Skip to Content
author's profile photo
Former Member

Another Login Q: Custom Login WITHOUT SSO2?

I have browsed forums, blogs and notes but somehow all custom login procedures there want the programmer to use the SSO2 Method.

I would need to implement that one though for now:

1. Logon using HTTP fields (HTTP header fields or form fields): The fields are: sap-language, sap-client, sap-user, sap-alias, and sap-password. (If sap-user is specified, sap-alias is then unimportant, see Basic Authentication.) The attribute AUTHENTICATION_METHOD, which belongs to IF_HTTP_SERVER is set to AUTHMETHOD_FIELD.

Created a page containing a form and also having input-fields with the names as told above...

Also theres a button for submitting the info but what then? Do I have to call some special function, navigate myself to a page if some callFunction is successfull or or or? Somehow a bit lost there at the moment though guess its only a small part that would trigger the understanding.

Help would be urgent and VERY appreciated. Sorry if its just some very dumb answer but somehow just cant see it.

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • author's profile photo
    Former Member
    Posted on Jul 27, 2004 at 11:40 AM

    Hello Werner,

    if you don't want to use SSO2 and a copy of the BSP "SYSTEM" as described in the attachment of note 517860 (or in the online documentation hepl.sap.com...) but http-form fields then you should really think about it twice.

    To login via the url-parameters sap-user and sap-password you can create a public "logon" page and then concatenate the values of the input fields for user name and password to call your own "business" application.

    Just add the parameter names to your new target URL.

    / / default.htm?sap-user=<%= sap_user_name%>&sap-password=<%sap_password%>

    and set this string to

    navigation->goto_page( <appl_start_url> ).

    This should work to login if the data is correct.

    But before you should check the user name and password as it is done in CL_BSP_LOGIN_APPLICATION->LOGIN_PROCESSING( ).

    But at the end I would recommend to use the SSO2 authentication. If you or your customer is afraid because of cookies you can use the url-parameter "sap-syscmd=nocookie" in your start url.

    Then no SSO2-Cookie will be temporarily stored in the browser but the information will be "hidden" in the so called mangling code - this cryptic stuff in the url - wich is base64 encoded.

    Regards, Bernd

    Add comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 27, 2004 at 12:36 PM

    The problems you face are much more complex. You first page will have to run public, otherwise it is not rendered to the browser. Then you have to setup all the form-fields correct and have the form submitted to the server. Nothing else to do. ICF will now pull the fields and do the authorization.

    And now starts your real problems. What is password has expired, or password has to be changed? What happens if you now start your real application, etc. You really need a very deep understanding of these topics to understand and handle it correctly. More than can be handled within the scope of SDN.

    And to tell the truth, this is not really a topic that I would like to discuss in this forum. Security is a major issue, and if our answers help you to open a major hole in your system, responsible becomes a problem via SDN.

    Why not just use SSO2? And our SYSTEM app.

    Of course, if you are already in the rampup process, and have 640, you could use our very new and very hot ICFX logon system. This works without SSO2 >= 640.

    Please don't ask for urgent stuff in this forum. We are not handling any time critical questions. Anything that is urgent, or could influence your business should be done via OSS. This forum is only developer to developer as time permits.

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Posted on Jul 27, 2004 at 01:44 PM

    A big thank you to both of you! Now on one hand I would know the way to do it with headerfields ( as I thought its just been a tip needed to clear it all up 😉 ).

    But even better with help of the very clear recommendation for SSO2 through an external source even from SAP as well they now decided to jump over their shadow and let the external basis crew install/setup the required stuff (Cryptolibs, Certs), so I'll be able to implement it according to standard procedure.

    Regarding the urgency I know it is a developers forum with people helping out when they have time - but as I thought alot of developers probably once stood before the same problem the question could more quickly be answered here - as it was done :).

    Thx again for the help!

    Add comment
    10|10000 characters needed characters exceeded