SIS104 Identity Service from SAP Identity Provider for the Cloud Martin Raepple / SAP NetWeaver Cloud Platform Marko Sommer / SAP NetWeaver Identity

Similar documents
SAP Cloud Reference Systems. Scenario Outline. Cash and Liquidity Management (Processing Receivables and Payments)

SAP Cloud Reference Systems. Scenario Outline. Cash and Liquidity Management (Processing Payables and Payments)

SAP Cloud Reference Systems. Scenario Outline. Over-the-Counter Sales

SAP BusinessObjects BI 4.x & SAP NetWeaver BW. Mapping BEx Query Elements to SAP BusinessObjects BI4 Query Panel

Time Recording. SAP Best Practices

SAP Cloud Reference Systems. Scenario Outline. Procure-to-Pay (Stock)

SAP Cloud Reference Systems. Scenario Outline. Make-to-Stock

Security Considerations and Certificate Requirements. SAP Business One Cloud Landscape Workshop

SAP Cloud Reference Systems. Scenario Outline. Workforce Administration

Consulting Solution. Batch Management Batches on plant level + EWM. Contact: Matthias Nater for questions & contract details

SAP Cloud Reference Systems. Scenario Outline. Marketing-to-Opportunity

SAP BusinessObjects BI 4.x - Comparing interface options to SAP NetWeaver BW & SAP NetWeaver BW on SAP HANA - Ingo Hilgefort, SAP May 2013

How does all this work together BW, BW on HANA, Suite on HANA, HANA Live. Part 5: Customer Landscape #5

SAP Cloud Reference Systems. Scenario Outline. Quality Assurance

SAP Transportation Management. Visual Business Configuration with SAP TM

GRC Risk Management for Mining and Metal. Paul Petraschk, SAP September 2012

SAP Forum UK&I. Run like never before FORUM #SAPFORUM

Order to Cash (Standardized Services) SAP Business ByDesign

Configuring Substitution in MSS

How the University of Kentucky is Leveraging SAP HANA to Increase Student Success. David Ditzel D&T Account Executive SAP Public Sector

Accelerated Profitability Analysis (CO-PA) Reporting Using Virtual InfoProvider. Jeffrey Holdeman January 2013

SIS201 All You Need to Know About Security with SAP HANA Andrea Kristen, Holger Mack / TIP In-Memory Platform SAP TechEd 2012

Customer Contract Management. SAP Business ByDesign

Time and Labor Management. SAP Business ByDesign

Stop and Stage modeling in TOR

Hear How Bose Overcomes the Challenges of a Multichannel World. Matthias Göhler, VP, Product Management Multi Channel, SAP AG November 2012

Cash and Liquidity Management (Processing Payables and Payments) SAP Business ByDesign

Extending SAP NetWeaver Portal with Personalized Mobile App Gallery. Aviad Rivlin, Senior Product Manager, SAP October, 2013

AUSAPE - Webcast Disabling Hierarchical Access for Pricing. Jose Rausell, SAP Iberia Quality Director 21 st March 2013

Cash and Liquidity Management (Processing Receivables and Payments) SAP Business ByDesign

Stock Transfer. SAP Business ByDesign

Order-to-Cash (Specified Products) SAP Business ByDesign

Quality on Submit. Asaf Saar, SAP AG Area Product Owner CPO I2M Software Engineering Romanian Testing Conference nd Edition, May 16, 2013

SAP HANA Real-World Transformative Business Cases. Sajal Agarwal, Solution Marketing May 15, 2012

Order-to-Cash (Project based Services) SAP Business ByDesign

Marketing-to-Opportunity. SAP Business ByDesign

Strategic Sourcing. SAP Business ByDesign

IS-UT: Country-Specific Functions for Slovenia

Idea to Performance Connected Process Optimization. Executive Overview Presentation May 2013

ASUG Influence: SAP BusinessObjects Analysis Update Session #4210

Session: 0909 Big Data Velocity- Leveraging High Speed Event Streams with ESP and SAP HANA

Customer Center of Expertise Advanced Certification Guidelines Structure of Material Customer. Customer COE Program. January 2014

2010 SAP AG. All rights reserved. / Page 2

Device Notifications Troubleshooting the SAP Mobile Platform

Desktop Connection for SAP CRM Professional Edition 2.0 SP02. July 2014

WebDAV & remote support platform for SAP Business One

Make-to-Stock. SAP Business ByDesign

Finding the right WMS: A guide to the different types, the value, and your options to improve efficiency, throughput and cost.

