Skip to Content
0
Former Member
Sep 14, 2005 at 10:01 AM

SSO / Logon Ticket: Taking over ITS session

26 Views

Hi,

we have an serious SSO issue.

<u><b>SCENARIO:</b></u>

User A logs in the portal and accesses SAP EBP via ITS (HTTP link within Enterprise Portal opening a new Browser Window and launching https://buyer.test.xxx.intranet.com/scripts/wgate/bbpstart/!). User A close the browser window where EBP is launched and logs off the Portal but does not close the browser window where the Portal was accessed. On the same client machine and same browser window User B logs in the Portal and access SAP EBP via ITS the same way the user A did before. If we now look at the users settings in SAP EBP ITS he has the user details from User A. Hence User B has the ITS session of User A. On the other hand within the Portal the users are recognized correctly after login.

<u><b>SETUP:</b></u>

Portal load-balancing.

EP URL: https://portal.test.xxx.intranet.com

ITS EBP URL: https://buyer.test.xxx.intranet.com

<u><b>ISSUE:</b></u>

The SSO ticket should be killed after logging off the portal.

System versions:

6.0.2.33.0.Enterprise_Portal_Support_Package_2

6.0.2.33.0.ContentManagement_Collaboration

J2EE patch level 33

ITS 6200.1017.50954.0, build 730827 (620 patch level 17)

Regards,

Adam Kreuschner