Skip to Content
avatar image
Former Member

SSO from non-SAP J2EE to NW04 ABAP WebService

Hello,

I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.

I must stress that username/password is not a solution.

Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable

Best regards,

Thomas Mouritsen

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Oct 29, 2008 at 04:39 PM

    Hi,

    If you can use HTTPS, then you can authenticate the web service user with a client X.509 certificate.

    Regards,

    Olivier

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Olivier,

      HTTPS is not configured, but it might be if it's the answer. But my understanding of the use of X.509 os that every user/client persists a certificate that uniquely identifies the user. My problem is that the users all come from the same application. Meaning that one specific application should log on to the webservice and impersonate a number of different users. It's very similar to the way the portal connects to ECC by impersonation the different users.

      Is HTTPS still the answer?

      BR,

      Thomas

  • Nov 13, 2008 at 09:50 PM

    >

    > Hello,

    >

    > I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.

    >

    > I must stress that username/password is not a solution.

    >

    > Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable

    >

    > Best regards,

    > Thomas Mouritsen

    Well, the best solution would be using message-based authentication (WS-Security) - either "X.509 Token" (digitally signed message) or "SAML (1.1) Token". Unfortenately you are using an older ABAP system where this feature is not available.

    Especially regarding Web Services it is definetly worth to consider upgrading to NWAS 7.0 Enhancement Pack 1 (or at least: NWAS 7.0 with SP14 or higher).

    But it also depends on the capabilities of "your" J2EE server. Does it support WS-Security and SAML Tokens? Can it servce as SAML Source Site?

    Transport-level security (e.g. SSL with X.509 client certificates) will not help in your scenario (system-to-system calls). It would only be an option if the WS Consumer is an User Agent (-> SSL client represents a single user); only then X.509 client certificates can be used for SSO.

    Best regards, Wolfgang

    Add comment
    10|10000 characters needed characters exceeded