Re-authenticate or provide additional credentials to access sensitive data

Hi,
I am wondering if anyone has ever come across a scenario in SAP where a user is asked to provide an additional logon (perhaps a PIN number or asked to re-enter their password) in order to access sensitive data in the system? I was recently asked this question and in my 15 years of working with SAP I can't recall ever seeing such a scenario.
An equivalent scenario which I see in my daily life is when I use my internet banking and I want to increase my daily transfer limits. When I go to this part of the site it asks me to provide a special code that they send to me via SMS.
The only thing that came to my mind was Firefighter, where you can get temporary higher level privileges but this is more in a technical support role.
Does anyone have any thoughts on this?
Thanks in advance,
Simon

Hello Simon,
If you are talking about web access to the system then this scenario can be implemented when SAML 2.0 is used. For a web application which provides sensitive data you can either force re-authentication with a password or require specific SAML 2.0 authentication context means authentication method, e.g. PIN. In this case even the user is authenticated with the ABAP system when he navigates to such application he will be redirected to the SAML 2.0 identity provider (IDP) to re-authenticate, either with a password or with a PIN. If you are interested in further details let me know.
http://help.sap.com/saphelp_ca_cpd102/helpdata/en/4a/b5ef3222526d6de10000000a42189c/content.htm?frameset=/en/46/631b92250b4fc1855686b4ce0f2f33/frameset.htm
Regards,
Dimitar
P.S. SAP provides SAML 2.0 compliant IDP which can easily be extended to support any authentication method using JAAS login modules: http://scn.sap.com/community/netweaver-sso/blog/2013/02/28/competitive-advantages-of-sap-identity-provider. With the next SP of NW SSO we plan to support by default also authentication with time-based one-time passwords (TOTP) - http://tools.ietf.org/html/rfc4226.

Similar Messages

  • Error encountered while signing: The Windows Cryptographic Service Provider reported an error: Access was denied because of a security violation. Error Code: 2148532330

    Last night when i tried to sign a document i received the mesage below and after that it says this document can't be signed what can i do to fix this problem.
    Error encountered while signing:
    The Windows Cryptographic Service Provider reported an error:
    Access was denied because of a security violation.
    Error Code: 2148532330

    I assume you are implying "biztax" application here, right?
    I have contacted their program lead, with no result at all.
    Past days I have been searching for a solution - reinstalls / new systems - no solution.
    This issue appeared a week or two ago only.
    I found http://forums.adobe.com/message/5338853 useful - but no positive results either.
    http://test.eid.belgium.be/faq/faq_nl.htm obviously didnt help either.
    If anyone finds a solution to this issue, please do let me know - any help is appreciated.
    Biztax tells to use the "signature", not the "authentication"  - but it is only Auth. that is showing up as option to sign (that works)
    ps, did you fiddle with the Adobe Reader XI security settings and import that PKI etc as well? I hoped that would be the breaktrough. Sadly i'm still crying in my chair.
    Oh, and dont forget: they claim nobody else got this issue. Maybe one or two people. (We got about 8 customers experiencing exactly the same symptoms at the same time )
    >  I noticed that when I try to open the pdf  document that is 'signed' by the government it is not showing the filename in the title bar, but only " - Adobe Reader".    every piece of info helps I guess.
    Obviously last version of Reader   11.0.03

  • Force to ask Credentials while accessing a share

    How do I force windows to ask for credentials whenever I connect to a share or whenever I access a share folder?

    maybe this thread will help you to do workaround
    http://superuser.com/questions/722153/in-windows-8-1-how-to-force-prompt-for-credentials-when-accessing-a-shared-fold
    go to computer management  > shared folders > session, and disable guest account

  • Without providing access of mass storage,allow access of data card or local printer ,

    Hello,
    Pls assist in exploring the possibility to allow access of data card or local printer  without providing access of mass storage.
    Balwan Singh

