Secure Login Web Client (SLWC): Future-Proof Architecture Update
SAP Single Sign-On 3.0 comes with a completely overhauled version of the Secure Login Web Client. The SSO developers built a new Web Client from scratch, doing away with outdated architectural concepts and creating an all-new, future-proof component.
What is the SLWC?
The Secure Login Web Client is a process of the SAP Single Sign-On solution that runs in a browser session (on-premise or cloud) and is capable of triggering authentication for a native client on the user’s desktop. For example, it can accept a SAML 2.0 assertion as security token and in return provision an X.509 certificate for single sign-on of desktop applications such as SAP GUI. The authentication in your browser is handled by an Identity Provider component.
But why is this such a special case that requires its own process? Security tokens used in browsers are not sufficient for SAP GUI authentication on the user’s desktop, because they don’t support adequate encryption of the communication channel – they simply don’t meet the high security requirements for SAP business system access. The SLWC can issue a personalized certificate which fulfills the requirements of all SAP frontends, even if they use Secure Network Communication (SNC) encryption – the authenticated user is granted seamless single sign-on to all SAP desktop applications.
Who uses it?
The SLWC offers a big benefit for customers who run a SAML 2.0 Identity Provider or Portal as their central authentication server.
Why did it need a make-over?
We noticed that the SLWC was gaining popularity as more and more SAP customers are moving to cloud-based environments, and are looking for ways to handle the initial user authentication through a Web application. The old version of the SLWC had some technical and platform-related restrictions and needed to undergo a complete architectural renovation to meet the needs of our customers now and in future SSO scenarios.
The SLWC before…
The previous version of SLWC was based on a Java applet; for some capabilities it used an ActiveX control. Both are phased-out technologies; support for Java applets has already been discontinued in many common Web browsers.
… and after!
The 3.0 version of SLWC no longer depends on Java or ActiveX, relying instead on the Secure Login Client. As a result, SLWC 3.0 is no longer limited to browsers that (still) support Java applets or even ActiveX, which significantly increases the number of browsers our customers can choose from. It’s also faster and leaner than the old version, which was made somewhat cumbersome by the Java applet processes.
For more information, read the documentation on the SAP Help Portal: http://help.sap.com/sso