TrustBroker™ Adapter by CyberSafe Limited

BENEFITS

• Supports a wide range of user authentication methods.
• Works best with any Kerberos authentication server, such as Active Directory.
• Does not require any specific UME user store - works with any.
• Works with both ABAP and Java applications running on NetWeaver.

PRICING AND IMPLEMENTATION

For a single license to install into a SAP NetWeaver JAVA AS, TrustBroker^™ Adapter costs $4000, and can be used by any number of SAP users. For larger quantities the cost per license is reduced. There is also an enterprise license available, which has no limitations on the number of copies that can be installed within your SAP landscape. Maintenance and support is provided for an annual fee, and depends on the level of support required.

If you would like us to provide you with a no obligation quotation, please contact us at sales@cybersafe.com and provide details of your requirements.

This solution is eligible for Standard Platform User Licensing. Click here to learn more about Platform User Licenses and order licenses for your users. 

FULL DESCRIPTION

The TrustBroker™ Adapter product includes a collection of JAAS login modules, which are installed into SAP NetWeaver®. When installed, they can be used to provide improved, or additional methods of Web browser-based user authentication for users who logon to SAP NetWeaver® applications, such as the SAP Portal, or other SAP Web-based applications. Some user authentication methods supported with the SAP NetWeaver® product (for example, Integrated Windows Authentication, a.k.a. SPNEGO) are also supported by the TrustBroker^™ Adapter, but are implemented in a more secure manner, and provide much improved interoperability and flexibility. Many companies that were previously using the SAP SPNEGOLoginModule have upgraded to the TrustBroker^™ Adapter to take advantage of the benefits.

The TrustBroker^™ Adapter product includes support for the following methods of authentication:

• Integrated Windows Authentication, using Kerberos credentials already available at the workstation. Similar, but less secure and less flexible functionality is included in SAP NetWeaver in the SPNEGOLoginModule. For example, the browsers on UNIX/Linux or Macintosh workstations are supported by TrustBroker^™ Adapter, but the SAP supplied SPNEGOLoginModule only supports browsers on Windows workstations.
• Integrated Windows Authentication can be temrporarily disabled on a per-session basis. This is a feature which is useful when a user uses Single SignOn (e.g. Integrated Windows Authentication) most of the time, but might occasionally want to logon to a SAP system using a different method so that they can authenticate as a user which is not the same as the user they logged onto Windows with. The TrustBroker^™ Adapter product has a feature which allows a parameter to be specified in the URL, to force IWA to fail and then an alternative login mothod can be be used instead for the logon session. This feature is not included in the SAP SPNEGOLoginModule.
• Kerberos authentication via a browser based login page. This method of authentication can be useful when a user logs in from a workstation which is not a domain member, but only has an Active Directory account and password. They can authenticate by entering an Active Directory account name and password into the SignOn screen shown, and can be authenticated to SAP using this account name, instead of having to enter a SAP user and password.
• RADIUS authentication via a browser based login page. This can be useful if you have two-factor authentication devices, e.g. RSA SecurID tokens and want users to be able to login using these tokens, instead of an Active Directory account and password.

For all authentication methods, when the authenticated user ID is different from the SAP® user ID, mapping can be used, and then an SSO2 ticket can be issued for single sign-on (SSO) purposes. Mapping information maintained in an ABAP^™-based SAP NetWeaver Application Server and used for SAP GUI SNC user authentication can be used for Web-based application authentication.

Supports SAP NetWeaver Portal, as well as other SAP applications accessible via a Web browser, including applications running on SAP ABAP AS.

Supports a "shared workstation" scenario where common authentication or reduced sign-on is required instead of SSO - when a different Active Directory user needs to log on to the SAP system using the same workstation, the current user doesn't have to log off the workstation.

CONTACT INFORMATION

SAP CERTIFICATIONS

SOFTWARE REQUIREMENT SPECIFIED BY PARTNER

• SAP NetWeaver 2004 SR12 or later
• SAP NetWeaver 7.0 (2004s) or later
• SAP Java AS
• For Kerberos 5 authentication, and Integrated Windows Authentication, Active Directory on Windows 2000, 2003 or 2008
• For RADIUS authentication, any atandard RADIUS Authentication Server
• SAP NetWeaver on Solaris, HP-UX, AIX, RedHat / SuSE Linux, Windows Servers x86 / x64

SUPPORT

Support for this solution is provided by the vendor. For details regarding support for this solution, please contact the vendor using the "Contact Me" button above.

RELATED PARTNER SOLUTIONS