Hi Sebastian,

Company uses corporatewide one Portal which is a SAP EP. The User logs on

there (Directory Service for the EP is a Windows AD connected via LDAP

to the EP) an than Browse to a site called "BO". In this site there is

Content like Welcome Messages etc. and a Link to InfoView. When the

User clicks that Link a new Window has to open with direct SSO into

InfoView.

>>> Is the portal passing on the Windows AD credentials or is the portal providing a MYSAPSSO2 ticket ?

Workflow:

- User logs on to corporate SAP EP Portal (via WinAD credentials, not

BW!)

>>ok - so Windows AD

- User browse to the BO Site

- User click on InfoView Link

- User Logs on via SSO to InfoView

At the last point for SSO, the Session ID from the initial LogOn to the

SAP EP has to be taken not the local Kerberos Ticket like in a normal

Windows AD SSO configuration.

>> If you starting with Windows AD authentication, but want SSO with SAP systems >> that leads to SNC for client authentication.

The Question is, is this technical possible/supported ?

yes - see above

Environment:

- Windows Server 2003 R2 SP2

- BOE XI 3.1 FP 1.4

- SAP ITK 3.1 FP 1.4

- Default Tomcat 5.5