Showing results for 
Search instead for 
Did you mean: 

MII 12.1 SSO and MII Login Security

Former Member
0 Kudos

Currently, we have an SSO and ABAP security system that allows the customer to maintain and deploy users to MII. The issue that the customer sees as a potential security risk is if the user is not available in the ABAP system, the MII login screen appears to the user and allows them to type in a username and password. If, by chance, the user is available in the UME system of NW, then the operator could gain access to MII and its features. Our customer would like the MII login screen to be either disabled or we put some logic in to prevent the screen from appearing if the SSO certificate was invalid or rejected. I would like to know if there is a feature in either NW or MII that we could simply turn off the MII login screen or if anyone has done this in the past? What is the best practice to approach this?

Accepted Solutions (1)

Accepted Solutions (1)

Active Contributor
0 Kudos

If the user does not belong to the XMII Users / Developers / Administrators roles then even if they get to the NW login screen (not sure how you would prevent that since it just redirects there when you're not logged in properly) they won't be able to do very much. The moment they would attempt to access anything inside the XMII web application, like the Menu.jsp or any other relevant URL the security aspects should prevent them from doing anything, and they should get nowhere.

I would suggest setting up an acceptible test situation to prove or disprove the security paranoia.

Answers (0)