    Hello Balwan Singh,
    You can use two methods on is using Administrative Template and the other is using Preferences, both are available within the GPO in Domain Controllers with 2008 and later.
    Option 1: Administrative Template.
    This setting can be configured either at Computer or User level.
    You need to go to:
    Computer or User Configuration\Policies\Administrative Templates\System\Removable Storage Access
    In here you can Enable the setting "Removable Disks: Deny read access" or "Removable Disks: Deny write access" 
    Just be aware that this settings does not apply to a servers at a "User Configuration" level.
    Option 2: Preferences.
    This setting can be configured either at Computer or User level.
    You need to go to:
    Computer or User Configuration\Preferences\Control Panel\Devices
    In here you need to create a new item as follows:
    - Right click and select new --> Device
    - On General Tab you can select two "Action" options "Use this device (enable)" or "Do not use this device (disable)" in this case you should use the second option "Do
    not use this device (disable)"
    - On "Device class:" you can browse the devices attached to the computer from where you are configuring this GPO.
    In this list yo need to choose the "Universal Serial Bus controllers" node and among the options listed in here you should choose the "USB Mass Storage Device" which is the class used for USB drives.
    Remember that if you are configuring the GPO from a domain controller probably you do not see the "USB Mass Storage Device" in the "Universal
    Serial Bus controllers" node since there does not exists a USB drive directly attached to your domain controller.
    You can workaround this by either connect a USB drive to your Domain Controller or connect with the Group Policy Management Console (GPMC.msc) from a workstation on which you can safely plug a USB drive just to be able to visualize it and configure your GPO.
    Related Info:
    Configure a Device Item
    https://technet.microsoft.com/en-us/library/cc771861.aspx?f=255&MSPPError=-2147217396
    I hope this info help you to reach yor goal. :D
    5ALU2 !

  • Can i use the time capsule 2tb as a internet provider without having internet access?

    Can i use the time capsule 2tb as a internet provider without having internet access?

    Nope, the time capsule is a router, but it will still need access to the outside world (Internet) by way of a modem.

  • Trying to purchase Lion, but am asked "To use this apple ID you must first login to My Info Web page then provide additional security information.  It won't let me get there to provide info for this purchase?

    Trying to purchase Lion, but next window ask that I must login to my info web page to provide additional security info, in order to use this apple ID.  But the next page says that Safari can't load.  I emptied the cache and reset, but lost as to what to do next in order to purchase lion?

    solved

  • Cannot access external data - xcelsius

    Hi All,
    We are currently building QAAWS connections based on the existing webI reports and universes (BO 4.1 SP2 & Dashboard Designer). However, while executing the dashboards on iPad we are getting an error message "cannot access external data". Please confirm if QAAWS is supported on iPads or not. If not, is there any SCN official PAM / document for the same. And, what is the workaround or alternative to QAAWS, since re-mapping is required for the existing dashboards as well.
    Best Regards,
    Sameer

    Hi Shwetha,
    Thanks for the needed details.
    I have gone through the SCN note 1970047 which talks about user id / pass should be hardcoded within your dashboard for QAAWS. However, I am still getting an error "Cannot Access External Data: Failed while trying to log on user Sameer. RFC error: Number:000 (USER_OR_PASSWORD_INCORRECT)" EVEN if I provide my enterprise credentials and click on preview. The same credentials works for me on BI Launchpad (same web server URL).
    Is there any permanent solution / alternate to this issue? We do have a generic enterprise ID, but I should not get the above mentioned error anytime.
    Best Regards,
    Sameer Sachdeva

  • ADF application to access WLS data source .

    Hi,
    I have developed an ADF application in Jdeveloper 10.3.3 and deployed on Weblogic server. Now I want my application to access the data from data source created in WLS. I have created a data source (ds_demo) using the WebLoigc server option Services -> JDBC -> Data Sources.Target has been set to the default server where application is running.
    Now I want application to access the database over the data source ds_demo. How can I do that?. Please provide any pointers.
    Thanks & Regards,
    MB

    You should be able to use Java code like this to directly obtain the WLS data source if you're using a POJO/DAO :
    Context ctx = null;
    DataSource ds;
    Hashtable ht = new Hashtable();
    ht.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
    ht.put(Context.PROVIDER_URL, "t3://localhost:7001");
    ctx = new InitialContext(ht);
    ds = (DataSource)ctx.lookup("DataSourceJNDINameHere");
    This assumes you're deploying this on the same server hosting the datasource and that it's on port 7001.

