Click here for our home page Click here to find out about us Click here for products & services Click here for support Click here for news Click here for details of our partners Click here for our contact details
CyberSafe logo
Solutions • TrustBroker™ • SAP® ITS PAS Module

 

 

 

 

If you have SAP® R/3 and/or SAP® NetWeaver® Web Application Servers deployed in your network, and would like one, or more of the following :

  • Improved SAP® system, and network security;
  • A SAP® Certified, and Commercially Supported SNC Kerberos Library which can be used to provide secure communications between SAP® ITS AGate Servers and SAP® Applications deployed on Windows, UNIX or Linux Servers;
  • A solution which allows IWA and SSSO for users logging onto SAP® Applications via a Web browser using services on SAP® Internet Transaction Server ("ITS");
  • Avoid transmission of passwords across the network between SAP® Application components, or during a user logon session;
  • Allow user authentication to use a method of authentication stronger than a user account name and password (e.g. using a smart card, or two-factor token device);
  • Allow user mapping, so that an authenticated identity can be mapped onto a SAP® User ID;
  • Implement data privacy, by encrypting network communication sessions between application components, as well as providing data integrity to detect any tampering of data as it is transmitted across the network;
  • Centralised user password policy management, and common authentication;
  • A strategic authentication solution, which is complementary when used with other SAP® security products, e.g. When used with a SAP® user provisioning product, and/or when SAP® Web Application Server has been configured to use Microsoft Active Directory as a user store.

Then, this is the security solution you need. More details are provided below :

 

 

 
 
Operating Systems

 

The following operating systems are supported by the TrustBroker™ PAS Module, for SAP® ITS .

 

SAP® Application Server :

  • Microsoft® Windows® 2000 & 2003 on x86 (32-bit)
  • SUN Solaris™ Versions 8, 9 & 10 on Sparc (32-bit & 64-bit)
  • SUN Solaris™ Version 10 on x86 (32-bit)
  • SUN Solaris™ Version 10 on x86_64 (AMD64) (32-bit & 64-bit)
  • Compaq Tru64™ Versions 4.0D, 5.0, 5.1, 5.1A & 5.1B (64-bit)
  • IBM AIX™ Versions 5.1, 5.2 & 5.3 on PowerPC (32-bit & 64-bit)
  • i5/OS v5r3 or later on IBM Series i (32-bit & 64-bit)
  • Hewlett Packard HP/UX™ Versions 11 & 11i v1 or v2 on PA-RISC (32-bit & 64-bit)
  • Hewlett Packard HP/UX™ Version 11i v2 on Itanium (IA-64) (32-bit & 64-bit)
  • Red Hat Linux Version 7.2 or later on x86 (32-bit)
  • Red Hat Enterprise Linux (RHEL) Version 3 on x86 (32-bit)
  • Red Hat Enterprise Linux (RHEL) Version 4 on x86_64 (AMD64 / EM64T) (32-bit & 64-bit)
  • Red Hat Enterprise Linux (RHEL) Version 4 on PowerPC (e.g. IBM iSeries / pSeries) (32-bit & 64-bit)
  • SuSE Linux Enterprise Server (SLES) Version 8 on x86 (32-bit)
  • SuSE Linux Enterprise Server (SLES) Version 9 on x86_64 (AMD64 / EM64T) (32-bit & 64-bit)
  • SuSE Linux Enterprise Server (SLES) Version 9 on PowerPC (e.g. IBM iSeries / pSeries) (32-bit & 64-bit)

SAP® Internet Transaction Server (ITS) :

  • Microsoft® Windows® Server 2000 or 2003 running IIS 5 or later.
Prerequisites

 

The following list shows the prerequisites when using the TrustBroker™ PAS Module, for SAP® ITS.

  • ITS 6.20 or later (patch 8 or later recommended).
  • SSO2 Logon Tickets should be configured and enabled in each SAP® Application Server.
  • An ITS dual host or single host deployment.

 

 
SAP ITS PAS Module

 

Many security solutions are possible when using the SAP® SNC library in conjunction with the CyberSafe TrustBroker Application Security Runtime Library. Some common uses for the SAP® SNC interface to the CyberSafe TrustBroker products are described below :

 

SSSO with SAP ITS for IIS, and Integration with Microsoft Active Directory :

With this use case the same credentials and common authentication technology are used to securely authenticate users via a Web browser when accessing the SAP® R/3 Applications. The SNC security is used between the WGate and AGate components and between the AGate and the SAP® R/3 Application Server.

 

The diagram below shows the architecture of this use case :

 

 

 

TrustBroker PAS Module, for SAP® ITS

 

The TrustBroker™ PAS Module, for SAP® ITS can be used to implement a wide range of use cases related to SAP® Application Security. Each use case requires CyberSafe TrustBroker™ products. These products include :

  • TrustBroker™ Application Security Runtime Library - This product is used for SAP® SNC based network security. The Runtime Library is typically used by applications that have been previously developed using the TrustBroker™ Application Security SDK or application that have been devleoped to the GSS-API v2 standards and need a runtime security library. The SAP® products can be configured to use this TrustBroker™ library for security purposes via the SAP® SNC interface.
  • TrustBroker™ Secure Client for Servers - This product is used on SAP® Application Servers to provide Kerberos key table and credential managament.
  • TrustBroker™ PAS Module - This product provides a Pluggable Authentication Service for SAP® ITS, in order to provide IWA and SSSO to users accessing ITS services via a Web browser.
 

 

 
 

 

Copyright © 2002-2006 CyberSafe Limited. All rights reserved • Trademarks & Legal InformationPrivacy PolicyReport Email Spam