Electronic Signature extended to LDAP for SSO
The standard SAP electronic signature function supports a local and a remote ABAP password based "signature". This is configurable. In the case of SSO solutions, it is preferable to disable the ABAP password to prevent it from being used however the electronic signature function prevents this. An extension of the configuration to include a standard LDAP bind and / or custom coding to an authentication "service" would improve the security and usability of the electronic signature functionality.
Update: SAP has provided a BAdi as alternate (freely definable) method to authenticate users performing electronic signatures in SAP Note 1515711 - System signature does not support external authentication. Thank you SAP!
3 Comments
Unknown User (103mvuv4t)
I agree to Kristian Lehment's idea. It would be very helpful and make the functionality very versatile if the LDAP is made available as an option.
Wolfgang Janzen
Up to now, the NWAS ABAP does not support LDAP authentication.
So, it's not possible to use this authentication mechanism for programmatic authentication, either.
(Notice: the SNC libraries provided by SAP which utilized the Microsoft Windows SSPI are out of scope; programmatic authentication is not supported by SNC, in general).
In the future, SAML 2.0 might be supported by NWAS ABAP. In that case, it would be possible to use any authentication mechanism supported / provided by the SAML 2.0 Identity Provider (which could be also a 3rd party component, as long as it's standard-compliant).
Unknown User (xi418on)
Yes, if the functionality is provided it would definitely encourage companies towards SSO.