Authentication and Single Sign-On

Patrick Hildenbrand NW PM Security, SAP AG

Agenda

Authentication and Identities Authentication with SAP
in a Web Based Scenario At the SAP GUI for Windows

Summary

© SAP AG 2005, Authentication and Single Sign On / Patrick Hildenbrand / 2

Authentication Identifies a Subject
In computer security, authentication is the process by which a computer, computer program, or another user attempts to confirm that the computer, computer program, or user from whom the second party has received some communication is, or is not, the claimed first party.

© SAP AG 2005, Authentication and Single Sign On / Patrick Hildenbrand / 3

Single Sign-On is a Specialized Form of Authentication Single Sign-On (SSO) is a specialized form of authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.

Intranet

CRM

Authentication to: Portal WebAS Local system

cess Ac

ERP

Internet

Authenticate only once
© SAP AG 2005, Authentication and Single Sign On / Patrick Hildenbrand / 4

Groupware

Other...

Why Use Single Sign-On? Typical situation In a complex system landscape an employee has many user IDs with different passwords Different procedures for each system to roll-out. Authentication and Single Sign On / Patrick Hildenbrand / 5 . reset and change new / existing passwords Users find continuous password changing for many systems annoying Problems High administration cost and effort Security risk: Users write passwords down and store them where they can easily be found Solution: Single Sign-On Users only have to remember one password to gain access to every system Administration costs and efforts are drastically reduced © SAP AG 2005.

.What the User Wants … Portal WebAS ITS Intranet CRM Access ERP Internet Groupware Other. Authentication and Single Sign On / Patrick Hildenbrand / 6 . Authenticate once © SAP AG 2005..

What the Administrator Wants … Central user management Single point of administration Assign user rights in various applications with one keystroke Lock or delete users centrally Central user repository Avoid redundant user information Easy De-Provisioning © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 7 .

Agenda Authentication and Identities Authentication with SAP in a Web Based Scenario At the SAP GUI for Windows Summary © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 8 .

Web-Based Authentication Methods Anonymous/guest access User ID / password Form-based * Basic authentication * X.509 certificate information forwarding) Enterprise Access Management .EAM Security Assertion Markup Language (SAML – only Java) Through Pluggable Authentication Services (PAS – only external ITS) Through Java Authentication and Authorization Services (JAAS – only Java) Java * SAP WebAS 640 Java or SAP Enterprise Portal 6 > SP3 Only authentication.509 digital certificates SAP Logon Tickets External authentication methods HTTP header variable authentication (not ABAP except for X. not Single Sign-On © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 9 .

Authentication and Single Sign On / Patrick Hildenbrand / 10 ..509 Client Certificates – SSO Process Authentication occurs using SSL with mutual authentication User possesses a public / private key pair and public-key certificate Intranet CRM ERP SL S Internet SS L Access SSL Groupware Other.509 Client Certificate © SAP AG 2005. X..X.

encrypted secret key and list of supported crypto algorithms Sends back confirmation Alice Private Public Secret Session established …using symmetric encryption Private Public Secret © SAP AG 2005. sends his certificate . Authentication and Single Sign On / Patrick Hildenbrand / 11 .509 Certificates Mutual authentication between Alice and the server The SSL – Process: Client sends „Hello“-message to server Server sends his certificate and asks for client cert.Authentication and SSL with X.

509 Certificates X. Authentication and Single Sign On / Patrick Hildenbrand / 12 .509 certificates (“digital certificates”) can be used both for initial authentication and for successive Single Sign-On Each certificate includes: Name CA name Validity period Public key © SAP AG 2005.X. client or mutual authentication and encryption Uses both symmetric and public-key encryption for protection X.509 certificates are used for Secure Sockets Layer (SSL) based communications: Internet standard for secure HTTP connections Provides for server.

Authentication and Single Sign On / Patrick Hildenbrand / 13 .Obtaining a X.509v3 compliant Various options possible: Using SAP Trust Center Service For SAP users only Free of charge Portal server acts as Registration Authority (RA) Setting up internal PKI system Buy software from CA product vendor Using external PKI system Contract with Trust Center Service © SAP AG 2005.509 Certificate Digital certificates must be X.

