Skip to Content
avatar image
Former Member

Pass user and password portal parameters through an URL

Hi,

We want to access an EP Portal through an URL, passing user and password parameters from a very old client system. That's run ok. Now we want to encrypt these parameters. We don't know how do this. From source system looks very difficult. We can't use SSO because source system users and EP users are on different DBs and can't connect these.

Any idea?

Thanks a lot.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Dec 15, 2008 at 03:13 PM

    Hi Tim.

    Source system isn't a SAP system, is a very old host system, I think is based on cobol language.

    Thanks!

    Add comment
    10|10000 characters needed characters exceeded

    • Ivan,

      ok, so you need to find out what is possible in the source system. There is no point in looking at this problem just from SAP perspective. If you have the capability to change source system and make it pass something else instead of clear text password, then you can also make SAP system accept the same to authenticate the user, eg. by writing a custom login module, using http header login module, or using a standards based login module such as SAML.

      Also, you need to consider the network security between your systems - otherwise somebody might capture the traffic between source and SAP system and replay it in order to logon as that user themselves.

      Thanks,

      Tim

  • avatar image
    Former Member
    Mar 13, 2009 at 10:05 AM

    Hi.

    It's solved. We've defined an URL iview and used application parameter with value:

    iViewID = <IView.ID> & UserName = <User.displayname>

    Thanks.

    Regards.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Although you should take care that any user should not be able to call any iView simply by knowing which parameter value to add for other users.

      They might all see each other's data!

      Just a side note...

      Julius

  • Dec 15, 2008 at 03:10 PM

    Ivan,

    In order to help you, I need to know more about your "very old client system" ? What is this client system based on ? Is it a SAP product ?

    Clearly, you will need to pass something instead of clear text useridpassword, e.g. encrypted useridpassword, or something which is recognised by both systems when a user has authenticated, and is not going to cause any issues if intercepted on network.

    Thanks,

    Tim

    Add comment
    10|10000 characters needed characters exceeded