10-28-2008 12:30 PM
Hello,
I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.
I must stress that username/password is not a solution.
Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable
Best regards,
Thomas Mouritsen
10-29-2008 4:39 PM
Hi,
If you can use HTTPS, then you can authenticate the web service user with a client X.509 certificate.
Regards,
Olivier
10-30-2008 6:56 AM
Hello Olivier,
HTTPS is not configured, but it might be if it's the answer. But my understanding of the use of X.509 os that every user/client persists a certificate that uniquely identifies the user. My problem is that the users all come from the same application. Meaning that one specific application should log on to the webservice and impersonate a number of different users. It's very similar to the way the portal connects to ECC by impersonation the different users.
Is HTTPS still the answer?
BR,
Thomas
11-13-2008 9:50 PM
>
> Hello,
>
> I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.
>
> I must stress that username/password is not a solution.
>
> Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable
>
> Best regards,
> Thomas Mouritsen
Well, the best solution would be using message-based authentication (WS-Security) - either "X.509 Token" (digitally signed message) or "SAML (1.1) Token". Unfortenately you are using an older ABAP system where this feature is not available.
Especially regarding Web Services it is definetly worth to consider upgrading to NWAS 7.0 Enhancement Pack 1 (or at least: NWAS 7.0 with SP14 or higher).
But it also depends on the capabilities of "your" J2EE server. Does it support WS-Security and SAML Tokens? Can it servce as SAML Source Site?
Transport-level security (e.g. SSL with X.509 client certificates) will not help in your scenario (system-to-system calls). It would only be an option if the WS Consumer is an User Agent (-> SSL client represents a single user); only then X.509 client certificates can be used for SSO.
Best regards, Wolfgang