Authentication and Single Sign On / Patrick Hildenbrand / 14 .SAP Trust Center Service: Enrollment Process SAP Trust Center Service 5 Verifies naming conventions and issues certificate 4 Send approved certificate request Web Browser 1 2 Log on using SAP user ID and password and initiate the SAP Passport request Specify naming convention and trigger key generation Portal Server 3 Web browser generates key pair and sends the SAP Passport request 6 Log on using the SAP Passport © SAP AG 2005.

SAP Logon Tickets – SSO Process Portal WebAS ITS Intranet CRM Initial logon ERP Internet Access Groupware Other. Authentication and Single Sign On / Patrick Hildenbrand / 15 . SAP Logon Ticket © SAP AG 2005...

MYSAPSSO2=AjExMDAgAA5wb3J0YWw6ZDAzMzA5OYgAE2Jhc2ljYXV0aGVudGljYXRpb24 BAAdEMDMzMDk5AgADMDAwAwADTldUBAAMMjAwNTA5MDIwNjE0BQAEAAAACAoAB0Q wMzMwOTn%2FAPUwgfIGCSqGSIb3DQEHAqCB5DCB4QIBATELMAkGBSsOAwIaBQAwCw YJKoZIhvcNAQcBMYHBMIG%2BAgEBMBMwDjEMMAoGA1UEAxMDTldUAgEAMAkGBSsO AwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0 wNTA5MDIwNjE0NDRaMCMGCSqGSIb3DQEJBDEWBBQ28lOiAPAV2KfBJR18ElZxaNenHzA JBgcqhkjOOAQDBC8wLQIUIaaWKYY4%2BCT26P07coHVYP63eCkCFQCLt0ERDvDKCpog8 9q5n%2B5ahpQQCw%3D%3D.5 Accept-Encoding: gzip.de. sapssolist=O3I9cHdkZjA5NjJfY3BwXzQ0 © SAP AG 2005.corp Connection: Keep-Alive Cookie: saplb_*=(J2EE6527200)6527250.1. */* Referer: https://some.0.domain/some/other/resource Accept-Language: en. deflate User-Agent: Mozilla/4.wdf. [ … ]. JSESSIONID=(J2EE6527300)ID6527350DB307014776305034697End.sap.1. image/x-xbitmap. PortalAlias=portal.q=0.host. MSIE 6. Authentication and Single Sign On / Patrick Hildenbrand / 16 .4322) Host: nw-portal.1 Accept: image/gif.Example of an HTTP Request GET /someresource HTTP/1. Windows NT 5.0 (compatible. image/jpeg. .NET CLR 1.

Authentication and Single Sign On / Patrick Hildenbrand / 17 .What is a SAP Logon Ticket SAP Logon Ticket is represented as cookie in the Browser Content of the SAP Logon Ticket is BASE64 encoded SAP Logon Tickets contain: User ID(s) Authentication scheme Validity period Issuing system Digital signature SAP Logon Tickets do NOT contain any passwords! SSOv2 Problems? SAP Note 701205 (EP6.0: Single Sign-On using SAP Logon Tickets) SAP Note 654982 (URL requirements due to Internet standards ) © SAP AG 2005.

Authentication and Single Sign On / Patrick Hildenbrand / 18 .SAP Logon Tickets – Prerequisites Prerequisites At least same user IDs in connected backend systems (portal user ID can be different) In case portal user ID is different than backend user ID. you need to maintain a user mapping for the ”SAP Reference System” Trust configured Public key certificate of issuing system is available in verifying system ( necessary for verification of digital signature) Trust access control lists maintained (ABAP: strustsso2) SAP Reference System User Mapping Standard user mapping functionality PLUS: Retrieval of user ID from LDAP Directory Server © SAP AG 2005.

SSO to Non-SAP Components Using SAP Logon Tickets Portal WebAS ITS mySAP. Authentication and Single Sign On / Patrick Hildenbrand / 19 .com user ID 3rd party application 2 3 5 Application user ID Access Initial logon 1 4 Ticket Verification Library SAPSSOEXT Security product (SAPSECULIB) Access Control List Workplace server <SID> <client> Public address book (if not SAPSECULIB) SAP Logon Ticket © SAP AG 2005.

Authentication and Single Sign On / Patrick Hildenbrand / 20 .Ticket Verification for Non-SAP Components Web Server Filter SSO with SAP Logon Tickets to Web applications Application needs to support authentication with an HTTP header variable Web Server Filter with Delegation for Windows Server 2003 SSO with SAP Logon Tickets to a Microsoft Web-based application Java Ticket Verification Library SSO with SAP Logon Tickets to non-SAP Java applications Development required C Ticket Verification Library SSO with SAP Logon Tickets to non-SAP C applications Development required Dynamic Link Library SAPSSOEXT SSO with SAP Logon Tickets to Java and C applications Available for most kernel platforms Development required Remark: Platform limitations may apply! © SAP AG 2005.

company. … Alternative: Configure SAP EP for multi domain SSO Ticket sending instances required in every domain Portal sends SAP Logon Ticket content via client redirects to every ticket sending instance.com. Client will get as many cookies as domains (also see SAP Note 654982) Configuration details: http://help. Authentication and Single Sign On / Patrick Hildenbrand / 21 .Multi Domain SSO Recommendation: Use one DNS (sub-) domain for SSO purposes ( Set UME property ”domainrelaxlevel” accordingly increased security!) E. see SAP note 673824 © SAP AG 2005.com.sap.com Netweaver '04 documentation Security User Authentication and Single Sign-On Authentication on the Portal Single Sign-On Single Sign-On with SAP Logon Tickets EP6 SP2 only supported on per project basis. its.sso.company.sso. portal.g.

.HTTP Header Authentication – SSO Process Authentication Authority (intermediate) Intranet CRM Initial logon Access ERP Internet Groupware Other.. Identity information within header variable © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 22 .

Adding the User Name Header The authentication takes place on the intermediate server The intermediate adds identity information to the request data The application servers get the identity information from the request data GET /someresource HTTP/1.1 […] HTTP-USER: MyUser © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 23 .1 […] GET /someresource HTTP/1.

40 Java please contact your local SAP consulting organization © SAP AG 2005.Integrated Windows Authentication Initial authentication is done to the local system (Windows) Two methods of Integrated Windows authentication possible NTLM Kerberos Requirement: Applications need to run on an IIS or authentication needs to be done on an intermediate IIS (using IIS Proxy module from SAP) available for SAP WebAS Java 6.40 Coming soon: SAP Consulting solution for Kerberos Authentication directly on WebAS 6. Authentication and Single Sign On / Patrick Hildenbrand / 24 .

Header Based Authentication Best Practices Block risk of user impersonation! Be aware of Header Spoofing Safeguard J2EE engine HTTP(S) ports from direct access by users Prevent opportunity to bypass the proxy for J2EE engine access Configure SSL with mutual authentication between the web server and the J2EE engine See documentation on ‘Using SSL with an Intermediary Server’ Intermediate SSL © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 25 .

Authentication and Single Sign On / Patrick Hildenbrand / 26 . An assertion can be either an authentication or an authorization assertion Authentication assertion: piece of data that represents an act of authentication performed on a subject (user) by the authority Authorization assertion: piece of data that represents authorization permissions for a subject (user) on a resource SAML can be used for authentication and authorization requests and assertions SAML is an emerging OASIS standard © SAP AG 2005. TLS and uses XML signatures SAML authorities produce “assertions” in response to client requests.Security Assertion Markup Language (SAML) SAML is a protocol for encoding security related information (assertions) into XML and exchanging this information in a request/response fashion SAML does not authenticate users – comparable to SAP Logon Ticket SAML relies for message exchange on standard security protocols like SSL.

Pull assertion Intranet ERP Initial logon 1. Authentication and Single Sign On / Patrick Hildenbrand / 27 Groupware Access .. Call transfer URL 2. Assertion 4. Redirect URL + artifact Internet ESS 3. Resource Authenticate once © SAP AG 2005. . Access 6.SAML – SSO Process Authentication Authority (Source Web Site) 5..

Authentication and Single Sign On / Patrick Hildenbrand / 28 . In the future there will be further support for SAML. © SAP AG 2005.Support of SAML in the SAP WebAS 640 Java Only SAML client for authentication available at destination site is available Support limited Only browser artifact scenario supported Digital signatures for SOAP documents are ignored No support for additional “Condition” elements The received assertion may only contain one authentication statement The authentication statement must contain the NameIdentifier AuthorizationDesicionStatement and AttributeStatement are ignored Nevertheless SAML is strategic within SAP.

© SAP AG 2005..Pluggable Authentication Service (PAS) Requires the external (standalone) version of the Internet Transaction Server (ITS) Provides the following authentication variants: Windows NT LAN Manager protocol (NTLM) Verifying user ID and password on the Windows domain controller SSL and X.509 client certificates Arbitrary mechanism on the Web server or an intermediate that sets HTTP header variable LDAP bind Arbitrary mechanisms provided by a partner product like Radius RSA SecureID Netegrity Siteminder . Authentication and Single Sign On / Patrick Hildenbrand / 29 ..

509 client certificates Arbitrary mechanism on the Web server that sets HTTP header variable User External ID Mapping Table (USREXTID) External Auth. User ID SAP System User ID Authentication (User ID and Password) Web server WGate Alice Alice User ID AGate sapextauth SAP System User ID © SAP AG 2005. Mech. Authentication and Single Sign On / Patrick Hildenbrand / 30 .Pluggable Authentication Service: WGate Windows NT LAN Manager (NTLM) SSL and X.

Mech. Authentication and Single Sign On / Patrick Hildenbrand / 31 .Pluggable Authentication Service: AGate Verifying user ID and password on the Windows domain controller LDAP bind Arbitrary mechanisms provided by a partner User External ID Mapping Table (USREXTID) External Auth. User ID SAP System User ID Authentication (User ID and Password) Web server WGate Alice Alice User ID AGate sapextauth SAP System User ID © SAP AG 2005.

Authentication and Single Sign On / Patrick Hildenbrand / 32 .4 integral part of J2SE Access control based on user credentials User-centric approach with two components: Authentication (-> login modules) Authorization http://java.JAAS Interface defined by Java Authentication and Authorization Service (JAAS) standard As of JDK 1.Pluggable Authentication .com/products/jaas © SAP AG 2005.sun.

JAAS Authentication J2EE Browser Browser Window Window External security product (optional) JAAS uses login modules for authentication Login modules get user information via callbacks SAP proprietary handlers can be used to gather additional information: HttpGetterCallback – used to obtain information from the request (header/cookies) HttpSetterCallback – used to attach information to the response External security product Standard information available is only User/Passphrase. all other information requires a Callback © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 33 .

Agenda Authentication and Identities Authentication with SAP in a Web Based Scenario At the SAP GUI for Windows Summary © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 34 .

Single Sign-On for SAP GUI for Windows SAP GUI for SAP GUI for Windows Windows External security product Use SNC and external security product Authentication takes place outside of SAP system External security product Use SAP-certified SNC product Also available: Windows NTLM (gssntlm.dll) Windows 2000 Kerberos (gsskrb5. Authentication and Single Sign On / Patrick Hildenbrand / 35 .dll) © SAP AG 2005.

Authentication and Single Sign On / Patrick Hildenbrand / 36 .Two Worlds: SAP GUI for Windows and Web Traditional Secure Network Communications (SNC) SNC partner product SNC: Microsoft NTLM or Kerberos SAP Shortcut Method (SAP Logon Ticket) SAP GUI for Windows Web X.509 client certificate SAP Logon Ticket Pluggable Authentication Service (PAS) Use external authentication mechanisms SAP GUI for HTML © SAP AG 2005.

and SAP Shortcuts Logon ticket is passed to SAP Shortcut using ITS service wngui SAPGUI for SAPGUI for HTML HTML Web server WGate AGate sapextauth https://host1.ITS Using logon tickets. ITS.SSO From Web to Traditional .10 ! © SAP AG 2005.com/scripts/wgate/wngui/!?~transaction=SU01 Alice Alice R/3 Alice Start SAP Shortcut Alice SAPGUI for SAPGUI for Windows Windows Only supported on external ITS up to release 6. Authentication and Single Sign On / Patrick Hildenbrand / 37 .mycompany.

