cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

user auth. using SSO2 with EP

Former Member

on ‎09-22-2006 4:58 AM

0 Kudos

we are using SAP Enterprise Portal (EP) to authenticate users into our BSP application on a R/3 Web Application server. Users are expected to log in to the EP with their username/password. When EP authenticates the user based on those 2 criteria, it then links to the BSP app using a predefined user id and password.

This would be fine if our application was only a single BSP page. The user is authenticated to the 1st page of the application. However, when the user tries to navigate through the application they get a popup asking for a R/3 user id and password.

We have engaged SSO2 cookies and as far as we can tell they are working. We used the test described here to verify that they are working: http://help.sap.com/saphelp_470/helpdata/en/ce/1629a698b3ed48ab2360aaa096a4a5/content.htm

In the onInitialization event we are trying to use the if_http_response object to get the MYSAPSSO2 cookie. Unfortunately when do a get on this cookie name we are not getting any value.

We ran a trace and found that the browser was recieving the command for a Keep-Alive Cookie with the name MYSAPSS02, as opposed to just setting a regular MYSAPSSO2 Cookie. When the cookie is sent from the BSP application as a 'Keep-Alive' cookie we can not see the cookie's value using the get_cookie method on the if_http_response.

Why is that?

Is there a way for us to interact with the MYSAPSSO2 cookie (for example change the path).

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎09-22-2006 6:21 AM
0 Kudos

Hi,

Welcome to SDN!

The problem with SSO2 cookie is, its a browser cookie and it can't be read with the methods of the response object in BSP. The way to read the contents of SSO2 cookie is mentioned in this blog.

/people/siddhartha.jain/blog/2005/10/25/reading-netweaver-portal146s-logon-ticket-147mysapsso2148-cookie-in-bsp-applications

Hope this helps,

Best Regards,

Ravikiran.

Show replies
Show replies
Former Member
‎09-27-2006 7:20 AM
0 Kudos

Actually if i go directly to the BSP application and put the sap-username and sap-password (along with their appropriate values) into the query string of the url to the BSP, i can read the contents of the SSO2 cookie using the response object.

When i go through the EP, even though the ep is sending the same exact values, i can no longer read the SSO2 cookie using the request object. On the client side, however, i can use javascript to read the SSO2 cookie, though i can not make changes or modifications to that cookie (not that i'd necessarily want to, but i thought i had full control of client cookies using javascript).

It would seem like everything should be in order, since my client has recieved the SSO2 cookie, however when i attempt to navigate through the bsp, i get the popup to enter the webAs userid and password.

I thought perhaps because the connection was facilitated through the EP that perhaps parameters were not being set appropriately. So on the initial page of the bsp i have javascript code that opens a new window that goes directly into the bsp with the username and pasword in the url. Once again i am able to get into the bsp, however i still get the popup for the userid/password when i try to navigate within the bsp.

Why is that?

Former Member
‎09-28-2006 6:19 PM
0 Kudos

did you select the option 'Supports Portal Integration' for your BSP application?

And also, in SICF, select your application and in the Security Requirements, select option 'Client Certificate w.SSL'.

pls award points if it is helpfull.

Ask a Question