I suspect that using SSO2 cookies should probably be of your solution somewhere. However, not knowing exactly what you are doing, I can not say exactly steps to follow.

My personaly choice, is let the popup comes once, and have the newly created user enter the data and be done. Alternatives below.

What you should look at is to kick-start you real protected application NOT via a redirect. Create a simple page that has roughly this format below:

<htmlb><body onload="f.submit()">

<form name="f" id="f">

<input type="hidden" name="sap-user" value="thePinkCat">

<input type="hidden" name="sap-password" value="secret">

</form>

</body></html>

Consider to also set sap-client. You can do this via URL parameters. This is definitely NOT recommended.

And now also you *must* activate SSO2 cookies. This way, when the real application is started, authentication information is required. And this is found in the formfields. So all is well, and application is running. Afterwards, the ICF will set the SSO2 cookie for this userid, and all future requests will work correctly.

++bcm

Hi Peter,

In basic authentication, the user data is stored in a cookie. If you are using field authentication, you have to pass it explicitly whenever you move from one 'BSP Application' to another.

If you are developing an application to be used in a production environment, I would strongly suggest you to use SSO2, as it creates a cookie for the first time and sends it alongwith each request for authentication.

Regards,

Venky Varadadesigan.

SAP NetWeaver consulting.

-

Message was edited by: Brian McKellar

Basic authentication is stored by the browser. Whenever it sends a HTTP request to the server, it will inject the name and password into the HTTP header. Any number of my few weblogs has shown a number of these examples with indepth explaination.

The SSO2 part is good.