Single sign on in event stream processor
I am using design studio 1.6 with SAP ESP 5.1 SP11. I have a ESP model running and I have build design studio dashboard on top of ESP.
When I run the dashboard it always keeps asking me for authorization of ESP server. I manually type the ID password and it works beautifully. I was wondering if I can turn on single sign on so that I don’t have to add that everytime I open design studio document.
another thing is, after publishing it on the BI launchpad portal when other users log in, what account will they use because in the cockpit I only see one account which I used at the time of installation of ESP.
Thanks a lot for help in advance.
I am Lin from ESP dev team. I try to answer your question here.
From the ESP Security guide, we can support below authentications:
- Kerberos – ticket-based authentication
- RSA – requires a key alias, a keystore containing a private key, and the password of the keystore
- SAP HANA – requires host and port information for the SAP HANA indexserver.
- Username/password, implemented using one of the following:
- LDAP credentials
- SAP BI credentials
- Native operating system credentials (native OS)
- Preconfigured username/password
By default installation, we set Native operating system credentials (native OS)
In this way, user can use the OS accounts user ID to do login.
Basically we don’t support “single sign on”, however user can use ESP Kerberos authentication to set up Single Sign on I think.
Another way, if user only need login to ESP without password. user may chose RSA authentication, for example: after setting the RSA Authentication , the user clients can do login like below :
- The ESP utilities (streamingupload, streamingplayback etc) or ESP ODBC can do RSA login with alias and the generated private key file !
- If it is java base application, user need alias+keystore+keystore password to do RSA login
Another thing, user definitely can create more login IDs for each authentication method, User also can add authorizations for each login ID, for example, some IDs can only do publish and some IDs can only do subscriber etc
For the authentication and authorization setting , we suggest to use cockpit to do that. however there are some command lines which also can do authentication and authorization setting.