Skip to Content
0
Sep 04, 2009 at 07:51 AM

[Authentication] Call ABAP Integrated ITS from .Net application

41 Views

Hi,

Here is the scenario I am facing:

I have a .Net application to which I logged based on LDAP.

I would like to call - at the user's requests - a SAP screen by leveraging the ABAP Integrated ITS on ECC.

Since I have a Kerberos Ticket, I would like to use SPNego and a NW Java stack in order to "convert" this Kerberos ticket into a SAP Logon Ticket and access the ABAP stack.

My idea was to use the Logon Error Pages from ICF service webgui (Integrated ITS on ABAP stack) in order to redirect to the Java stack, get the SAP Logon Ticket, and then go back to authenticate on the ABAP.

Does this seem a relevant scenario to you, experts ?

I have been pointed to this resource : Leveraging NetWeaver for SSO where the SAP .Net Connector is used to grab the SAP Logon Ticket.

string ticket = SAP.Connector.SAPConnection.GetSAPSSOTicket(connStr, 2);

Could you please help me putting all this together ?

In my opinion, either you do it from the .Net side or from the ABAP side:

- on the .Net side: should I test the existence of the SAP Logon Ticket and then - if necessary - use the above code to retrieve a SAP Logon Ticket while passing the Kerberos Ticket

- on the ABAP side: the redirection would be sufficient? How will I be able to go back from the Java stack once the SAP Logon Ticket is obtained ?

Thanks in advance for your help.

Best regards,

Guillaume

Edited by: Guillaume Garcia on Sep 4, 2009 9:54 AM