Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO from non-SAP J2EE to NW04 ABAP WebService

Former Member

‎10-28-2008 12:30 PM

0 Kudos

Hello,

I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.

I must stress that username/password is not a solution.

Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable

Best regards,

Thomas Mouritsen

3 REPLIES 3

Former Member

‎10-29-2008 4:39 PM

0 Kudos

Hi,

If you can use HTTPS, then you can authenticate the web service user with a client X.509 certificate.

Regards,

Olivier

Former Member
In response to Former Member

‎10-30-2008 6:56 AM

0 Kudos

Hello Olivier,

HTTPS is not configured, but it might be if it's the answer. But my understanding of the use of X.509 os that every user/client persists a certificate that uniquely identifies the user. My problem is that the users all come from the same application. Meaning that one specific application should log on to the webservice and impersonate a number of different users. It's very similar to the way the portal connects to ECC by impersonation the different users.

Is HTTPS still the answer?

BR,

Thomas

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎11-13-2008 9:50 PM

0 Kudos

> 

> Hello,
> 
> I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.
> 
> I must stress that username/password is not a solution.
> 
> Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable
> 
> Best regards,
> Thomas Mouritsen

Well, the best solution would be using message-based authentication (WS-Security) - either "X.509 Token" (digitally signed message) or "SAML (1.1) Token". Unfortenately you are using an older ABAP system where this feature is not available.

Especially regarding Web Services it is definetly worth to consider upgrading to NWAS 7.0 Enhancement Pack 1 (or at least: NWAS 7.0 with SP14 or higher).

But it also depends on the capabilities of "your" J2EE server. Does it support WS-Security and SAML Tokens? Can it servce as SAML Source Site?

Transport-level security (e.g. SSL with X.509 client certificates) will not help in your scenario (system-to-system calls). It would only be an option if the WS Consumer is an User Agent (-> SSL client represents a single user); only then X.509 client certificates can be used for SSO.

Best regards, Wolfgang