  • Excel, PowerView error in SharePoint 2013: "An error occurred while loading the model for the item or data source 'EntityDataSource'. Verify that the connection information is correct and that you have permissions to access the data source."

    I've installed SQL Server 2012 SP1 + SP server 2012 + SSRS and PowerPivot add-in.
    I also configured excel services correctly. Everything works fine but the powerview doesn't work!
    While I open an excel workbook consist of a PowerView report an error occurs: "An error occurred while loading the model for the item or data source 'EntityDataSource'. Verify that the connection information is correct and that you have permissions
    to access the data source."
    error detail: 
    <detail><ErrorCode xmlns="http://www.microsoft.com/sql/reportingservices">rsCannotRetrieveModel</ErrorCode><HttpStatus xmlns="http://www.microsoft.com/sql/reportingservices">400</HttpStatus><Message xmlns="http://www.microsoft.com/sql/reportingservices">An
    error occurred while loading the model for the item or data source 'EntityDataSource'. Verify that the connection information is correct and that you have permissions to access the data source.</Message><HelpLink xmlns="http://www.microsoft.com/sql/reportingservices">http://go.microsoft.com/fwlink/?LinkId=20476&amp;EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&amp;EvtID=rsCannotRetrieveModel&amp;ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&amp;ProdVer=11.0.3128.0</HelpLink><ProductName
    xmlns="http://www.microsoft.com/sql/reportingservices">Microsoft SQL Server Reporting Services</ProductName><ProductVersion xmlns="http://www.microsoft.com/sql/reportingservices">11.0.3128.0</ProductVersion><ProductLocaleId
    xmlns="http://www.microsoft.com/sql/reportingservices">127</ProductLocaleId><OperatingSystem xmlns="http://www.microsoft.com/sql/reportingservices">OsIndependent</OperatingSystem><CountryLocaleId xmlns="http://www.microsoft.com/sql/reportingservices">1033</CountryLocaleId><MoreInformation
    xmlns="http://www.microsoft.com/sql/reportingservices"><Source>ReportingServicesLibrary</Source><Message msrs:ErrorCode="rsCannotRetrieveModel" msrs:HelpLink="http://go.microsoft.com/fwlink/?LinkId=20476&amp;EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&amp;EvtID=rsCannotRetrieveModel&amp;ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&amp;ProdVer=11.0.3128.0"
    xmlns:msrs="http://www.microsoft.com/sql/reportingservices">An error occurred while loading the model for the item or data source 'EntityDataSource'. Verify that the connection information is correct and that you have permissions to access the
    data source.</Message><MoreInformation><Source>Microsoft.ReportingServices.ProcessingCore</Source><Message msrs:ErrorCode="rsErrorOpeningConnection" msrs:HelpLink="http://go.microsoft.com/fwlink/?LinkId=20476&amp;EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&amp;EvtID=rsErrorOpeningConnection&amp;ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&amp;ProdVer=11.0.3128.0"
    xmlns:msrs="http://www.microsoft.com/sql/reportingservices">Cannot create a connection to data source 'EntityDataSource'.</Message><MoreInformation><Source></Source><Message>For more information about this error navigate
    to the report server on the local server machine, or enable remote errors</Message></MoreInformation></MoreInformation></MoreInformation><Warnings xmlns="http://www.microsoft.com/sql/reportingservices" /></detail>
    Please help me to solve this issue. I don't know if uploading the excel workbook is enough or maybe It needed to connect to another data source.
    I Appreciate in advance.

    Hi Ali.y,
    Based on the current error message, the error can be related to the
    Claims to Windows Token Service (C2WTS) and is an expected error under certain conditions. To verify the issue, please check the aspects below:
         1. The C2WTS Windows service and C2WTS SharePoint service are both running.
         2. Check the SQL Server Browser service is running on the machine that has the PowerPivot instance of SSAS.
         3. Check the domain. You're signing into SharePoint with a user account in some domain (call it Domain A).  When Domain A is equal to Domain B which SharePoint server itself is located (they're the same domain), or Domain
    A trusts Domain B.
    In addition, the error may be caused by Kerberos authentication issue due to missing SPN. In order to make the Kerberos authentication work, you need to configure the Analysis Services to run under a domain account, and register the SPNs for the Analysis
    Services server.
    To create the SPN for the Analysis Services server that is running under a domain account, run the following commands at a command prompt:
    • Setspn.exe -S MSOLAPSvc.3/Fully_Qualified_domainName OLAP_Service_Startup_Account
    Note: Fully_Qualified_domainName is a placeholder for the FQDN.
    • Setspn.exe -S MSOLAPSvc.3/serverHostName OLAP_Service_Startup_Account
    For more information, please see:
    How to configure SQL Reporting Services 2012 in SharePoint Server 2010 / 2013 for Kerberos authentication
    Regards,
    Heidi Duan
    Heidi Duan
    TechNet Community Support

