CyberSafe - Product Solutions - SAP NetWeaver and SAP Web AS

Solutions • TrustBroker™ • SAP® NetWeaver® and SAP® Web AS

If you have SAP® R/3 and/or SAP® NetWeaver® Web Application Servers deployed in your network, and would like one, or more of the following :

Improved SAP® system, and network security;
A solution which allows IWA and SSSO for users logging onto :
- SAP® Enterprise Portal;
- SAP® Applications via a Web browser, and hosted on SAP® Web Application Server;
- SAP® Applications implemented as services in the Integrated ITS (e.g. webgui on SAP® NetWeaver® 2004);
A SAP® Certified, and Powered by SAP® NetWeaver® JAAS Login Module, which uses SPNEGO, GSS-API and Kerberos for user IWA and SSSO;
A replacement for the SAP® IIS Proxy product, which is being widthdrawn by SAP® AG in January 2006;
Avoid transmission of passwords across the network between SAP® Application components, or during a user logon session;
Allow user authentication to use a method of authentication stronger than a user account name and password (e.g. using a smart card, or two-factor token device);
Support for fall-back authentication, so that when accessing SAP® Applications via a Web browser, and IWA is not possible (e.g. when user is unable to logon to their Workstation using a Microsoft Active Directory Domain user account) an alternative logon method can be implemented. The fall-back method can ask the user to logon using their Microsoft Active Directory Domain user account name and password, but via the browser instead of during their initial Workstation logon;
Allow user mapping, so that an authenticated identity can be mapped onto a SAP® User ID;
Centralised user password policy management, and common authentication;
A strategic authentication solution, which is complementary when used with other SAP® security products, e.g. When used with a SAP® user provisioning product, and/or when SAP® Web Application Server has been configured to use Microsoft Active Directory as a user store.

Then, this is the security solution you need. More details are provided below :

Contact Us

If you would like to discuss your requirements, and/or would like to arrange an evaluation, or a quotation for this solution please let us know by clicking here...

Operating Systems

The following operating systems are supported by the TrustBroker™ Adapter, for SAP® NetWeaver®.

SAP® Web Application Server, 6.40 or later :

Microsoft® Windows® 2000 & 2003 on x86 (32-bit)
SUN Solaris™ Versions 8, 9 & 10 on Sparc (32-bit & 64-bit)
SUN Solaris™ Version 10 on x86 (32-bit)
SUN Solaris™ Version 10 on x86_64 (AMD64) (32-bit & 64-bit)
Compaq Tru64™ Versions 4.0D, 5.0, 5.1, 5.1A & 5.1B (64-bit)
IBM AIX™ Versions 5.1, 5.2 & 5.3 on PowerPC (32-bit & 64-bit)
i5/OS v5r3 or later on IBM Series i (32-bit & 64-bit)
Hewlett Packard HP/UX™ Versions 11 & 11i v1 or v2 on PA-RISC (32-bit & 64-bit)
Hewlett Packard HP/UX™ Version 11i v2 on Itanium (IA-64) (32-bit & 64-bit)
Red Hat Linux Version 7.2 or later on x86 (32-bit)
Red Hat Enterprise Linux (RHEL) Version 3 on x86 (32-bit)
Red Hat Enterprise Linux (RHEL) Version 4 on x86_64 (AMD64 / EM64T) (32-bit & 64-bit)
Red Hat Enterprise Linux (RHEL) Version 4 on PowerPC (e.g. IBM iSeries / pSeries) (32-bit & 64-bit)
SuSE Linux Enterprise Server (SLES) Version 8 on x86 (32-bit)
SuSE Linux Enterprise Server (SLES) Version 9 on x86_64 (AMD64 / EM64T) (32-bit & 64-bit)
SuSE Linux Enterprise Server (SLES) Version 9 on PowerPC (e.g. IBM iSeries / pSeries) (32-bit & 64-bit)

SAP® Web Application Server and JAAS Login Modules

The JAAS Login Module, provided with the TrustBroker™ Adapter product, implements IWA so that users can logon to their Workstation, then use their Web browser to access a SAP® Web Application Server hosted application without having to re-authenticate. The support for IWA, included in Microsoft IE and Mozilla Firefox browsers is utilised by the Login Module to authenticate the user.

Once authenticated, a SAP® SSO2 Logon Ticket is issued, which is then used by the SAP® Application Servers to determine the users authenticated identity.

SSSO and IWA for SAP® Applications, installed on SAP® Web Application Server :

The diagram below shows how the TrustBroker™ Adapter, provides IWA and SSSO for a user, in this case the example user is "Lucy Chan".

Please click on this picture to see a larger version.

TrustBroker™ Adapter, for SAP® NetWeaver®

The TrustBroker™ Adapter, for SAP® NetWeaver® can be used to implement a wide range of use cases related to SAP® Application Security. Each use case requires CyberSafe TrustBroker™ products. These products include :

TrustBroker™ Application Security Runtime Library - This is the same Runtime Library, which is SAP® Certified for SNC, and can be used to implement a wide range of SAP® SNC Security Solutions. In this range of solutions this library is used by the JAAS Login Module to authenticate users via their Web browser.
TrustBroker™ Secure Client for Servers - This product is used on SAP® Web Application Servers to provide Kerberos key table and credential managament.
TrustBroker™ Application Security Java Runtime Library - This product is used by the JAAS Login Module as a Java Native Interface to the TrustBroker™ Application Security Runtime Library.
TrustBroker™ Adapter, for SAP® NetWeaver® - This product installs the packages for SAP® NetWeaver® and/or SAP® Web Application Server. These packages are described below :
- CSTBsapwaLoginModule.sda - This package installs the JAAS Login Module, which implements IWA and SSSO via Microsoft IE and Mozilla Firefox Web browsers.
- CSTBsapwaAuth.ear - This package installs a Java servlet which is required to enable IWA and SSSO for SAP® NetWeaver® Integrated ITS services, such as webgui.
- CSTBsapwaWebLogin.ear - This package installs a WebLogin login screen, which can be implemented as an alternative Login Module, for use when IWA is not possible.
- CSTBsapwaWebLogin.epa - This package contains a portal content structure, required by the WebLogin application when it is installed into the SAP® Enterprise Portal.