Additional Blogs by Members
cancel
Showing results for 
Search instead for 
Did you mean: 
gregorw
Active Contributor
0 Kudos
Before I start, I want to send some special thanks to:

Introduction

The ABAP class implements a clients for the Yubico Web Service API in ABAP. To use this API, you must own a YubiKey. The YubiKey is a tiny USB device that gets recognized as a keyboard by the operating system. By touching the green glowing circle it issues a 128-bit AES encrypted one-time-password (OTP) which is inserted where your cursor was placed.

Check out the YubiKey product homepage for more information.

Prerequisites

  • You have developer access to a SAP Web Application Server ABAP (SAP WebAS ABAP). A trial version is available for download on the SDN download page
  • You own a YubiKey.

Installation

  • Download and extract the current version of yubico-abap from the project download page.
  • Extract the ZIP-file to a local folder
  • Install the nugget using SAPlink. The SAPlink extensions for the object types CLAS, FUGR, PROG and TABL must be installed.

Configuration

  • Apply for a Yubico API key at the online API key generator
  • Start transaction SE16 and add a new entry in the ZYUBIKEY_APIKEY table. It should look like that afterwards:
  • When your SAP WebAS is not directly connected to the Internet, you have to configure a HTTP Proxy Server. This can be done using Transaction SICF. In the main menu open Client -> Proxy Settings and configure your local proxy server in "HTTP Log" and "HTTPS Log".

Test

  • Start transaction SE37 and insert the function module name "Z_AUTH_YUBICO"
  • Click on the "Test" button or press F8
  • Check the flag "Uppercase/Lowercase"
  • Point the cursor to the "IV_TOKEN" field and touch your YubiKey
  • Click on the "Execute" button or press F8
  • The output should be like that:

Further development

The current clients implementation for the Yubico Web Service API in ABAP is only part of a complete authentication solution using YubiKey currently you rely on Yubico's infrastructure, which is free to use but could be a single point of failure. Yubico already provides a Java implementation of the YubiKey Validation Server. I think the only challenge to implement such a Validation Server in ABAP is the programming of the secure store of the shared key. If you're interested in such a project please contact me via the comment functionality of this blog or via my contact information you find on my SDN Business Card.

6 Comments