  • "Exception Processing Message" error when clicking the Accessing Server Data link on the start page

    When I first started the application, I click the Accessing Server Data link on the start page.  I immediately got the error "Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c in a dialog box titled "Windows - No Disk".  I had to used Task Manager to remove the box after closing Flash Builder 4.  I then tried the video tutorial on "PHP Services in Flash Builder 4".  I keep receiving an error during service introspection trying to connect to the PHP class.  It was the same error as the other individual "Cannot Connect to PHP Service".  So I tried another tutorial and generated a sample PHP class.  I moved a datagrid on to the stage, droped in the getAllItems function, and configured the return type.  However, when I ran the app, I received the same error "Exception Processing Message" again.  I have attached the screenshot of the error in addition to my phpinfo and log files.

    "The exception process message" is definitely a issue. Is it happening consistently, if so can you file a bug at bugs.adobe.com/flex and give out your machine config details, and the error log.
    With regards to generating a new php file and the introspection error that you are getting, looking at the logs it probably is two fold.
    First off the name of the file and the class name should be the same, are you having employeeServices as the name of the class in employeeServices.php file.
    Second, It seems prior to generating this new file, you had a syntax error at line 5.
    It would be easier to figure out what the error is, if you can also attach the php file, by removing any sensitive information in that.
    Hope this helps.
    Thanks
    -Sunil

  • Direct access of data in BI 7.0

    Hi,
        In  real time data acquisition, usually a remote provider in BI can only get data that supports direct data access.
      For enabling this feature, we should goto Data source>>Extraction tab>> "check"  the  check box:Direct data access:allowed. By checking this, the "real time data acquisition is supported " option should be visible.
       But, inspite of checking the check box:Direct access:allowed ,  it  is showing "real time data acquisition is not  supported " . How do I resolve this .
    Any help is appreciated.

    Check this: Re: New GL cubes 0FIGL_V10, 0FIGL_V11
    Hope it helps...

  • Can we open a URL link from an RFC and access the data in the link.?

    Can we open a URL link from an RFC and access the data in the link.
    I have the following scenario.
    I have a URL link and it opens a KM folder in the Portal server and I need to put a PDF file in that KM folder
    Can we do that with the help of an RFC, can we deal with Links in RFC, is there any such FM??
    Regards

    >
    SAP LEARNER wrote:
    > Can we open a URL link from an RFC and access the data in the link.
    >
    > I have the following scenario.
    >
    > I have a URL link and it opens a KM folder in the Portal server and I need to put a PDF file in that KM folder
    >
    > Can we do that with the help of an RFC, can we deal with Links in RFC, is there any such FM??
    >
    > Regards
    I guess you are trying to connect from the R3/ECC to the Portal Server.
    Are these two systems in the same network? Do you have usernames (valid and fully authorized) in both systems? What is the OS on which these two systems are housed?
    Please provide these details to proceed further.
    Regards
    Sabu

  • Managed Metadata fields using "entire path to the term" - how can I access this data?

    We are trying to make it easier for our users to enter metadata, so the hierarchy is really useful and we can display it as the "full path to the term".
    eg. country, region, town
    But there are times when we need an individual piece of data like region.
    Calculated fields do not work. :-(
    So I have been trying to access the data from a SharePoint Designer Workflow.
    But - I can only get to the leaf node element - the last value from the selection.
    Does anyone know a trick to get the full hierarchy string of Country-region-town???
    Many Thanks
    Ruth
    Ruth, UK

    Hi Ruth,
    Per my knowledge, there is no OOB way to retrieve the entire path of the managed metadata column value.
    However, you can use the code sample to get the Managed Metadata Hierarchy, please refer to the link below:
    http://msdn.microsoft.com/en-us/library/ff823725.aspx
    More reference:
    http://zimmergren.net/technical/sp-2010-introduction-to-programmatically-working-with-taxonomies-in-sharepoint-server-2010
    Thanks,
    Victoria
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Victoria Xia
    TechNet Community Support

  • I designer I want to create forms for web client, does each client have to purchase form central to access the data?