PLM318: Analytics in Enterprise Asset Management

Golden Demo. Demo Script. SAP Business ByDesign. Customer Contract Management Classification: Internal and for Partners. SAP Cloud Reference Systems

SAP Best Practices for Subsidiary Integration in One Client Consolidation Preparation: Intercompany Reconciliation

SAP Transportation Management. Integration of SAP TM with Dangerous Goods

BIT600. SAP Business Workflow: Concepts, Inboxes, and Template Usage COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

SCM605 Sales Processing in SAP ERP

SAPSCM. Overview of the SAP Supply Chain Management Application COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

SCM550. Cross-Functional Customizing in Materials Management COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

SMP140 SAP Mobile Platform 3.0 for Solution Architects

BO100. Reporting with SAP BusinessObjects BI Solutions for SAP NetWeaver BW COURSE OUTLINE. Course Version: 15 Course Duration: 20 Hours

SCM610. Delivery Processing in SAP ERP COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

AC605 Profitability Analysis

SCM525. Consumption-Based Planning and Forecasting COURSE OUTLINE. Course Version: 010 Course Duration: 2 Day(s)

AC202. Accounting Customizing II: Special G/L Transactions, Document Parking, Substitutions/Validations, Archiving FI COURSE OUTLINE

SCM520. Purchasing COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

SAP Enterprise Inventory & Service-Level Optimization (SAP EIS formerly SmartOps) and APO

SMP130. SAP Mobile Platform for Enterprise Architects COURSE OUTLINE. Course Version: 10 Course Duration: 2 Day(s)

Enterprise Information Management. Steve Vazzano, SAP Solutions Engineer Matt Iacoviello Jr, SAP Solutions Engineer

Debit Memo Processing. SAP Best Practices

CR500. CRM Middleware COURSE OUTLINE. Course Version: 10 Course Duration: 2 Day(s)

FS242. Deposits Management in Banking Services from SAP 8.0 COURSE OUTLINE. Course Version: 10 Course Duration: 4 Day(s)

Sales Quotation. SAP Best Practices

SCM601. Processes in Logistics Execution COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

Asset Acquisition through Direct Capitalization. SAP Best Practices

PLM120 Document Management

SAPCRM SAP CRM Solution Overview

MOB320. SAP Agentry Work Manager for IBM Maximo COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

SAP Best Practices for Subsidiary Integration in One Client Intercompany Revenue Planning and Reporting with CO-PA

BOX310. SAP BusinessObjects Dashboards 4.1 COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

BOE330. SAP BusinessObjects Business Intelligence Platform: Designing and Deploying a Solution COURSE OUTLINE

HR505. Organizational Management COURSE OUTLINE. Course Version: 010 Course Duration: 4 Day(s)

AC410 Cost Center Accounting

Rework Processing (Stock-Manufactured Material) SAP Best Practices

SAP Mobile Application Certification Overview. SAP Integration and Certification Center November 2011

SAP BusinessObjects Information Design Tool 4.0. UNV Universe Conversion

TM430. Strategic Freight Management in SAP Transportation Management COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)8 Hours

EWM120. Extended Warehouse Management Customizing - Part II COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

New UI for Cost Center Planning with SAP ECC 6.0 EhP6. August, 2012

CR100. CRM Customizing Fundamentals COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

SMP230 SAP Mobile Platform 3.0 for Enterprise Architects

PLM230. SAP Project System Controlling COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

TEWM12 SAP Extended Warehouse Mangement II (SAP EWM)

ADM540. Database Administration SAP ASE for SAP Business Suite COURSE OUTLINE. Course Version: 16 Course Duration: 3 Day(s)

EWM110. Extended Warehouse Management - Customizing COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

TCRM10 CRM Fundamentals I

Quality Management for Procurement with Vendor Evaluation. SAP Best Practices

TM215. LSP Based Planning and Execution in SAP Transportation Management COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Managing Business in Times of Volatile Commodity Prices

SAP Visual Intelligence Learn how to use SAP's ultimate solution for self-service BI!

Business One in Action 'Quantity falls below the minimum inventory level' is received and the document cannot be saved. How can this be resolved?

