This blog post is part of a series outlining the processes and tools that we at SAP apply for a secure handling of our open-source supply chain. If you haven’t read the introductory blog post, you may want to read it first here. Find below the refere...
You certainly remember Heartbleed: Back in 2014, this vulnerability in the OpenSSL crypto library put many TLS-enabled websites at risk. It was an eye-opener demonstrating to what extent we all depend on the security of open source software compone...
Hello,in transaction SPROXY only some SW component versions are visible (not only local ones but others from the SLD as well). Others are not.The connection to the SLD is correct (according to transaction SLDCHECK). The RFC connections LCRSAPRFC an...
I did not have to change the SP metadata in order to have access to those attributes. I think they are offered by default, at least by the SAP-internal IdP (as explained somewhere on their Wiki).
Hi Pranjal,We use the built-in HANA XS session management. Within our XSJS scripts, we do not use the session object $.session (with one exception, when checking whether the user has a certain privilege). Does that help clarifying your question?Cheer...
Hi Pranjal,I already tried this a couple of times ... however, at a time when the callbacks for the IdP still pointed to HTTP-only URLs of my SP (in fact, I overlooked the recommendation given in step 3a). It never worked.Now that the IdP points to H...
