on 06-14-2016 4:55 PM
Hi experts,
I know this is a old question, but did not found my wanted from others threads.
My case is, after login SAP GUI of Gateway Hub system(abap server), i open TCODE '/UI2/FLP',
popup the logon webpage asking my type the username&password.
But i do not wanna type the username&password again(SSO).
How to achieve this?
From SAP HELP page, it only ask me execute task "SAP_SAP2GATEWAY_TRUSTED_CONFIG",
but it not works. The version of hub system is 740 SP14.
Any advise? thanks.
BRs,
Archer
Hi Archer, this is all about SICF service /sap/public/myssocntl working or not. It bridges the gap between GUI and IE using the HTTP-Control.
You should check this:
So: you will probably get this working. But I personally see it as a nice to have and would never invest in cleaning it up or give this to a common user.
If you do not want to rely on this and need SSO you would need to start a larger project, e.g. configure kerberos based SNC SSO to the GUI and SPNego (also Kerberos) based SSO to web applications, or loads of alternatives (other buzzwords: MYSAPSSO2-Ticket, Assertion Tickets, SAML2, X.509 client certificates, SAP Single Sign-On, ...)
Regards,
Lutz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lutz,
Thanks your reply, i checked all you mentioned points, and it works for one GW Hub system. But not works for another system, we have two test GW Hub systems.:)
Through some web tools, i notice that one hub server will send out the MYSAPSSO2 cookie to broswer(that`s why it can logon without password), but another one not send cookie out.Please check the screenshots(The first one is from works server, the second one is not works server).
(P.S.Do not mind the Chrome browser, it`s also not works in IE).
I also checked many things, STRUSTSSO2, SSO2, RZ10, all things is same.
I missed something which the second server did not send out the cookie?
thank you.
BRs,
Archer
Hi Archer,
here is a link to page, providing SSO and troubleshooting Information: https://wiki.scn.sap.com/wiki/display/EP/Single+Sign-On+and+Cookies
Rather old but still valid!
Hope that helps you finding your issue.
Best regards,
Johannes
Glad to read that you are making progress,
It will only work in IE. This is due to technology. Somehow login session information needs to be transferred securely from GUI to browser. This is done by embedding the HTML-Control into the gui. This HTML-Control splits off a new browser window in the same session as the HTML-Control and this way shares session information.
But this HTML-Control in GUI is provided by Internet Explorer regardless of your standard browser configruation. And IE can only start IE in the same session. So no SSO with Chrome - not this way.
Regards,
Lutz
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.