.com/irj/. Enterprise Portal and SAP Shortcuts Logon ticket is passed to SAP Shortcut using a portal iView Browser Browser Window Window Alice EP https://host1.mycompany.SSO From Web to Traditional – Enterprise Portal Using logon tickets.. Alice Start SAP Shortcut Alice R/3 SAPGUI for SAPGUI for Windows Windows © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 38 .

3) The end users Web browsers accept cookies. © SAP AG 2005. accept session cookies for the local intranet zone. 7) Systems that accept logon tickets must have access to the issuing server's publickey certificate so that they can verify the digital signature provided with the ticket. Passwords do not have to be the same in all systems. 2) The user has an account in the active user store on the SAP J2EE Engine.0. 6) The issuing server must possess a public and private key pair and public-key certificate so that it can digitally sign the logon ticket. If you do not synchronize the clocks. 4) Any Web servers or SAP Web AS servers (to include the SAP J2EE Engine) that are to accept the logon ticket as the authentication mechanism are located in the same DNS domain as the issuing server. The logon ticket cannot be used for authentication to servers outside of this domain. In Internet Explorer 5. then the accepting system may receive a logon ticket that is not yet valid. which causes an error. 8) The UMEs of the Portal and Web Dynpro systems are set up to authenticate users against the ABAP system.Prerequisites 1) Users have the same user ID in all of the systems they access using the logon ticket. 5) The clocks for the accepting systems are synchronized with the ticket-issuing system. Authentication and Single Sign On / Patrick Hildenbrand / 39 .

SSO EP to ABAP Process Overview Import Portal public key into WebAS ABAP Configure trust from ABAP to EP Set profile parameters of ABAP system to accept logon tickets Restart SAP WebAS ABAP system Create and configure iView for the target system © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 40 .

Authentication and Single Sign On / Patrick Hildenbrand / 41 . Import public key into WebAS ABAP Start STRUSTSSO2 Click on Import Certificate Specify the location of the file verify. choose Add to PSE Save the new certificate list © SAP AG 2005.der 2.System Preparation 1.der Set the file format to DER coded and confirm In the Trust Manager. Export Portal Public Key using Keystore Go to the keystore view in visual admin Select TicketKeystore Choose Download verify.

then Next. right-click on the folder in which you wish to create the iView and choose 'New -> iView'. Enter iView name etc. Integrate the iView in a role and assign the role to your user. In the Content Catalog on the left. choose the system alias for the system object you created.IView Creation 1. And Finish. Choose 'SAP GUI for Windows'. enter a transaction code. then 'Next'. In the Portal choose Content Administration -> Portal Content. © SAP AG 2005. then choose Next. choose 'SAP Transaction iView'. 2. Create an iView using the 'SAP Transaction iView' Template. Authentication and Single Sign On / Patrick Hildenbrand / 42 . In the iView wizard. then choose Next. In the 'System' field.

Agenda Authentication and Identities Authentication with SAP in a Web Based Scenario At the SAP GUI for Windows Summary © SAP AG 2005. Authentication and Single Sign On / Patrick Hildenbrand / 43 .

Authentication and Single Sign On / Patrick Hildenbrand / 44 .Communication in Integration Scenarios d or w ss NT Pa Ker d rI se U / LM Web access management products SAP Enterprise Portal Applications ber os SAP nT L ogo icket X.Plug-In / Agent © SAP AG 2005.50 9 Certi f ic ate t Artifac SAML WAM T oken .

