SSO Logon Ticket (I think)
source link: https://answers.sap.com/questions/13653209/sso-logon-ticket-i-think.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
So I've noticed an issue that maybe pertaining to a Session cookie or an SSO Logon Ticket. An employee (User A) logs into our SAP Enterprise Portal and accesses Fiori My Inbox from an URL iView tile. After clicking on that tile, a new tab opens which displays the My Inbox App Screen. If User A closes out of the My Inbox tab, their credentials are still somehow stored. This becomes a security issue because a separate user (User B) can logon to the EP and click on the My Inbox tab and can see all of User A's worklists, PCRs, etc. I have tried creating an UI5 iView but the settings and parameters have been a nightmare to try and configure. Is there a way to automatically log a user out of Fiori My Inbox once the tab is closed? Maybe a change on the UME side of the portal, if not a config within the gateway backend ABAP system? Please assist.
Derrick Chandler
BCS Systems Administrator, ERP
Hello Derrick,
This might occur only if both users are using the same computer, and sharing the same operating system login (and the latter would already be a concern from a security standpoint), correct? :-)
Regards,
Isaías
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK