on 09-30-2008 9:28 PM
Hi Experts,
I Have EP 7 SP 15 using SPNego Wizard to SSO with Active Directory and SSO between EP and ECC using SAP Certificates.
Now I have a demand to SSO some JAVA based applications (non SAP) to my portal using the SAP Logon Ticket.
I Have followed some blogs that directed me to use SAPSSOEXT (some libs) to read the MYSAPSSO2 cookie. The problem is that I didn't found this cookie, I even executed the command javascript:document to look for this cookie but the browser just show me the JSESSIONID info.
Does anybody knows where I can find this cookie or if there's a better way to set up this SSO? It´s necessary to say that I cannot SSO these application to the kerberos protocol because some security reasons on my company.
Thanks
Armando
Hello Armando,
If you haven't taken a look at the SAP Java Demo application yet, take a look at this first:
Your standard options to achieve SSO without SAP in windows are NTLM (outdated) or Kerberos. Since you mentioned neither are an option due to 'security' reasons, you are left with reading out the SSO ticket. However, this means that you will always have to redirect users over the Portal. A ticket "dispenser" so to say.
I don't know why you were unable to read the MYSAPSSO2 cookie. Have you tried downloading a 3rd party plugin for firefox or internet explorer that lets you read the cookies? You should be able to see it there after you sign into the portal. If not, then I would check your logon stack of your EP and make sure the CreateLogonTicket module is included.
We've set up the same scenario here at our company and it works really well. Let me know if you have any further questions.
Cheers,
Hermann
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Experts,
Problem solved! (in fact it was a beginner mistake) , I was looking for the cookie MYSAPSSO2 on the local drives, but it is a httponly cookie that is stored only on the session.
How I was developing my system on a different windows browser, the cookie wasn't able to be read.
Thank for all the help
Armando Martines Neto
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I dont have much info related but i can giv u hint
refer OSS Notes 442401 and 723896.
When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
In the first case, the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
In the second case, the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
You can refer following link :-
http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
user authentication and SSO
http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
Authentication Using a Directory with SSO Integration Using Logon Tickets
http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
SSO
http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
74 | |
9 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.