Single Sign-On Possibilities Authentication Type User ID / Password X. Authentication and Single Sign On / Patrick Hildenbrand / 45 .40 JAAS (Custom Authentication Modules) SAP Application configuration SAML Other © SAP AG 2005.40 or SAP EP 6.0 WebAS Java 6.509 Digital Certificates SAP Logon Tickets SSO to non-SAP Applications EP User Mapping Direct client connection SSO to SAP Applications EP User Mapping Direct Client Connection Certificate sent by EP Server SAP Web Server Filter SAP Ticket Verification Library Integrated Windows Authentication EAM-Authentication NTLM/Kerberos via direct client connection to IIS applications Using EAM SSO Agent Software Application specific Application specific NTLM/Kerberos via IIS (plus IISProxy) to WebAS Java 6.0 Using WAM SSO Agent plus HTTP Header Authentication to WebAS Java 6.40 or SAP EP 6.

509 certs? Use PKI Integrated Windows Auth. Authentication and Single Sign On / Patrick Hildenbrand / 46 .Selecting SSO Possibilities for Applications … PKI X.? Use Integrated Windows authentication EAM in use? Use EAM Integration SAP Logon tickets? Use SAP Logon tickets Use SAP EP User Mapping © SAP AG 2005.

com SAP Developer Network: www.sap.Further Information Public Web: www.sap.sdn. Authentication and Single Sign On / Patrick Hildenbrand / 47 .sap.com SAP NetWeaver Security Related SAP Education Training Opportunities http://www.com/education/ ADM960 Security in SAP System Environment Related Workshops/Lectures at SAP TechEd 2004 SCUR352 Leveraging External Authentication Based on Industry Standards SCUR201 SAP Infrastructure Security SCUR102 User Management and Authorizations: Overview SCUR351 User Management and Authorizations: The Details © SAP AG 2005.

copied. Intelligent Miner. indirect. S/390. Netfinity. Massachusetts Institute of Technology. The statutory liability for personal injury and defective products is not affected. DB2.Copyright 2005 SAP AG. graphics. SAP shall have no liability for damages of any kind including without limitation direct. iSeries. This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. links. All other product and service names mentioned are the trademarks of their respective companies. Windows. developments. Inc. SAP does not warrant the accuracy or completeness of the information. special. Java is a registered trademark of Sun Microsystems. MVS/ESA. HTML. Citrix. DB2 Universal Database. AIX. or other items contained within this material. xSeries. This document is provided without a warranty of any kind. MaxDB is a trademark of MySQL AB. OS/400. product strategy. JavaScript is a registered trademark of Sun Microsystems. VideoFrame. Program Neighborhood. MetaFrame. National product specifications may vary. including but not limited to the implied warranties of merchantability. and PowerPoint are registered trademarks of Microsoft Corporation. The information in this document is proprietary to SAP. IBM. ICA. UNIX. Outlook. Please note that this document is subject to change and may be changed by SAP at any time without notice. AFP. text. X/Open. All Rights Reserved No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. or non-infringement. and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business. and Informix are trademarks or registered trademarks of IBM Corporation in the United States and/or other countries. xApps. and MultiWin are trademarks or registered trademarks of Citrix Systems. or consequential damages that may result from the use of these materials. WinFrame. used under license for technology invented and implemented by Netscape. Inc. This document contains only intended strategies. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. OS/2. The information contained herein may be changed without prior notice. SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. mySAP. OS/390. either express or implied. Authentication and Single Sign On / Patrick Hildenbrand / 48 . WebSphere. R/3. Data contained in this document serves informational purposes only.. AS/400. xApp. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages © SAP AG 2005.com. mySAP. SAP assumes no responsibility for errors or omissions in this document. Tivoli. and/or development. zSeries. XHTML and W3C are trademarks or registered trademarks of W3C®. Microsoft. World Wide Web Consortium. z/OS. XML. fitness for a particular purpose. and Motif are registered trademarks of the Open Group. Parallel Sysplex. Inc. Sweden. OSF/1. This limitation shall not apply in cases of intent or gross negligence. No part of this document may be reproduced. or transmitted in any form or for any purpose without the express prior written permission of SAP AG. pSeries. Oracle is a registered trademark of Oracle Corporation. SAP.

Sign up to vote on this title
UsefulNot useful