The following article lists the details of the new features and changes in SAP NetWeaver Single Sign-On 2.0.

Single Sign-On Based on Kerberos

SPNEGO for SAP NetWeaver Application Server ABAP

• Supported versions of SAP NetWeaver Application Server

  • See SAP Note 1798979 for details

Secure Login Client

• Installer based on SAP setup

  • Now uses SAP standard installation engine now
  • Allows for integration into SAP GUI installation packages

• Enhanced platform support

  • Windows 8, Windows Server 2012 (WTS, CITRIX).

• Additional languages

  • EN, DE, JP, FR, PT, RU, ZH, ES

• Accessability support

  • High contrast, screen reader, keyboard navigation, tool tips

Secure Login Library

• Performance improvement

  • Optional use of INTEL AES-NI (hardware encryption) on Microsoft Windows and Linux platforms

• Command line tools redesigned

  • Usability improvements and compatibility with SAPCRYPTOLIB through extended SAPGENPSE utility
  • See Secure Login Implementation Guide for details

Single Sign-On Based on X.509 Certificates

Secure Login Client

• Enhanced integration with SAP NetWeaver Business Client

  • See Secure Login Implementation Guide for details

• Installer based on SAP setup

  • Using SAP standard installation engine now
  • Allow to integrate into SAP GUI installation packages

• Enhanced platform support

  • Windows 8, Windows Server 2012 (WTS, CITRIX).

• Additional languages

  • EN, DE, JP, FR, PT, RU, ZH, ES

• Accessability support

  • High contrast, screen reader, keyboard navigation, tool tips

Secure Login Server

• Enhanced authentication mechanism

  • Login modules provided by the AS Java can be used for authentication

• Secure Login administration console in WebDynpro

  • Completely redesigned UI based on SAP NetWeaver standards
  • Additional languages
    • EN, DE, JP, FR, PT, ZH, RU

• Deeper integration into SAP NetWeaver stack

  • Integrate into SAP NetWeaver key and certificate store
  • Integrate into SAP NetWeaver logs and traces
  • Integrate into SAP NetWeaver configuration
  • Benefit from standard NetWeaver tools and features like backup and restore, high availability and clustering, monitoring

• Improved X.509 attribute configuration

  • Selected LDAP attributes can be used
  • Enhanced mapping options in certificates (example Subject Alternative Names)

• X.509 user certificate propagation to UME

  • Store issued user certificates in SAP NetWeaver UME entry of respective user

• X.509 compliance enhancement

  • Store user certification requests and issued user certificates in file system

• Enhanced group profile configuration for Secure Login Client

  • Define arbitrary groups of client authentication profiles; these groups can be assigned to different users

• PKI migration wizard

  • Import certificates and keys from Secure Login Server 1.0

• Secure Login Web Client

  • Apple key chain support on Mac OS X
  • Enhanced browser support
    • Mozilla Firefox 17 ESR, Microsoft Internet Explorer 10
  • Enhanced platform support
    • Windows 8, Windows Server 2012, Mac OS X 10.7/10.8
  • Web adapter (Web Client interface to Secure Login Client)
    • Secure Login Client manages certifcate requests
  • Reuse of SAP NetWeaver Portal authentication
    • Seamless and silent integration of Web Client or Web Adapter into the SAP NetWeaver Portal

• Re-certification of RSA SecurID Authentication

  • See RSA SecurID Implementation Guide for details

Secure Login Library

• Performance improvement

  • Optional use of INTEL AES-NI (hardware encryption) on Microsoft Windows and Linux platforms

• Command line tools redesigned

  • Usability improvements and compatibility with SAPCRYPTOLIB through extended SAPGENPSE utility
  • See Secure Login Implementation Guide for details

• ABAP STRUST compatibility

  • Enhanced PSE management
  • Better support of STRUST PSE files and credentials

Single Sign-On Based on SAML

Identity Provider

Central service running on SAP NetWeaver JAVA which provides SAML 2.0 tokens for Web-based Single Sign-On.

• Full IDP proxy support

  • See the IDP blog for details. It includes also a link to the IDP implementation guide which provides further information

• SCIM support

  • Cloud to on-premise user connector
  • See the SCIM blog for details

• Support of pluggable attribute providers

  • Used to add assertion attributes that are not based on UME user attributes, groups or roles
  • See the IDP blog for details

Application Server Java / Identity Provider

• Enhanced SAML 2.0 identity federation

  • See SAML Wiki for details

• High-performance Service Provider & Identity Provider

  • Significant improvement for both SP & IDP
  • See the IDP blog for details

Single Sign-On Based on UserID/Password

Password Manager

Single Sign-On based on user ID and password.

• New product name
  • The name of the component “Enterprise Single Sign-On” has been changed to “Password Manager”
• Feature enhancements
  • New UI design
  • New categories of data that can be securely stored (notes, credit card details, and identities) including live search across all categories
  • New mechanism for web site registration
  • Basic authentication support, and support for more uncommon login triggers
  • New encryption mechanism and XML-based format for the password store
  • Built-in password generator
• TCO reduction
  • SAP setup installer (attended/unattended installation)
• Enhanced platform support
  • Windows 8 (desktop/classic mode only)
  • Enhanced browser support:
    • Mozilla Firefox 17 ESR
    • Microsoft Internet Explorer 10 (Windows 8 only)

• Additional languages

  • EN, DE, JP, FR, PT, RU, ZH, ES

General

• FIPS 140-2 certification for crypto kernel
  • Certification process is on going
  • See the FIPS blog for more details