IBP200. SAP Integrated Business Planning - Platform Features and Customizing COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

BPC440 SAP Business Planning and Consolidation: Consolidation

Transcription:

SIS104 Identity Service from SAP Identity Provider for the Cloud Martin Raepple / SAP NetWeaver Cloud Platform Marko Sommer / SAP NetWeaver Identity Management & Security

Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or to develop or release any functionality mentioned in this presentation. This presentation and SAP's strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP intentionally or grossly negligent. 2012 SAP AG. All rights reserved. 2

Agenda Getting Started: Single Sign-On and SAML Demo: Single Sign-on to SAP Travel OnDemand and Amadeus ID Service Integration with SAP NetWeaver Cloud Demo: Delegate Authentication to ID Service in your Application on SAP NetWeaver Cloud Demo: Working with User Profile Attributes in your SAP NetWeaver Cloud-based application 2012 SAP AG. All rights reserved. 3

After this lecture session, you will know more about user authentication in the Cloud details about the ID Service from SAP how ID Service can be used in your applications running on SAP NetWeaver Cloud 2012 SAP AG. All rights reserved. 4

Getting Started: Single Sign-On and SAML

Single Sign-On: The Corporate User s Perspective 2012 SAP AG. All rights reserved. 6

Single Sign-On: The Cloud User s Dilemma 2012 SAP AG. All rights reserved. 7

Single Sign-On for the Cloud with ID Service from SAP ID Service 2012 SAP AG. All rights reserved. 8

Cross Boundary Travel An Analogy for Single Sign-On Trust ID Card Passport Erika Mustermann, Citizen of Germany Passport US Immigration Office 2012 SAP AG. All rights reserved. 9

Single Sign-On Fundamentals Identity Provider (IdP) Trust Application with Service Provider (SP) 2 Security Token 3 Login Secret Credentials (e.g. Username/Password, PIN etc.) 1 User Security Token 2012 SAP AG. All rights reserved. 10

SAML a Standard for Single Sign-On Security Assertion Markup Language XML-/HTTP-based protocol for web-based Single Sign-On and Single Log-Out SAML Security Token: Assertion contains a user s authentication statement identifies the party who has issued the assertion with the statement may contain additional statements about the user s identity, i.e., role or group memberships of the authenticated user 2012 SAP AG. All rights reserved. 11

Single Sign-On with SAML 1. 1 User accesses protected web resource SAML IdP SAML SP on Service Provider (SP) 2. 2 SP sends SAML Authentication Request Trust via HTTP redirect to trusted Identity Provider (IdP) 3. 3 IdP authenticates the user (if not done already) 3 SAML Response 4 4. 4 Upon successful authentication, IdP sends SAML Response (which includes the 2 SAML Request 1 SAML Assertion) to the SAML Service Provider via HTTP POST User 2012 SAP AG. All rights reserved. 12

ID Service: SAML-based IdP for the SAP Cloud SAML2-compliant Identity Provider A central store for identities related to all on-demand applications and public web sites Central management of identity information (including user information, such as name, descriptor, email address, customer relation, passwords, etc.) Single Sign-On between SAP on-demand applications and integration with third-party on-demand applications 2012 SAP AG. All rights reserved. 13

Demo Single Sign-On to SAP Travel OnDemand and Amadeus with ID Service

ID Service: SAML-based IdP for the SAP Cloud (cont.) ID Service (SAML-compliant IdP) SAP Public Web Sites (SAP.com, SMP etc.) SAP Business ByDesign Platform SAP Store SSO LDAP SAML Assertion User (Individual, Customer, Partner) with one SAP identity ~4.2 Million Users and SAP NetWeaver Cloud 2012 SAP AG. All rights reserved. 15

ID Service integration with SAP NetWeaver Cloud

SAP NetWeaver Cloud: An open, standards-based Platform as a Service for rapid development of on-demand applications Standards-based development and run-time environment Persistency service leveraging the speed of HANA Scalable Document Service for managing unstructured data Connectivity service enabling seamless integration with SAP and other systems Federated identity management (e.g. via the ID service) Remotely monitored and managed via a web-based Operations Console Mail Service enables messages to be sent directly from NW Cloud apps Built around the SAP Store 2012 SAP AG. All rights reserved. 17

Why using ID Service for SAP NetWeaver Cloud-based Applications? ID Service from SAP is an instant user store for all your identities that require access to protected resources of your SAP NetWeaver Cloud-based applications provides standards-based SSO that enables users to log on only once and get seamless access to all your applications deployed in the Cloud... is an easy way for your Cloud-based applications to delegate authentication and identity management to a central service that is highly optimized for this task essentially keeps your developers focused on the business logic 2012 SAP AG. All rights reserved. 18

Supported scenarios to use ID Service an SAP NetWeaver Cloud deployed application Declarative authentication: Resource protection as defined for the web.xml descriptor by the Java EE servlet API DEMO Programmatic authentication: Resource protection handled by the application code Programmatic logout: Explicit logout within applications from a logout button or link User Profile Data: Getting specific user attributes DEMO 2012 SAP AG. All rights reserved. 19

