SSO英文全稱Single Sign On,單點登陸。SSO是在多個應用系統中,用戶只須要登陸一次就能夠訪問全部相互信任的應用系統。它包括能夠將此次主要的登陸映射到其餘應用中用於同一個用戶的登陸的機制。認證系統的主要功能是將用戶的登陸信息和用戶信息庫相比較,對用戶進行登陸認證;認證成功後,認證系統應該生成統一的認證標誌(ticket),返還給用戶。它是比較流行的企業業務整合的解決方案之一。
企業應用集成(EAI, Enterprise Application Integration)。企業應用集成能夠在不一樣層面上進行:例如在數據存儲層面上的「數據大集中」,在傳輸層面上的「通用數據交換平臺」,在應用層面上的「業務流程整合」,和用戶界面上的「通用企業門戶」等等。事實上,還有一個層面上的集成變得愈來愈重要,那就是「身份認證」的整合,也就是「單點登陸。
在信息安全管理中,訪問控制(Access Controls)環繞四個過程:Identification;Authentication;Authorization;Accountability。單點登陸(Single Sign On)屬於Authorization受權系統,除單點登陸外還包括:Lightweight Directory Access Protocol 和 Authorization ticket。html
咱們介紹一下 SAP SSO Single Sign-On 單點登陸 ios
SAP portfoliogit
SAP Single Sign-On provides simple, secure access to IT applications for business users. It offers advanced security
capabilities to protect your company data and business applications.
Simple and secure access
Single sign-on for native SAP clients and web applications
Single sign-on for mobile devices
Support for cloud and on-premise landscapes
Secure data communication
Encryption of data communication for SAP GUI
Digital signatures
FIPS 140-2 certification of security functions
Advanced security capabilities
Two-factor authentication
Risk-based authentication using access policies
RFID-based authentication
Hardware security module supportweb
With two-factor authentication you can implement a strong form of authentication for access to corporate resources – for example, for especially critical systems or securing access from outside the company. SAP Single Sign-On 2.0 supports two-factor authentication via time-based one-time passwords (TOTP) generated by the SAP Authenticator mobile app. Alternatively, out-of-band transport of tokens, including one-time passwords sent via SMS or email or RSA/RADIUS, are supported.安全
SAP Single Sign-On 2.0 (since SP5) offers risk-based authentication. This means that an authentication process can dynamically adapt to the context of an individual authentication request based on custom-defined access policies. First, you check the context information of an authentication attempt. This could be the IP address of the client, location, date/time, device information, or user attributes such as groups, for example. Secondly, based on this context information you then make a dynamic decision on whether you accept or deny access, or alternatively enforce two-factor authentication in case the context indicates a higher risk. You could even reduce the privileges of the person accessing the backend system, thus limiting the business functionality available to this user.微信
For scenarios where users need quick access to a system to perform short tasks, you can use fast user identification via radio-frequency identification (RFID). The user is identified via an RFID token, such as a company batch card. RFID authentication is ideally suited to warehouse and production scenarios with dedicated kiosk PCs for authentication.架構
Digital signatures uniquely identify the signer, protect the integrity of the data, and provide the means for a binding signature that cannot be denied afterwards. SAP Single Sign-On supports digital signing using the Secure Store and Forward (SSF) interface. The Secure Login Client for SAP GUI can use X.509 certificates for digital signatures in an SAP environment. Server-side digital signatures are supported by the SAP Common Cryptographic Library. In addition, SAP Single Sign-On includes support for server-side digital signatures via hardware security modules, offering increased security and performance.app
SAP Single Sign-On 2.0 (since SP6) supports automated renewal of X.509 certificates for SAP NetWeaver Application Server ABAP using Secure Login Server. This reduces manual efforts and prevents downtime.less
The SAP Single Sign-On solution brings simplicity for your end-users by eliminating the need for multiple passwords and user IDs. In addition, you can lower the risks of unsecured login information, reduce help desk calls, and help ensure the confidentiality and security of personal and company data. In order to meet evolving security demands, you can extend your single sign-on solution even further and offer your end-users 「mobile single sign-on」. Your mobile users will have only one password to remember, less typing of complicated user IDs and passwords, and more time for actual work!運維
SAP Single Sign-On 2.0 (since SP4) supports single sign-on from mobile devices, offering both a simple and secure solution for mobile access to your corporate business processes. The solution is based on time-based one-time passwords (TOTP) generated by the SAP Authenticator mobile app. The SAP Authenticator mobile app is available for both iOS and Android, and supports the IETF standard RFC 6238.
We assume that the user already started the SAP Authenticator application earlier in same day and now he wants to start using one of his bookmarked web applications, for example SAP Mobile Portal.
When the user clicks on the Mobile Portal bookmark, the SAP Authenticator generates a new passcode and creates a URL (for example https://portal_host/irj/portal?j_username=[username]&j_passcode=[passcode]), providing in the URL the UserName and the Passcode necessary for authentication. Then SAP Authenticator sends the URL to the browser and the browser opens the requested resource. The user sees only the authentication result when the requested resource appears.
Significant performance increase on all major platforms
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
但願對您公司企業信息化IT架構與管理有幫助。 其它您可能感興趣的文章:
軟件項目風險管理介紹
企業項目化管理介紹
智能企業與信息化之一
由企業家基本素質想到的
敏捷軟件質量保證的方法與實踐
構建高效的研發與自動化運維
IT運維監控解決方案介紹
IT持續集成之質量管理
人才公司環境與企業文化
企業績效管理系統之平衡記分卡
企業文化、團隊文化與知識共享
高效能的團隊建設
餐飲連鎖公司IT信息化解決方案一
若有想了解更多軟件研發 , 系統 IT集成 , 企業信息化,項目管理,企業管理 等資訊,請關注個人微信訂閱號:
做者:Petter Liu
出處:http://www.cnblogs.com/wintersun/
本文版權歸做者和博客園共有,歡迎轉載,但未經做者贊成必須保留此段聲明,且在文章頁面明顯位置給出原文鏈接,不然保留追究法律責任的權利。
該文章也同時發佈在個人獨立博客中-Petter Liu Blog。