP AG. All rights reserved.

    Public

    Security Development
    Enforcing Authorizations

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); if(!request.isUserInRole("Administrator")){ response.sendError(403, "Logged in user does not have role Administrator"); return; } else { out.println("Hello administrator"); } }

    2013 SAP AG. All rights reserved.

    Public

    Security Development
    What Youve Learned in This Unit

    How SAML 2.0 works How to enable authentication for your Web applications How to work with roles

    2013 SAP AG. All rights reserved.

    Public

    Week 4 Unit 2: Local Security Testing


    October, 2013

    Local Security Testing


    Configuring Test Users and Managing Roles on the Local Server (1)

    Developers Local System


    Your SAP HANA Cloud Application

    Local Test User

    Access-protected Web Resources

    Local HANA Cloud Server


    Test User Accounts

    2013 SAP AG. All rights reserved.

    Public

    Local Security Testing


    Configuring Test Users and Managing Roles on the Local Server (2)
    Eclipse Tools for the SAP HANA Cloud Platform Test User Attributes

    Local Test Users

    Assigned Role(s) to the Test User on the Local Server

    2013 SAP AG. All rights reserved.

    Public

    Local Security Testing


    What Youve Learned in This Unit

    How to configure users and roles in a local environment How to test the security settings in a local environment

    2013 SAP AG. All rights reserved.

    Public

    Week 4 Unit 3: Security Testing in the Cloud


    October, 2013

    Security Testing in the Cloud Test SSO in the Cloud with the Local Test Identity Provider
    Developers Local System
    Browser Your SAP HANA Cloud Application

    Access-protected Web Resources

    Local Test User

    SAP HANA Cloud Platform

    Test User Accounts

    SAML 2.0 Test IdP

    Local SAP HANA Cloud Server


    2013 SAP AG. All rights reserved.

    Public

    Security Testing in the Cloud


    What Youve Learned in This Unit

    How to set up your local test environment with the local test IdP How to conduct end-to-end testing in the cloud with the local test IdP

    2013 SAP AG. All rights reserved.

    Public

    Week 4 Unit 4: Security Configuration in the Cloud


    October, 2013

    Security Configuration in the Cloud


    Identity Provider Configuration in the Cloud (1)
    Option 1 (Default): SAP ID Service
    SAP Public Web Sites (SAP.com, SMP, SCN) SAP JAM

    Browser

    Single Sign-On (SSO)

    Your SAP HANA Cloud Application(s)

    User
    SAP HANA Cloud Platform

    SAP ID Service
    ~4.2 Million Users
    2013 SAP AG. All rights reserved.

    Public

    Security Configuration in the Cloud


    Identity Provider Configuration in the Cloud (2)
    Option 2: Your (Corporate) SAML 2.0 Identity Provider Corporate Network

    Your SAP HANA Cloud Application(s)


    Browser

    Single Sign-On (SSO)

    Employees

    SAP HANA Cloud Platform

    SAML 2.0-compliant Identity Provider (IdP)


    2013 SAP AG. All rights reserved.

    Public

    Security Configuration in the Cloud


    Role Assignments in the Cloud

    Direct, static Role Assignment UserID = john.doe? Role: Administrator

    john.doe

    Indirect, dynamic Role Assignment Department = Sales ? Group: Sales


    Employees in Sales Department

    Roles: Service User CRM User

    2013 SAP AG. All rights reserved.

    Public

    Security Configuration in the Cloud


    What Youve Learned in This Unit

    How to implement SSO and identity federation with a productive IdP (either SAP ID Service or your corporate IdP) How to assign roles in the cloud How to use groups to assign roles indirectly

    2013 SAP AG. All rights reserved.

    Public

    Week 4 Unit 5: Security Troubleshooting


    October, 2013

    Security Troubleshooting
    Network Protocol Analyzers

    Wireshark Fiddler SAML Tracer

    110000111

    2013 SAP AG. All rights reserved.

    Public

    Security Troubleshooting
    Activating Debug Logs

    2013 SAP AG. All rights reserved.

    Public

    Security Troubleshooting
    What Youve Learned in This Unit

    How to use different tools to debug security issues How to filter log files to identify authentication-relevant issues

    2013 SAP AG. All rights reserved.

    Public

    Thank you

    Contact information: open@sap.com

    2013 SAP AG. All rights reserved.

    No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

    2013 SAP AG. All rights reserved.

    Public

    Potrebbero piacerti anche