Skip to Content
avatar image
Former Member

SSO between non SAP system and ABAP-backend system

We have a Java based application which should access an ABAP-backend via RFC (JCo). The user authenticates at the application (via Kerberos) and the same user should be used to access the ABAP-backend.

The best solution from my perspective would be to generate an SSO (MYSAPSSO2) token, signed by a certificate in the non-sap Java-application and to trust this certificate on the ABAP-backend. JCo can use this token to authenticate the user at the backend.

In the past there was this library SSOEXT mentioned to work with SSO tickets but I dont find any additional information about the library or the creation of SSO-tickets.

Any hints where to find solutions to create SSO-tickets?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Mar 13, 2017 at 04:04 PM

    Hi Richard,

    As your question is not related to the SAP NetWeaver Application Server for Java platform, I have removed that tag, and instead added one for the NetWeaver ABAP platform. Also, I moved "SAP Single Sign-On" to the primary tag spot, as this is really what you're asking about, or from a different perspective is likely to be related to the eventual answer.

    I'll leave it to other experts with NW SSO to fully address this, but my understanding is the MYSAPSSO2 ticket is for use between SAP systems, i.e. when users authenticate to a NetWeaver Java server (such as an Enterprise Portal) that consumes resources (web dynpros, iViews, etc) from another SAP backend, including ABAP systems. As you're not using an SAP Java system, but a non-SAP Java system, I don't think this is available to you unless you are willing to invest in another product (separately licensed): SAP NetWeaver Single Sign-On. That product is all about providing SSO options for ABAP systems, and for providing SSO between SAP and non-SAP systems.

    It's true that there used to be SSO options available for ABAP systems at no extra charge, but I don't think that's the case anymore.


    Add comment
    10|10000 characters needed characters exceeded