Skip to Content
Author's profile photo Martina Kirschenmann

SP5 for SAP Single Sign-On 2.0 Now Available

This week, SAP released the latest support package for SAP Single Sign-On 2.0. Support Package 5 contains a number of new features and functions as we continuously enhance the product to fulfill customer requests and upcoming security demands. Here is an overview of all that’s new with SP5:

Two-Factor Authentication

  • Support for 8-digit passcodes (SAP Authenticator mobile app)
  • Support strong digest algorithms (SHA-256 and SHA-512)
  • Two-factor authentication using out-of-band (OOB) tokens, such as SMS, Email or other

Mobile Single Sign-On

  • Option to use two-factor authentication for mobile single sign-on scenarios (use passcode as second factor in addition to initial authentication via password)

Enhanced Support of Risk-Based Authentication

  • Enhanced policies for risk-based / context-based authentication
  • Control the authentication process with a policy script (server-side JavaScript)
  • Risk-based authentication now also available for the Secure Login Server (in addition to the SAML Identity Provider)

SSH Agent Support for Secure Login Client

  • Secure Login Client can run as SSH agent, providing a secure way to use keys and certificates stored in the Microsoft Crypto Store for SSH public key authentication

RFID-Based User Identification

Please refer to the release note for detailed information on new features and fixes. Documentation for SAP Single Sign-On 2.0 is available at the SAP Help Portal.

You can download the support package from the SAP Service Marketplace (login required). Enjoy!

Assigned tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Stanislaw Przytulski
      Stanislaw Przytulski

      Great, I've just enabled SSH agent support within SLC, works great, but I want a password based authentication to be still available as a backup. I'm using RFID smart-card where my certificate's private key is stored, if I remove a card (this is to simulate a card loss or a broken reader) SLC is still waiting for a matching private key, instead of switching back to password based authentication. The only way to bypass this is to kill SLC process.

      That wouldn't have been a problem if I could disable ssh agent feature withing SLC in a fast manner, not having to edit registry key and re-login windows session...