News & Information

CyberSafe TrustBroker™ products, for SAP business applications

CyberSafe TrustBroker Support Services

TrustBroker Products

What is TrustBroker?

A family of security products, which use standards-based protocols and cryptography, to provide strong authentication and deliver many security benefits to critical business applications. In particular, the products include a high performance, scalable, robust, and 100% IETF RFC 4120 compliant implementation of the Kerberos protocol (not based on open source code). This implementation of the Kerberos protocol has been designed specifically to support the needs of our customers, where the protocol is being used by critical business applications. The use of Kerberos allows the products to take advantage of an existing Microsoft Active Directory infrastructure for strong authentication and encryption key management.

Features and benefits

The products are designed to deliver authentication and security to mission critical business applications. They deliver an impressive array of features and benefits, including:

  • Using standards for security protocols, whenever possible instead of propriatory technology. A full list of the security standards included in, or used by the TrustBroker products can be found here...
  • Strong user authentication.
  • Secure single sign-on, reduced sign-on and common authentication. Even in business-partner or shared Workstation environments where single sign-on can't be used or isn't appropriate, TrustBroker products can enhance authentication & security.
  • Active Directory policy based configuration.
  • Flexible and configurable authentication methods, to support a wide range of needs.
  • One or two-factor user authentication.
  • Improved security and compliance.
  • Support for shared Workstations (also kiosk computers).
  • Supports credential delegation, or forwarding - useful for multi-tier applications.
  • Protection of application data in transit.
  • Many features included in a Microsoft Active Directory infrastructure are fully utilized and supported, including:
    • Active Directory Sites for correct domain controller discovery/usage.
    • Domain and forest transitive and non-transitive trust.
    • UPN suffix user authentication.
    • Domain referral.
  • Fast deployment.
  • Greater user productivity and efficiency.
  • Easy and quick to implement and deploy.
  • Easy to support and manage.
  • Professional services not required - the CyberSafe TrustBroker Support Services team of experts provide the necessary guidance and support, at no extra cost.
  • Full featured and standard non open source Kerberos.
  • Smart card user certificate logon (using PKINIT).
    • Uses RSA BSAFE Cryptography - from the vendor you can trust, for Public Key Cryptography.
  • Automatic encryption key renewal.
  • Extranet logon.
  • Advanced auditing.
  • Low total cost of ownership, and maximum return on investment.

Operating systems supported

  • Workstations: Mac OS X 10.8, 10.9, 10.10 or 10.11. Windows 7, 8, 8.1 or Windows 10.

  • Servers: Solaris 8, 9, 10 or 11. AIX 5, 6 or 7. HP-UX 11i v1, v2 or v3. RedHat EL 4, 5, 6 or 7. SuSE Linux ES 9, 10, 11 or 12. Windows Server 2003, 2008 or 2012. 

Lets meet the TrustBroker family...


This product comprises a Workstation and Server version. The Secure Client for Workstations product is commonly used when the application using the product has a component installed on a users Workstation, and the users of this application need to authenticate to application components running on servers which are using the Secure Client for Servers product. The Secure Client for Servers product can also be used for server to server authentication, delivering strong mutual authentication and encryption, whilst taking full advantage of the many benefits available when using the Kerberos protocol. The Secure Client includes many useful and advanced features, some of which are listed below:

  • Robust, secure, standards based and simple to configure Kerberos protocol libraries.
  • Key table management tools, designed to be secure and reduce the involvement of the Active Directory team when key tables are managed by application owners.
  • Tools to help with fast troubleshooting, which is important when critical business applications are relying on the Secure Client for authenticating users.
  • Advanced auditing features, to further improve time to troubleshoot issues, and allow for reporting and to help with security compliance.
  • Support for flexible user authentication, which can be configured using Active Directory domain policy if desired.

When business applications are using the Secure Client, the applications can benefit from these advanced features, and can also benefit from improved security of the application data in transit.


You can see customer reviews of this product on the SAP Store in the Customer Reviews section.


The Secure Client product has received the following certifications:



This product is installed into a SAP NetWeaver AS for Java system, and used to authenticate users logging onto SAP business applications using a Web browser. It can also be used for Web browser logon to applications running on SAP NetWeaver AS for ABAP systems. This product includes many JAAS login modules, which are used to support differnet customer needs. These login modules are summarized below:

  • HTTP Negotiate protocol.
  • Browser form-based Kerberos authentication.
  • RADIUS authentication.
  • HTTP Header Variable authentication.
  • User identity mapping.
  • A login module to check the SAP user's group membership, and decide what method of authentication can be supported based on membership. For example, if user is a member of a group then SAP user and password authentication can be denied and only allow user to logon using two-factor authentication (via RADIUS login module).


You can see customer reviews of this product on the SAP Store in the Customer Reviews section.


The Adapter product has received the following certifications:


This product is installed into a SAP NetWeaver AS for ABAP system, and used to authenticate users logging onto SAP business applications using a Web browser. Can be used with ICF services on AS ABAP, such as BSP applications, Web Dynpro ABAP applications, NetWeaver Business Client, CRM WebClient UI, Web GUI, or BW Web reports.

Some of the features are listed below:

  • Per application authenticaiton protocol configuration.
  • Provides Integrated Windows Authentication (using HTTP Negotiate protocol)
  • IWA can be selectively disabled (e.g. from shared workstations) or when SSO is not prefered or desired.
  • Browser form-based Kerberos authentication.
  • Support for external users.
  • Logging, for troubleshooting and auditing.
  • Can use multiple domains, with/without trust.
  • Can share identity mapping with AS ABAP SNC mapping (used by TrustBroker Secure Client products).


The One Credential product has received the following certifications:

Leave us a message, or ask a question   CyberSafe on Twitter  CyberSafe on LinkedIn  CyberSafe on YouTube