The following article lists the details of the new features and changes in SAP NetWeaver Single Sign-On 2.0.
Single Sign-On Based on Kerberos
SPNEGO for SAP NetWeaver Application Server ABAP
Windows Kerberos authentication using web interface of SAP NetWeaver Application Server ABAP.
Supported versions of SAP NetWeaver Application Server
See SAP Note 1798979 for details
Secure Login Client
Client application which uses existing or provides new security tokens (Kerberos and X.509) for a variety of applications.
Installer based on SAP setup
- Now uses SAP standard installation engine now
- Allows for integration into SAP GUI installation packages
Enhanced platform support
- Windows 8, Windows Server 2012 (WTS, CITRIX).
Additional languages
- EN, DE, JP, FR, PT, RU, ZH, ES
Accessability support
- High contrast, screen reader, keyboard navigation, tool tips
Secure Login Library
Cryptography and Security Library for SAP NetWeaver ABAP.
Performance improvement
- Optional use of INTEL AES-NI (hardware encryption) on Microsoft Windows and Linux platforms
Command line tools redesigned
- Usability improvements and compatibility with SAPCRYPTOLIB through extended SAPGENPSE utility
- See Secure Login Implementation Guide for details
Single Sign-On Based on X.509 Certificates
Secure Login Client
Client application which uses existing or provides new security tokens (Kerberos and X.509) for a variety of applications.
Enhanced integration with SAP NetWeaver Business Client
- See Secure Login Implementation Guide for details
Installer based on SAP setup
- Using SAP standard installation engine now
- Allow to integrate into SAP GUI installation packages
Enhanced platform support
- Windows 8, Windows Server 2012 (WTS, CITRIX).
Additional languages
- EN, DE, JP, FR, PT, RU, ZH, ES
Accessability support
- High contrast, screen reader, keyboard navigation, tool tips
Secure Login Server
Central service running on SAP NetWeaver JAVA which provides X.509v3 certificates to users and application servers.
Enhanced authentication mechanism
- Login modules provided by the AS Java can be used for authentication
Secure Login administration console in WebDynpro
- Completely redesigned UI based on SAP NetWeaver standards
- Additional languages
- EN, DE, JP, FR, PT, ZH, RU
Deeper integration into SAP NetWeaver stack
- Integrate into SAP NetWeaver key and certificate store
- Integrate into SAP NetWeaver logs and traces
- Integrate into SAP NetWeaver configuration
- Benefit from standard NetWeaver tools and features like backup and restore, high availability and clustering, monitoring
Improved X.509 attribute configuration
- Selected LDAP attributes can be used
- Enhanced mapping options in certificates (example Subject Alternative Names)
X.509 user certificate propagation to UME
- Store issued user certificates in SAP NetWeaver UME entry of respective user
X.509 compliance enhancement
- Store user certification requests and issued user certificates in file system
Enhanced group profile configuration for Secure Login Client
- Define arbitrary groups of client authentication profiles; these groups can be assigned to different users
PKI migration wizard
- Import certificates and keys from Secure Login Server 1.0
Secure Login Web Client
- Apple key chain support on Mac OS X
- Enhanced browser support
- Mozilla Firefox 17 ESR, Microsoft Internet Explorer 10
- Enhanced platform support
- Windows 8, Windows Server 2012, Mac OS X 10.7/10.8
- Web adapter (Web Client interface to Secure Login Client)
- Secure Login Client manages certifcate requests
- Reuse of SAP NetWeaver Portal authentication
- Seamless and silent integration of Web Client or Web Adapter into the SAP NetWeaver Portal
Re-certification of RSA Authentication Manager / SecurID solution
Secure Login Library
Cryptography and Security Library for SAP NetWeaver ABAP.
Performance improvement
- Optional use of INTEL AES-NI (hardware encryption) on Microsoft Windows and Linux platforms
Command line tools redesigned
- Usability improvements and compatibility with SAPCRYPTOLIB through extended SAPGENPSE utility
- See Secure Login Implementation Guide for details
ABAP STRUST compatibility
- Enhanced PSE management
- Better support of STRUST PSE files and credentials
Single Sign-On Based on SAML
Identity Provider
Central service running on SAP NetWeaver JAVA which provides SAML 2.0 tokens for Web-based Single Sign-On.
Full IDP proxy support
- See the IDP blog for details. It includes also a link to the IDP implementation guide which provides further information
SCIM support
- Cloud to on-premise user connector
- See the SCIM blog for details
Support of pluggable attribute providers
- Used to add assertion attributes that are not based on UME user attributes, groups or roles
- See the IDP blog for details
Application Server Java / Identity Provider
Enhanced SAML 2.0 identity federation
- See SAML Wiki for details
High-performance Service Provider & Identity Provider
- Significant improvement for both SP & IDP
- See the IDP blog for details
Single Sign-On Based on UserID/Password
Password Manager
Single Sign-On based on user ID and password.
- New product name
- The name of the component “Enterprise Single Sign-On” has been changed to “Password Manager”
- Feature enhancements
- New UI design
- New categories of data that can be securely stored (notes, credit card details, and identities) including live search across all categories
- New mechanism for web site registration
- Basic authentication support, and support for more uncommon login triggers
- New encryption mechanism and XML-based format for the password store
- Built-in password generator
- TCO reduction
- SAP setup installer (attended/unattended installation)
- Enhanced platform support
- Windows 8 (desktop/classic mode only)
- Enhanced browser support:
- Mozilla Firefox 17 ESR
- Microsoft Internet Explorer 10 (Windows 8 only)
Additional languages
- EN, DE, JP, FR, PT, RU, ZH, ES
General
- FIPS 140-2 certification for crypto kernel
- Certification process is on going
- See the FIPS blog for more details