Declarative authentication in the Cloud Application Developer register Account ID Service from SAP 1 web. xml CloudApp change auth-method to FORM (or SAML2) in web.xml 2 deploy TRUST CloudApp on SAP NetWeaver Cloud 4 3 User 2012 SAP AG. All rights reserved. 20

Demo Delegate Authentication to ID Service in your Application on SAP NetWeaver Cloud

Supported Authentication Methods for Applications deployed on the SAP NetWeaver Cloud Platform Scenario Recommended <auth-method> Comment/Constraints Web Application requiring SSO for external users and/or partners Non-Browser Client (e.g. Command Line Tools) FORM/SAML - BASIC For SAML, JavaScript and HTML support by the Client/User Agent is required AJAX Client (e.g. SAP UI5) FORM/SAML or BASIC AJAX calls must be within an existing session ID Service-supported Authentication Methods: SAML 2.0, BASIC AUTHENTICATION 2012 SAP AG. All rights reserved. 22

Working with User Profile Attributes Developer ID Service from SAP first_name last_name mail display_name 1 Use com.sap.security.um.user.* User Management APIs 3 Query Attributes of logged-in User CloudApp 2 deploy User CloudApp on SAP NetWeaver Cloud 2012 SAP AG. All rights reserved. 23

Demo Working with User Profile Attributes in your SAP NetWeaver Cloud-based application

Outlook (Mass) User Account Provisioning to ID Service from SAP NetWeaver Cloud Support for tenant-specific ID Service UI Customization in SAP NetWeaver Cloud < Your Logo > < Your Name > SSO to SuccessFactors Cloud Applications 2012 SAP AG. All rights reserved. 25

Outlook (cont.) Managing Authorizations (Role Assignments) in the Cloud SSO and Identity Federation with corporate Identity Provider Please join us for Session CD260 Corporate Identity Provider Employees Corporate Network SSO & ID Federation Business Application on SAP NetWeaver Cloud 2012 SAP AG. All rights reserved. 26

Further Information SAP Public Web SAP Insider Article: Enable Secure Single Sign-On in the Cloud SAP NetWeaver Cloud Developer Center: http://scn.sap.com/community/developer-center/cloudplatform SAP NetWeaver Cloud Identity Service: https://help.netweaver.ondemand.com/default.htm?id_service.html SAP Education and Certification Opportunities www.sap.com/education Watch SAP TechEd Online CD260 CD261 The Sky s the Limit Cloud Single Sign-On and On-Premise Identity Federation Hands-On Workshop (2hr) Hands-On with SAP NetWeaver Cloud Hands-On Workshop (2hr) 2012 SAP AG. All rights reserved. 27

Feedback Please complete your session evaluation for SIS104. Thanks for attending this SAP TechEd session.

2012 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, PowerPoint, Silverlight, and Visual Studio are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, z10, z/vm, z/os, OS/390, zenterprise, PowerVM, Power Architecture, Power Systems, POWER7, POWER6+, POWER6, POWER, PowerHA, purescale, PowerPC, BladeCenter, System Storage, Storwize, XIV, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner, WebSphere, Tivoli, Informix, and Smarter Planet are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the United States and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are trademarks or registered trademarks of Adobe Systems Incorporated in the United States and other countries. Oracle and Java are registered trademarks of Oracle and its affiliates. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems Inc. HTML, XML, XHTML, and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Apple, App Store, ibooks, ipad, iphone, iphoto, ipod, itunes, Multi-Touch, Objective-C, Retina, Safari, Siri, and Xcode are trademarks or registered trademarks of Apple Inc. IOS is a registered trademark of Cisco Systems Inc. RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold, BlackBerry Pearl, BlackBerry Torch, BlackBerry Storm, BlackBerry Storm2, BlackBerry PlayBook, and BlackBerry App World are trademarks or registered trademarks of Research in Motion Limited. Google App Engine, Google Apps, Google Checkout, Google Data API, Google Maps, Google Mobile Ads, Google Mobile Updater, Google Mobile, Google Store, Google Sync, Google Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik and Android are trademarks or registered trademarks of Google Inc. INTERMEC is a registered trademark of Intermec Technologies Corporation. Wi-Fi is a registered trademark of Wi-Fi Alliance. Bluetooth is a registered trademark of Bluetooth SIG Inc. Motorola is a registered trademark of Motorola Trademark Holdings LLC. Computop is a registered trademark of Computop Wirtschaftsinformatik GmbH. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, SAP HANA, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, ianywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase Inc. Sybase is an SAP company. Crossgate, m@gic EDDY, B2B 360, and B2B 360 Services are registered trademarks of Crossgate AG in Germany and other countries. Crossgate is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG. 2012 SAP AG. All rights reserved. 29

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback