Contents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in



Similar documents
Angel Dichev RIG, SAP Labs

Enabling SSL and Client Certificates on the SAP J2EE Engine

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

Implementation Guide SAP NetWeaver Identity Management Identity Provider

JVA-122. Secure Java Web Development

PUBLIC Secure Login for SAP Single Sign-On Implementation Guide

CS 356 Lecture 28 Internet Authentication. Spring 2013

Biometric Single Sign-on using SAML

Biometric Single Sign-on using SAML Architecture & Design Strategies

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Java Security Web Services Security (Overview) Lecture 9

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

Agenda. How to configure

Unleash the Power of Single Sign-On with Microsoft and SAP

TIBCO Spotfire Platform IT Brief

Authentication and Single Sign-On. Patrick Hildenbrand NW PM Security, SAP AG

SAP Single Sign-On 2.0 Overview Presentation

SAP NetWeaver AS Java

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

SAP SECURITY AND AUTHORIZATIONS - RISK MANAGEMENT AND COMPLIANCE WITH LEGAL REGULATIONS IN THE SAP ENVIRONMENT

Configuring HTTPs Connection in SAP PI 7.10

CA SOA Security Manager

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

Test Plan Security Assertion Markup Language Protocol Interface BC-AUTH-SAML 1.0

How-To Guide SAP NetWeaver Document Version: How To Guide - Configure SSL in ABAP System

Perceptive Experience Single Sign-On Solutions

WEB SERVICES WITH APPLICATION SERVER ABAP

Gateway Apps - Security Summary SECURITY SUMMARY

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

AA enabling a closed source legacy application

Setup Guide Access Manager 3.2 SP3

CA Nimsoft Unified Management Portal

Interoperable Provisioning in a Distributed World

Using PI to Exchange PGP Encrypted Files in a B2B Scenario

Run-time Service Oriented Architecture (SOA) V 0.1

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Securing Web Services With SAML

An Oracle White Paper Dec Oracle Access Management Security Token Service

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Using etoken for SSL Web Authentication. SSL V3.0 Overview

SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation

Setup Guide Access Manager Appliance 3.2 SP3

Security and Risk Management

The Security Framework 4.1 Programming and Design

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

WebService Security. A guide to set up highly secured client-server communications using WS-Security extensions to the SOAP protocol

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

Eliminating Authentication Pop- Ups in SAP Landscapes

Entrust IdentityGuard Comprehensive

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Chapter 17. Transport-Level Security

WebNow Single Sign-On Solutions

WebSphere Training Outline

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

HexaCorp. White Paper. SOA with.net. Ser vice O rient ed Ar c hit ecture

NetIQ Identity Manager Setup Guide

Chapter 1: Web Services Testing and soapui

HTTPS Configuration for SAP Connector

Lukasz Pater CMMS Administrator and Developer

So far in the first three chapters of this book we have studied an overview of SAP

2014 IBM Corporation

A Java API for X.509 Proxy Certificates

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Use Enterprise SSO as the Credential Server for Protected Sites

Apigee Gateway Specifications

A standards-based approach to application integration

CA Performance Center

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

JVA-561. Developing SOAP Web Services in Java

Configuring Secure Socket Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Systems That Use Oracle WebLogic 10.

Understanding Digital Certificates and Secure Sockets Layer (SSL)

A Distributed Approach to Business Intelligence Systems Synchronization

GRID COMPUTING Techniques and Applications BARRY WILKINSON

IBM Security Access Manager for Web

SAML Security Option White Paper

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

SAP Web Application Server Security

Securely Managing and Exposing Web Services & Applications

Access Gateway Guide Access Manager 4.0 SP1

1 What Are Web Services?

1 What Are Web Services?

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

REST and SOAP Services with Apache CXF

Transcription:

at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure Web Services 335 A Setting Up the Certificate Authority and Key Management in the Enterprise Scenario 497 B Referenced Literature 535 C The Author 539 Bibliografische Informationen http://d-nb.info/987201492 digitalisiert durch

Preface 15 2.1 Security and Service-Oriented Architectures 24 2.1.1 Goals of Information Security 24 2.1.2 Service-Oriented Architectures and Enterprise SOA 27 2.1.3 Functional Security Requirements in a Service-Oriented Architecture 32 2.2 Developing Security Concepts 34 2.2.1 Risk Analysis 34 2.2.2 Selecting Security Measures 38 2.3 Basic Security Measures 39 2.3.1 Cryptography 39 2.3.2 Hash Functions 44 2.3.3 Message Authentication Code 45 2.3.4 Digital Signatures 46 2.3.5 Digital Certificates 48 2.4 Public Key Infrastructure 49 2.5 Summary 52 3.1 J2EE Application Security 54 3.1.1 Authentication 54 3.1.2 Authorization 59 3.2 J2EE Security in Practice 68 3.2.1 Introduction to the Enterprise Scenario 68 3.2.2 OrderManager Project 69

