Skip to Content
author's profile photo Former Member
Former Member

SSO between NetWeaver Portals with FPN - consuming WebDynpro Applications.

Hi,

We are not beeing able to configure Single Sign-On between our NetWeaver portals, and we are in need of some help to figure out what we are missing.

Our goal

We need to configure single user authentication between a NetWeaver Portal 7.0 and the WebDynpro applications executing in a CE 7.2. In other words, if the user is already logged in the Portal, his authentication on the CE/WebDynpro will be handled by configuration.

Scenario

We have a Portal 7.0 and CE 7.2. Both portals are already configured in a FPN within the same domain. The FPN is working well, and we are able to acess WebDynpro provided by the producer, if we are logged into both portals. But if we are only logged on the Portal 7.0, the consumed WebDynpro from the producer fails with the following error:

Failed to load the object: pcd:consumer_content/com.sap.portal.fpnGuestUserIview with user Guest 
[EXCEPTION]
com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): consumer_content/com.sap.portal.fpnGuestUserIview)

Configuration

After we configured the FPN between the portals, we followed SAP documentation to configure SSO:

1. We exchanged the portal 7.0 certificate with success to the 7.2 environment (We tested it on the option "Check against issuing system" within the "Trusted Systems" service)

[http://help.sap.com/saphelp_nw70/helpdata/en/43/2235260b413fe1e10000000a11466f/content.htm]

2. We also made the configurations in the stack to accept logon tickets

[http://help.sap.com/saphelp_nw70/helpdata/en/aa/bf503e1dac5b46e10000000a114084/content.htm]

All our applications have the "ticket" configuration to authenticate, which is also a subject of the link above.

After that configuration the single sign-on did not work. As we are doing a review on the documentation, we would like to ask some help if anyone have already configured single sign-on between netweaver portals. We are going to keep this thread updated if we make any kind of progress, and also ask me if I missed some information in the post.

Any help will be very appreciated!

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Jun 30, 2011 at 06:24 PM

    We found out that the MYSAPSSO2 cookie is beeing generated after the login into the Portal, but when we try to open a WebDynpro copied from a producer, it is not beeing send in the request message that is received by the producer.

    We also checked the following procedure:

    [http://help.sap.com/saphelp_nw70/helpdata/en/89/6eb8e7af2f11d5993700508b6b8b11/content.htm]

    The application still not authenticating, falling on the same exception reported on the opening post.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jul 04, 2011 at 07:07 PM

    We found out the problem. The configuration was correct but we wasnt calling the machines from the same domain, and it seems that tickets are not send to destinations that are not in the domain of the origin (issuing) system.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.