    I designer I want to create forms for web client, does each client have to purchase form central to access the data?

    Hi,
    In this scenario, you can share the document with the clients to and provide co-author privileges.
    Co-authors can edit the form design, options, responses, and summary report (everything that you can do).
    Note:- They do not require a paid subscription to view the responses, free subscription users can become co-authors.
    Please refer to the following thread to know how to share a form with others:-How do I share a form I created with others?
    Regards,
    Nakul

  • Best method to access archived data

    We are archiving off General Ledger data from JRNL_LN and JRNL_HEADER from our production system to a reporting environment. The customer wants to have a content reference that will allow them to read the archived journal data in the other environment. The requirement is to have the same page that is used under General Ledger--Journals--Journal Entry--Create Journal Entries--Find an Existing Value. This screen provides a link to journals where you can view detailed journal information including approvals and attachments for the journal. It will need to be read only and display the archived journal data that resides in the reporting environment. I did some research and was thinking of creating a whole new component consisting of all the pages in the JOURNAL_ENTRY_IE component. This presents a problem though. The archived tables will not be the same name (JRNL_LN and JRNL_HEADER). For reasons, these table names will be changed (something like JRNL_LN_HST). There is a ton of PeopleCode that references the JRNL_LN and JOURNAL_HEADER records and fields. There is also the FUNCLIB_GL library that includes a bunch of references to the table fields as well. I would have to create copies of all the pages, update them with the correct table/field names and copy the FUNCLIB_GL library as well and rename all the references. This would be a huge undertaking. What would be the best approach to providing a read only screen for data that resides in a separate environment? They want the same screen to be used that is used in the production environment (listed above) that is used for reading GL data and making changes. Any thoughts?
    Edited by: charlesd81 on Apr 15, 2011 6:54 PM
    Edited by: charlesd81 on Apr 15, 2011 6:56 PM

    Is your reporting environment another PeopleSoft database or just a collection of archive tables?
    If it is a PeopleSoft database, you could keep the table names the same and run the same journal entry component in the reporting database. If users want to get to it directly from the production system, you could configure single sign-on and connect to the component in the reporting database from production.
    Note that there are additional tables that you should probably be archiving in addition to the header and lines. Some are probably not used, but you will probably have data in the JRNL_CF_BAL_TBL.
    You would have to be very careful to set security correctly in the reporting database so users don't accidently enter new journals in the wrong system. Customizing the page title, background color, etc. to provide visual cues would also help.
    Regards,
    Bob

Maybe you are looking for

  • Since upgrading to OS 10.8.5 login keychain corrupted keeps asking for password for OSX, mail and Safari. Solutions?

    Ever since upgrading to OS 10.8.5 login keychain corrupted; keeps asking for pasword tor OSX, mail and Safari. Help!

  • Changing starting page number in CS4

    Hi, As the title suggests I want to change the starting page number using javascript. I know in CS5 you can use app.activeDocument.documentPreferences.startPageNumber = myNum but I can't seem to find the equivelant method for CS4. I can find the star

  • I want to delete all firefox screen savers

    They are black and white no colours except the fox and I do not want aNY of them I have tried going to the folder - roaming mozilla firefox and deleting - but thaT DOES NOT WORK - i SET UP wINDOWS and they are what I want - windows themes are real pi

  • Instance names in 'submovies'?

    hello, i'm unsure of how to reference an instance name if that instance is in a movieclip that is placed in the main movie. i have a UIscrollbar component on the stage, the movie that displays correctly in here is called mc_mySubMovie mc_mySubMovie h

  • I need help with the disk use..

    So I corrupted my ipod.. and i went from 1200 to 60 songs.. but i was trying to figure out now how to use the ipod as a disk. I dl the new itunes.. and updated my ipod. Now i pull up the ipod tab and it wont let me check enable disk use. Its already