Skip to Content
Aug 28, 2009 at 10:13 AM

Is the following SSO Scenarion possible ?


Hi everyone,

a Customer wants to implement the following workflow, if this is possible.

Company uses corporatewide one Portal which is a SAP EP. The User logs on

there (Directory Service for the EP is a Windows AD connected via LDAP

to the EP) an than Browse to a site called "BO". In this site there is

Content like Welcome Messages etc. and a Link to InfoView. When the

User clicks that Link a new Window has to open with direct SSO into



- User logs on to corporate SAP EP Portal (via WinAD credentials, not


- User browse to the BO Site

- User click on InfoView Link

- User Logs on via SSO to InfoView

At the last point for SSO, the Session ID from the initial LogOn to the

SAP EP has to be taken not the local Kerberos Ticket like in a normal

Windows AD SSO configuration.

The Question is, is this technical possible/supported ?


- Windows Server 2003 R2 SP2

- BOE XI 3.1 FP 1.4

- SAP ITK 3.1 FP 1.4

- Default Tomcat 5.5

Thanks for your help.