Skip to Content
author's profile photo Former Member
Former Member

EP and Active Directory SSO

Hi All,

I know that there are a lot of questions going around with EP and SSO however my question will be more specific.

If we have 2 scenarios: (1) IIS as web front interfacing with EP; (2) EP as web front and accessing MS apps.

Item (2) has been clearly defined by the press release and i like it. However, I need to know a few details.

Scenario (1)


If ASP.Net web front is being used, the connector or PDK.Net will be used to authenticate SAP Logon this possible? If so, how is the active directory and user mapping to SAP Logon tickets done? and on which end?

Scenario (2)


When EP net is used for validation, the IIS server will validate against Active Directory and Exchange using the Ticket Bridge method. Is the ticket bridge another product or do i have to code it using connector or is it part of the PDK.Net? Also how is the SSO ticket and active directory user mapping done(on which end?)?

For (2) OWA is part of the ticket bridge? or is it another producT?

Sorry to trouble you guys on this but there are hardly any installs of 4.7 on webAS 6.2 running where i am..only one or two just started.


Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Posted on Jan 04, 2005 at 08:32 AM

    I don't fully understand what scenarios you have in mind, therefore let me quickly summerize what's possible:

    1. Use EP with PDK: This is the best and easiest solution. You .NET app wouldn't run on IIS, but on the special PDK server. Howerver, you can run any ASP.NET app without or with only little changes. Authentication and integration in EP infrastructure is automatically provided by the PDK.

    2. EP with IIS loosely coupled: You can integrate ASP.NET pages running on ASP.NET by URL. In this case you can implement SSO using the MYSAPSSO2 ticket from EP with this article: single sign-on for applications in enterprise portal 6.article

    3. You have an external APP (that you don't develop by your own) that requires NT bases single-sign-on like Microsoft Outlook Web Access (OWA). But you want to use the logon information from EP. In this case you use the MySAPSSO2KerbMap filter.

    4. You have a IIS-based Web-Page / Portal in front of EP and want to use it's SSO feature to log on to EP: Use IISProxy (part of EP) or deploy X.509 certificates.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.