Академический Документы
Профессиональный Документы
Культура Документы
Security Concept
Security Concept
Topics
Authentication & Single Sign-On
Authorization Management
Web API Protection
Identity Propagation
Public
Security Concept
Authentication & single sign-on
Your SAP HANA Cloud Platform
Web application(s)
Web
browser
Access-protected
Web resources
XS
App
SAP HANA
Cloud Platform
User
Authenticate /
single sign-on
Delegate
authentication &
identity management
Public
Security Concept
Identity provider options on SAP HANA Cloud Platform
SAPs public identity provider on the Internet
Free service
Default identity provider for HCP trial accounts
SAP ID service
Internet
SAP HANA
Cloud Platform
Corporate
network
Public
Security Concept
Authorization management
Group
is assigned to
is assigned to
(static OR federated
assignment)
(static assignment)
App
XS
is assigned to
User
2016 SAP SE or an SAP affiliate company. All rights reserved.
(static assignment)
Role
Public
Security Concept
Web API protection
Web browser
XS
API
SAP HANA
Cloud Platform
Public
Security Concept
Identity propagation
Initial login
App
XS
XS
API
API
SAP HANA
Cloud Platform
SAP /
Non-SAP Cloud
API
SAP/Non-SAP
Back-End System(s)
Propagated
identity
Corporate Network
2016 SAP SE or an SAP affiliate company. All rights reserved.
Public
Security Concept
Outlook for this week
Unit 2: Securing HTML5 Apps
Authenticating users via SAML
Managing permissions and roles
Public
Thank you
Contact information:
open@sap.com
Public
10
Week 2 Unit 2:
Securing HTML5 Apps
neo-app.json
{
"authenticationMethod": "saml",
"logoutPage": "logout.html",
...
"routes": [
...
],
"securityConstraints": [
...
],
...
}
Public
User
Employee
(Custom Role)
Public
Resources
SAP HANA
Cloud Platform
neo-app.json
{
...
"securityConstraints": [
"permission": "accessProjectData",
"description": "Protected Project Data",
"protectedPaths": [
"/projects"
],
],
...
Protected
Resources
/projects
HTML5 App
Public
Thank you
Contact information:
open@sap.com
Public
Week 2 Unit 3:
Securing Java Apps
web.xml
<login-config>
<auth-method>
[BASIC|CERT|FORM|]
</auth-method>
</login-config>
Username/Password
X.509
Client Certificate
SAP HANA
Cloud Platform
SAML 2.0
Public
User
ProjectManager
(Predefined Role)
web.xml
...
<security-role>
<role-name>ProjectManager</role-name>
</security-role>
SAP HANA
Cloud Platform
Public
Thank you
Contact information:
open@sap.com
Public
Week 2 Unit 4:
Securing Web APIs
REST Client
(e.g. native mobile app)
API
poai3-36d24fdwq59
SAP HANA
Cloud Platform
Public
Public
REST Client
(e.g. native mobile app)
SAML
2
4
OAuth
API
SAML
1
OAuth 2.0
authorization
server
poawq59
SAP HANA
Cloud Platform
SAP HANA
Cloud Platform
Public
Thank you
Contact information:
open@sap.com
Public
XS
API
User
Dedicated or shared
SAP HANA
SAP HANA
Cloud Platform
2016 SAP SE or an SAP affiliate company. All rights reserved.
Public
User
Identity
Propagation
API
XS
Dedicated or shared
SAP HANA
SAP HANA
Cloud Platform
Identity Provider
(IdP)
2016 SAP SE or an SAP affiliate company. All rights reserved.
Public
User
Identity
Propagation
API
XS
Dedicated or shared
SAP HANA
SAP HANA
Cloud Platform
Identity Provider
(IdP)
2016 SAP SE or an SAP affiliate company. All rights reserved.
Public
HTTP
Destination
(App2AppSSO*)
API
(SAML)
XS
Dedicated or shared
SAP HANA
SAP HANA
Cloud Platform
* Application-to-Application SSO Authentication
2016 SAP SE or an SAP affiliate company. All rights reserved.
Public
TRUST
SAML
Identity
Provider
Local
Service
Provider
HTTP
Destination
(App2AppSSO*)
API
(SAML)
XS
SAP HANA
Cloud Platform
* Application-to-Application SSO Authentication
2016 SAP SE or an SAP affiliate company. All rights reserved.
Public
HTTP
Destination
(App2AppSSO*)
API
(SAML)
SAML
Identity
Provider
XS DB User
SAP HANA
Cloud Platform
* Application-to-Application SSO Authentication
2016 SAP SE or an SAP affiliate company. All rights reserved.
Public
Public
Public
!i
Additional
Material
http://scn.sap.com/community/developer-center/cloudplatform/blog/2016/03/21/principal-propagation-betweenhtml5-and-sap-hana-xs-on-sap-hana-cloud-platform
Public
10
Thank you
Contact information:
open@sap.com
Public
12
User
Identity
Propagation
API
XS
Dedicated or shared
SAP HANA
SAP HANA
Cloud Platform
Identity Provider
(IdP)
2016 SAP SE or an SAP affiliate company. All rights reserved.
Public
TRUST
SAML
Identity
Provider
Local
Service
Provider
XS DB User
SAP HANA
Cloud Platform
Public
TRUST
Local
Service
Provider
SAML
Identity
Provider
HTTP
Destination
(App2AppSSO*)
API
(SAML)
DB User
XS
SAP HANA
Cloud Platform
* Application-to-Application SSO Authentication
2016 SAP SE or an SAP affiliate company. All rights reserved.
Public
Public
!i
Additional
Material
http://scn.sap.com/community/developer-center/cloudplatform/blog/2016/03/21/principal-propagation-betweenhtml5-and-sap-hana-xs-on-sap-hana-cloud-platform
Public
Thank you
Contact information:
open@sap.com
Public