Skip to Content
avatar image
Former Member

SSO from ABAP to JAVA using Web dispatcher proxy

Hi All,

Issue: In our BI7.0 system, after logging into SAP gui and starting Planning modeler, we are again prompted for Username/password.

Details: This call is being made from BI ABAP to BI JAVA. Since we have multiple application servers, we have setup the configuration so that all ABAP calls to JAVA go through a web dispatcher using a different URL. Using HTTP watch, I can see MYSAPSSO2 cookie created when initiating the URL (from ABAP). It then redirects to JAVA using Webdispatcher URL (I don't see MYSAPSSO2 cookie anymore during this redirection). Hence we are being prompted for username/password.

Using HTTP watch, I could see that my ABAP call is initiated with Fully qualified domain name of my server (<hostname>.<subdomain1>.<subdomain2>.<domainA>.com). Therefore the cookie being created has (<subdomain1>.<subdomain2>.<domainA>.com) as the domain name. When a redirection happens and the URL now changes to Web dispatcher (we have a different URL (<hostname>.<domainA>.com) for web dispatcher), the cookie is not being passed to JAVA

I was reading that it is possible to send cookies for different domains, but this applies to only when cookie is being created in Portal. In our scenario, cookie is being created on the ABAP side.

Is anyone aware of any workarounds for this issue? Help appreciated.

Thanks!

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jan 19, 2008 at 09:56 PM

    Hi,

    Using the EP you can set the SSO cookie for many domain as explained in [

    HOWTO Create Custom Application for Handling J2EE Engine Multi-domain Single Sign-On Token|/people/tsvetomir.tsvetanov/blog/2007/04/13/howto-create-custom-application-for-handling-j2ee-engine-multi-domain-single-sign-on-token]

    Unfortunately for ABAP WAS this option is not provided because EP is supposed to be the enter point for the users. Of course, setting the host names in same domain is the most convenient solution.

    Kind regards,

    Tsvetomir

    Add comment
    10|10000 characters needed characters exceeded