3.2.3 Functional Prerequisites 70 3.2.4 Role Model and Permissions 72 3.2.5 Architecture 72 3.2.6 Derivation of Permissions at Component Level... 75 3.2.7 Exercise 1: Protecting the OrderManager Application with J2EE Security 77 3.3 Application Security in J2EE Applications Using the SAP User Management Engine API 98 3.3.1 Role and Permission Model 99 3.3.2 Programming Model 100 3.3.3 Authentication 102 3.3.4 Authorization 106 3.3.5 Identity Management API 107 3.3.6 Exercise 2: Implementing the Extended Permission Concept Using the UME API 112 3.4 Java Authentication and Authorization Service 133 3.4.1 JAASAPI 134 3.4.2 Login Modules and Login Module Stacks 135 3.4.3 Callbacks and Callback Handler 140 3.4.4 Authorization with JAAS 141 3.4.5 JAAS in the SAP NetWeaver AS Java 142 3.5 Summary 148 4.1 Basic Principles 152 4.1.1 Advantages and Disadvantages 152 4.1.2 Approaches to Solutions 153 4.1.3 Portals 154 4.2 Single Sign-On in the Intranet 155 4.2.1 SAP Logon Ticket 156 4.2.2 Verifying SAP Logon Tickets in Third-Party Software 158 4.2.3 Enterprise Scenario: Single Sign-On Integration of an External Application into the Employee Portal 159 4.2.4 Exercise 3: Single Sign-On Integration of AddressBook into the Employee Portal 173

4.3 Intercompany Single Sign-On 194 4.3.1 Technical and Organizational Requirements 195 4.3.2 Roles 197 4.3.3 Identity Federation 198 4.3.4 Security Assertion Markup Language 202 4.3.5 Supporting SAML in SAP NetWeaver 217 4.3.6 Enterprise Scenario: Intercompany Single Sign-On Between Retailers and Wholesalers 220 4.3.7 Exercise 4: Implementing Intercompany Single Sign-On 238 4.4 Summary 287 5.1 Basic Principles 289 5.1.1 Goals 290 5.1.2 Lifecycle of Digital Identities 290 5.1.3 Advantages 291 5.1.4 Identity Management Systems 292 5.2 Service Provisioning Markup Language 292 5.2.1 Provisioning Model 293 5.2.2 Operations 295 5.2.3 Protocol and Bindings 295 5.2.4 Provisioning Schema 298 5.2.5 Implementations 300 5.2.6 Enhancements in SPML 2.0 301 5.3 SPML Support in SAP NetWeaver 302 5.3.1 UME Provisioning Schema 303 5.3.2 Use Cases 305 5.4 Federated Identity Provisioning 312 5.4.1 Enterprise Scenario: Federated Identity Provisioning Between Wholesalers and Retailers 314 5.4.2 Exercise 5: Implementing Federated Identity Provisioning 322 5.5 Summary 333

6.1 Architecture 335 6.2 Basic Web Service Standards 337 6.2.1 Extensible Markup Language 338 6.2.2 SOAP 339 6.2.3 Web Services Description Language 342 6.2.4 Threats 346 6.3 Security Standards 346 6.3.1 Secure Sockets Layer and Transport Layer Security 347 6.3.2 Web Services Security 349 6.3.3 Web Services Trust 358 6.3.4 Web Services Secure Conversation 358 6.3.5 Web Services Security Policy 359 6.4 Interoperability 362 6.4.1 WS-I Basic Security Profile 363 6.4.2 WS-I BSP Sample Application 364 6.4.3 WS-I Testing Tools 365 6.5 Support for Secure Web Services in SAP NetWeaver 366 6.5.1 WS-Security Development Model 366 6.5.2 Support in SAP NetWeaver AS Java 369 6.5.3 Support in SAP NetWeaver AS ABAP 388 6.5.4 Summary 406 6.5.5 Outlook 407 6.6 Testing and Error Analysis 408 6.6.1 Carrying out Connection Tests 409 6.6.2 Recording and Visualizing Message Flow 411 6.6.3 Solving Synchronization Problems 416 6.7 Enterprise Scenario: Process Automation with Web Services 418 6.7.1 System Architecture 419 6.7.2 Technical and Organizational Determining Factors 423 6.7.3 Risk Analysis 424 6.7.4 Security Requirements 425 6.8 Exercise 6: Implementing the Subscenarios with WS-Security 426 6.8.1 Implementing the PurchaseOrder Service 426 10

