ykStore

Yubikey Management and Validation Server

ykStore is an innovative standard ABAP™ software package that integrates Yubikey management and validation services on the SAP Netweaver® platform.

It supports all state-of-the-art protocols including SOAP for seamless integration into SOA landscapes.

Easy installation within minutes, if required without any additional hardware or SAP licenses.


Key Features


Implementation of multiple validation protocols including
  • Yubico’s Web Service API. running on SAP Netweaver® Application Server ICF over http/https
  • SOA Web service, running on SAP Netweaver® Application Server ICF over http/https
  • SAP Remote Function Call (RFC)
  • Censum Proxy Validation Protocol for validation on remote Yubikey Validation Servers (e.g. Yubico’s)

Audit logging of all changes to the ykStore objects
Comprehensive logging of all OTP validation request, including
  • detailed OTP validation results
  • Username
  • IP address
  • GeoIP® localization data
  • nslookup information

Yubikey’s private AES key as well as its communication client API private key are both stored crypted and compressed on database layer.

Benefits


  • Secure enterprise in-house Yubikey validation services
  • Seamless integration into SOA landscapes
  • Audit logging on all validation requests and database changes
  • Advanced key management user interface is SAPGui and WebGui compatible
  • Easy installation, integration and maintenance
  • Fully compatible with existing standards
  • No additional infrastructure required (test and production system landscape is standard in SAP® system environments, as well as high performance backup solutions)
  • Scalable management and validation infrastructure because relying on SAP®’s architecture
  • Language independent
  • Platform independent, central storage using the benefits provided by SAP®’s concept of its Netweaver ABAP™ stack infrastructure
  • Delivered in source code, extendible using SAP® provided tools for customer specific needs
  • Utilities for online Yubikey decoding and simulation
  • Support of SAP®’s and Yubico’s client concept
  • Support of Yubikeys configured for static password operation
  • Unlimited customer documentation per Yubikey
  • Mass import of Yubikey factory settings provided by Yubico provisioning files
  • User authorizations simulator

Please visit Yubico’s website for more information on Yubikeys.

What’s Next


User oriented easy Yubikey setup with Wizards
USREXTID integration, allows direct linkage between SAP internal and external user IDs
BaPIs for ykStore access will allow external synchronization, e.g. MDM
Translation to additional languages next to English
Access control due to integration of global IP address localization and name server lookup combined with sophisticated ACL lists