KnowCardSAP S/4HANA Administration
Authentication, SSO & Communication Security
34 flashcards · answers and review in the app
What does single sign-on (SSO) give users, and what's a common enterprise implementation?
How does SAP Single Sign-On differ in scope from SAP Cloud Identity Services?
What is Kerberos, and why is it unsuitable for internet-facing scenarios?
What is SAML 2.0 used for, and what role does S/4HANA play in it?
What does Kerberos SSO require in Active Directory for the SAP system?
How is an AD identity mapped to an SAP user, and how do you set it for all users at once?
What multifactor and SSO mechanisms does the Identity Authentication service support?
How do you stop forcing a password change at first login for users connecting via Identity Authentication?
What are the three key-exchange methods, and how do they trade off?
In asymmetric encryption, whose key does a sender use, and who can decrypt the message?
How does the SSL handshake combine asymmetric and symmetric encryption?
What does the CommonCryptoLib provide, and how do you check its version?
What does icm/HTTPS/verify_client control, and what do values 0, 1, and 2 mean?
What is the SAP Web Dispatcher, and when is it mandatory?
Why should is/HTTP/show_detailed_errors stay disabled?
How is the SAP Web Dispatcher administered, and how should the web admin interface be secured?
Which PSEs does the SAP Web Dispatcher use as an SSL server vs an SSL client?
Why are logon tickets not recommended for SSO, and what should you use instead?
What three elements make up securing communication?
How does a communication partner verify a digital (X.509) certificate?
At what layer does SSL operate, and what authentication modes does it support?
What does STRUST manage, and what is a PSE?
How is the SAP Web Dispatcher installed, and what about its release vs the SAP kernel?
How does one SAP Web Dispatcher front multiple SAP systems, and how are conflicts resolved?
How does the SAP Web Dispatcher get server info and decide where to send a request?
Which sapwebdisp command-line options verify a configuration and generate a profile?
What does an X.509 certificate contain, and what does CA signing add over self-signing?
What are the three SSL PSEs — server, client standard, and client anonymous — each used for?
What two steps set up SAP GUI SSO with Kerberos, and what wizard configures SNC?
What are the common building blocks of any SSO solution?
What two components does SAP Cloud Identity Services provide?
What must be in place before configuring SAML2 in S/4HANA, and what wizard configures it?
What is a cipher suite, and which parameters set the SAP system's inbound vs outbound values?
How many certificate requests do you generate for app servers, and how does a system-wide PSE differ?