The official description of how to configure ME Login Module stack if you use POD on shared terminal is provided within section 4.3 of SAP ME 6.1 Security Guide.
This section provides additional illustration of the setup mentioned in the official SAP ME 6.1 Security Guide.
About Single Sign-On
SAP ME 6 supports the Single Sign-On (SSO) mechanisms provided by the SAP NetWeaver. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Application Server Security Guide also apply to SAP ME 6.
SAP ME 6 supports the use of logon tickets for SSO when using a Web browser as the frontend client. In this case, users can be issued a logon ticket after they have authenticated themselves with the initial SAP system. The ticket can then be submitted to other systems (SAP or external systems) as an authentication token. The user does not need to enter a user ID or password for authentication but can access the system directly after the system has checked the logon ticket.
For more details about user administration and authentication in ME 6 check Security Guide.
ME Login Module stack overview
There are 3 Login Modules in ME Login Module stack:
- EvaluateTicketLoginModule - it evaluates a ticket and fails the very first time you try to login.
- BasicPasswordLoginModule - it is responsible for logon screen and checks user name/password you enter.
- CreateTicketLoginModule* - it creates the ticket, which is valid by default 8 hours (the validity period if the ticket is configurable in configtool). Select the image to enlarge it.
Configure ME Login Module stack
If you use POD on shared terminal, it is recommend to turn SAP Logon Tickets feature off, since SAP ME is configured out-of-box with SAP Logon Ticket. In order to do that, the login module stack for SAP ME should only include BasicPasswordLoginModule in SAP NetWeaver User Authentication and Single Sign-On. To do that follow these steps:
- Logon NWA.
- Navigate to Configuration -> Security -> Authentication and Single Sign-On
- Erase 'Template' filter from Type column and refresh the list.
Select the image to enlarge it.
' Select the image to enlarge it.
- Press Edit button, remove EvaluateTicketLoginModule and CreateTicketLoginModule modules to leave BasicPasswordLoginModule only. Select the image to enlarge it.
- Save your changes.