cancel
Showing results for 
Search instead for 
Did you mean: 

SSO for .Net application integration

Former Member
0 Kudos

Hi,

We have a ASP.NET application.We have to integrate it to the portal,we are using NW2004s.Can we configure SSo to that application if so how.I am trying for that but it is not working if a user Logs in i am getting a error message "System not found" but if logged in as a admin i am able to run the application.Please help me in configuring SSO

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Could it be a permissions problem with the system object you have created which the .Net application is making use of. Does the system object have permissons for 'Everyone" -> "Read" ?

If the portal administrator can log in fine and SSO is working for that user, then I guess you have setup SSO right.

The other issue is, does your backend user for the administrator have SAP_ALL and SAP_NEW ? If he does, but your other users dont, it could be a authorisation issue in the backend.

Former Member
0 Kudos

Hi,

Actually the .Net team has mapped the administrator UID and PWD in their coding,so the sso for Administrator is working,but what i want to do is to configure the sso so that any user who is having permissions should be able to login to the application throuh the portal without entering the user credentials agian.

i have tried by following the link:

if i click as a admin i am getting a logon page.

if click as a user i am getting a error message "unable to look up system "

can u help me in this matter by sending me the steps to configure sso for .net applications.

Former Member
0 Kudos

Hi,

Please assign READ permission to GROUP EVERYONE for the .net system you have defined and make sure "end user" check box is checked.

Regards

Ashutosh

Former Member
0 Kudos

i have done it but a logon screen is appearing again if i click the application

Former Member
0 Kudos

Ok, if you followed that document through, did you do the step where you map an individual user through the "personalisation" link at the top of the portal (right hand side) ? You need to make sure your user has the "eu_role" to get the link. From within here you can do the user mapping again the .NET alias system you have created. Hence SSO will work for that mapped user. Do that help? (sorry if I have misunderstood still)

Former Member
0 Kudos

Hi,

the problem was rectifeid to some extent.The application is running on users login when i done user mapping on the top right hand side,But when i click the application it directly logs in as admin.it is not loging in as users

Former Member
0 Kudos

That remaining error is probably to do with the hardcoding (!?) of the admin credentials in the .NET application. You should ask them to take that out, by the sounds of it.

Hope this sorts it for you

Former Member
0 Kudos

Hi Ravi,

You could also enable SSO using SAPSECULIB if you are using logon tickets since your .Net application is probably using IIS.

Please refer to this for more information

http://help.sap.com/saphelp_nw2004s/helpdata/en/12/9f244183bb8639e10000000a1550b0/frameset.htm

Former Member
0 Kudos

Hi,

I am having a small doubt in user mapping, How can we map multi users to the same system object.

Former Member
0 Kudos

Hi,

as an User-Administrator you can map every portal user to a specific system with its own user credentials. To do this open the User Administration in portal and select a user. The last tab in user details is the UserMapping tab. There you can enter the appropriate user credentials.

If it doesn't matter wich user is connected to the application you can create one role in the portals Content Administration, assign this role to the users that should be able to connect to the application and set up User Mapping only for this role once. This is also done in the portals User Administration (select the role and open the User Mapping tab in the role details).

In order to map a user or a role to a system using the User Administration the system must first be defined in the System Administration. A system alias must be defined and the type of User Mapping must be set to admin or user, admin. Additionally you have to give read permission to the users. Either by giving every single user read permission or by giving read permission to the role that is assigned to the users. All the configuration I described in the last section is done in System Administration->System Configuration->portal content in the system object that defines the .Net application.

Former Member
0 Kudos

Hi Marc

I am able to map users to a system but not able to run the .net application.Let me explain u my problem.through application integrator i have integrated ASP.net webapplication into the portal.In the integration process we have mentioned the url template as http://<?><Authenticationof user>.So the application is running for that authenticated user.Now if i alog in as another user n click the link it logs in as the user mentioned in url.

what my need is:

specific roles r there for specific user in the ASP.Net application

so if a specific user log in to the portal then his roles should be displyed

Former Member
0 Kudos

Ah ok, I thought you have a problem with the configuration of user mapping itself. Sorry, I haven't used the Application Integrator Authorization concept yet.

Instead I have established Single Sign On between the portal and a .Net application by processing the SAP Logon Ticket cookie using the .Net Ticket Toolkit. In this case the .Net application reads out the cookie and identifies the connected user as a portal user. Role information is received through a J2EE Web Service that I deployed on the portal WAS.

Former Member
0 Kudos

Hi

Can u tell me the steps to establish the sso betwen portal and .net application.It will be great if u send me the detail steps.

thanks

ravi.s

Former Member
0 Kudos

This Blog describes the detailed steps of the Ticket-Toolkit-Installation:

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/edb8a190-0201-0010-d398-c23...

Create a ASP.Net application and implement the Ticket Toolkit as described above (if you have a problem, don't mind to ask). Then you are able to verify a connected user as portal user. The Ticket Toolkit itself cannot read role information of the portal. So you can either hard code every user name that is allowed to connect to the application or you can implement a J2EE Web Service that provides portal role information. For example, I have written a Web Service function that checks if a given name has a specific role.

Former Member
0 Kudos

Hi Marc,

We are using NW 2004s sneak preview .its a trial version ,So my qusetion is will it be possible to download certificates from SAP n configure SSO with our ASP.Net web application

Former Member
0 Kudos

Hi,

you can download the portal certificate from "keystore administration" in "system administration" -> "system configuration" of your portal installation (logon as system administrator). You have to download the pse file and link to it from your ASP.Net application like described in the Ticket Toolkit blog. As far as I know it will work with trial version too. My first tests ran on the sneak preview.

Answers (0)