Skip to Content

SSO from ERP to Portal?

Hello everyone,

I am quite comfortable with setting up Single-Sign-On from the Portal to the any ERP backend.

How about the other way around? The idea is to have a button in a custom SAP transaction that links to a WebDynpro JAVA application in the 7.0 portal. The user shouldn't be required to logon to the portal after already being authenticated in the ABAP system.

Any thoughts on this?

Thanks and regards

Patrick

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    Posted on Dec 19, 2010 at 11:51 PM

    Hi,

    A few things needs to be considered/performed to achieve this as Java Dynpro can have security managed at component level.

    1.) Export your ABAP stack certificate (or if it is a 3rd party system consider other logon stack options - such as http header login module etc. refer to documentation for intergation SSO options).

    http://help.sap.com/saphelp_nw70/helpdata/en/f8/9636eedafe8b4589cd6e9e4e73fd3c/frameset.htm

    2.) Import the certificate into the portal via NWA --> Configuration --> Trusted Systems.

    3.) Consider JCo connection definitions and security depending on application requisites.

    4.) Consider role based access. If you create a role in EP for the access to the Dynpro you can further increment component level access by managing security Zones for users/groups/roles accessing these. This is particularly of importance if you are extending/referencing other portal components as part of the solution.

    5.) Session managment and termination. depending on yoru security model and architechture you may not want users to iteratively hop between systems. As such you need to architecht your solutions to exclusively terminate or redirect sessions depending on where they have been accessed from e.g https/http redirects and terminations. You also need to consider session managment in your scenario if you have a solution that is xapp modelled accross the landscape where you may have load balancing in place (for these reverse proxy / web dispatchers are required for session mgt).

    Additonal considerations:

    There are std function modules in the new NW ABAp stacks that allows you to populate/retrieve values from the RSPOR_T_PORTAL tables for your landscape to allow dynamic referencing when you use appliactions taht reference the portal for calls from ABAP in your landscapes (search for RSPORTAL in SE37). Ensure these values are maintained to make your life easy.

    Hope this helps.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 20, 2010 at 08:58 AM

    Hi Patrick,

    You can go for sso using uidpw method. In this process you don't need to import/export certificates to each other but requires to do user mapping for connectivity.

    Regards,

    Sen

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Sen,

      Thanks - just to make sure I understand what you are saying:

      I know how to do user mapping/uidpw authentication FROM the portal TO the ERP.

      What you are saying is that it is also possible to setup a single-sign-on mechanism from the ERP to the portal? Do you have any information on how to do this?

      Regards

      Patrick

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.