6.8.2 Implementing the Shipping Service 434 6.8.3 Implementing the CreditRating Service 451 6.8.4 Implementing the PurchaseOrder Proxy 461 6.8.5 Implementing the ShippingService Proxy 469 6.8.6 Implementing the CreditRating Proxy 476 6.8.7 Testing the Scenario 486 6.9 Summary 491 Appehdi A Setting Up the Certificate Authority and Key Management in the Enterprise Scenario 497 A.1 Installing the Certificate Authority 499 A.1.1 Installing and Configuring OpenSSL 499 A.1.2 Creating the Signature Key and the Root Certificate for the Certificate Authority 500 A.1.3 Importing the Root Certificate into the Windows Certificate Store 501 A.2 Creating the SecureSale SSL Key Pair for Apache Tomcat 504 A.2.1 Creating the Self-Signed SSL Key Pair 504 A.2.2 Creating the Certificate Request 505 A.2.3 Certifying the Certificate at the Certificate Authority 505 A.2.4 Importing the Root Certificate into the Java Keystore 506 A.2.5 Importing the Certified SSL Certificate into the Java Keystore 507 A.3 Setting Up the SSL Server for SecureSale in SAP NetWeaver Application Server Java 507 A.3.1 Installing the JCE Unlimited Strength Jurisdiction Policy 508 A.3.2 Installing the SAP Java Cryptographic Toolkit 509 A.3.3 Importing the CA Root Certificate 510 A.3.4 Creating the Self-Signed SSL Key Pair 511 A.3.5 Creating the Certificate Request 511 A.3.6 Certifying the SSL Key Pair at the Certificate Authority 512 11

A.3.7 Importing the Certified SSL Key Pair 512 A.3.8 Activating the New SSL Key Pair 513 A.3.9 Testing the New SSL Key Pair 514 A.4 Setting Up the SSL Server for SecureShipping in the SAP NetWeaver Application Server ABAP 515 A.4.1 Installing the SAP Cryptographic Library 516 A.4.2 Creating the Self-Signed SSL Key Pair 517 A.4.3 Importing the CA Root Certificate 517 A.4.4 Creating the Certificate Request 518 A.4.5 Certifying the Key Pair at the Certificate Authority 518 A.4.6 Importing the Certified Certificate 519 A.4.7 Activating the Changes 520 A.5 Creating the CompSOA SSL Key Pair 521 A.5.1 Creating the Self-Signed SSL Key Pair 521 A.5.2 Creating the Certificate Request 522 A.5.3 Certifying the Key Pair at the Certificate Authority 522 A.5.4 Importing the Root Certificate into the Keystore 522 A.5.5 Importing the Certified SSL Key Pair 522 A.6 Creating the SecureSale Web Service Key Pairs for Signatures and Encryption in the SAP NetWeaver Application Server Java 522 A.6.1 Creating the Self-Signed Signature Key Pair 523 A.6.2 Creating the Certificate Request for the Signature Key Pair 524 A.6.3 Certifying the Signature Key Pair at the Certificate Authority 524 A.6.4 Importing the Certified Signature Key Pair 524 A.6.5 Creating the Self-Signed Key Pair for Encryption 525 A.6.6 Creating the Certificate Request for the Key Pair 525 A.6.7 Certifying the Key Pair at the Certificate Authority 526 A.6.8 Importing the Certified Key Pair 526 A.7 Creating the CompSOA Web Services Keystore 526 A.7.1 Creating the Self-Signed Signature Key Pair 527 12

A.7.2 Creating the Certificate Request for the Signature Key 527 A.7.3 Certifying the Signature Key Pair at the Certificate Authority 528 A.7.4 Importing the Root Certificate into the Keystore 528 A.7.5 Importing the Certified Signature Key Pair 528 A.7.6 Importing the Certified SecureSale Certificate 528 A.8 Creating the SecureShipping Web Service Key Pair for Signatures 529 A.8.1 Creating the Self-Signed Signature Key Pair 529 A.8.2 Creating the Certificate Request for the Signature Key Pair 530 A.8.3 Certifying the Signature Key Pair at the Certificate Authority 530 A.8.4 Importing the Certified Signature Key Pair 530 A.9 Creating the TrustedBank Web Service Signature Key Pair 531 A.9.1 Creating the Signature Key Pair 531 A.9.2 Certifying the Key Pair at the Certificate Authority 532 A.9.3 CreatingthePKCS#12File 532 A.9.4 Importing the Certified Key Pair into the Windows Certificate Store 532 A.9.5 Importing the Signature Certificate into the SecureSale Keystore 533 B Referenced Literature 535 C The Author 539 Index 541

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information