>> EN | DE
   Home | WiseTest | Services | Products | References | News | Events | Partners   About Detack  
 
    IT Security Products
Detack Products Overview
sign IA Product Suite
Overall Modules
    Description
PIN / iTAN Authenticator
S-KPI SAP Benchmark

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Detack Products > sign IA Product Suite > Overall Modules Description


The "sign IA" (Integrated Authentication) offers a comprehensive set of security features by implementing security integration, authentication, application protection and specific product safety enhancements. The product suite is made up from different components:

 Core component
 Authentication Sources Plug-ins
 Web Security Gateway
 Network Security Server
 Application Adapters

CORE COMPONENT & Authentication Sources Plug-ins - The "sign IA" core component is responsible for the actual user authentication. It uses a plug-in based system in order to select an authentication source allowed for the user attempting logon. In case of a successful authentication, the core component generates a time-expiring, PKI-signed logon ticket. Besides authentication functions, the core component implements, depending on the authentication source, a number of self support functions, such as password change, account locking / unlocking, etc. The authentication sources - or plug-ins - are dynamically loaded and configured at runtime. Selected benefits:

 Integrated Authentication - No more system specific authentication is required, no more additional password databases.

 Trust Levels - Depending on where the user comes from, stronger (multiple factor) or more convenient authentication sources are permitted.

 Unlimited Authentication Sources - A number of popular authentication sources are supported by the default plug-ins: LDAP & ADS, RADIUS, RSA
    SecureID®, ActivCard®, SAP® via RFC, SAP® BAPI via RFC, SSL / smartcard, Oracle® specific & generic SQL credentials database storage. Detack
    also offers self-developed strong authentication sources, for example PIN / iTAN.

 Dynamic Configuration - Configuration changes, plug-in removal and installation, adding redundant systems can be performed with zero downtime.

 Asynchronous Operation - By treating each request asynchronously the system permits a practically unlimited growth.

 No Additional Licenses - The "sign IA" core component, as opposed to all of the other known authentication solutions supporting SAP®, does
    not require an SAP® system for generating the SSO2 logon tickets.

WEB SECURITY GATEWAY - The "sign IA" web security gateway is a combination of reverse proxy and application layer firewall, specifically designed for PKI ticket authentication and granular application access authorization. It offers a single point of access for all the web applications, eliminating the entire per-application authentication programming by implementing a universal access ticket. The web security gateway is fundamentally based and uses the authentication feature of the "sign IA" core element. Selected benefits:

 Application Layer Security - Only authenticated users gain access to the SAP® and non-SAP® applications that are members of the landscape.

 Integrated Authentication - No more application specific authentication is required, no more additional password databases, cost optimization.

 Granular Authorization - Per application access control is implemented just by changing configuration options & URL mappings.

 SAP® Enhancements - By implementing customized authentication tickets, it eliminates the risk of SAP® products security flaws (specifically ITS).

NETWORK SECURITY SERVER - The "sign IA" Network Security Server is a customised RADIUS server that enables network devices - such as firewalls, VPN Servers, routers, terminal services, and other network access mechanisms - to make use of "sign IA" authentication tickets in order to authenticate and control the users' network access. The network security gateway is fundamentally based and uses the authentication features of the "sign IA" core component. Selected benefits:

 Integrated Authentication - No more system specific authentication is required, no more additional password databases.

 Granular Authorization - Per device / area access control is implemented just by changing configuration options.

 Integration of Application and Network Layers - Combined with the web security gateway, all layers can use a single authentication system.

APPLICATION ADAPTERS - SAP® systems support by default the "sign IA" authentication tickets which are conforming to the SAP standard SSO2. The application adapters offer non-SAP applications the possibility of authenticating users based on the logon tickets, eliminating the need of any other authentication programming. The application authentication adapters are mostly provided by the application vendors; Detack GmbH provides adapters for any application where vendor ones are not available.

The applications supported out of the box are: SAP R3 ABAP (via DIAG, RFC), SAP WAS, SAP ITS (including integrated ITS from NetWeaver), SAP J2EE (SAP Enterprise Portal, SAP Exchange Infrastructure) and all other products that understand SSO2 tickets. Web applications supported via adaptors are: Apache 1.x & 2.x (and any application running on Apache), Microsoft® IIS (and any ASP / ASPX application), any Java-based web server and / or application. The web security gateway extends the support for practically any web based system. The network security server adds support for network services and terminal access.

 

This generic chart shows the logical components and the interfaces present in the"sign IA" landscape.

A typical SAP® centric environment is chosen as an example.

 
© 2000-2011 Detack GmbH. All rights reserved.