Skip to Content
author's profile photo Former Member
Former Member

Logon to WAS with ?sap-user=xxx&sap-password=yyy

Hello,

Does anyone knows how does this technique (see subject please) works? Namely, if I have a statefull BSP application with two pages:

\default.htm

\anotherpage.htm

and if I open a webbrowser and enter the URL

http://host.domain.ext:port/sap/bc/bsp/sap/myapp/default.htm?sap-user=myuser&sap-password=mypassword

the WAS acepts my authentication. My problem is that if in page default.htm I have a link to the other page I loose my authentication an the broser displays the basic authentication popup when I try to access it.

I thougth that being the application statefull the user and password would be used throught the entire session, is this not true? If so what is the "validity" off the authentication with ?sap-user=xxx&sap-password=xxxx?

Furthermore, is there any technique to use a logon page with two input fields

user

password

without using SSO2 like described in OSS note 510007.

Thanks to all in advance

Vasco

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Posted on Jan 11, 2005 at 03:45 PM

    Hi Vasco,

    let me first state that everything behaves correctly. If you use sap-user and sap-password in the URL you call only this specific page (in your case default.htm) with the logon information. The other page also needs this logon information, otherwise you will get an Authentication error. This technique can be used for testing purposes (to avoid Basic Authentication, for example in the SSO2 test) but should not be used often (very insecure!). A better possibility is to use Basic Authentication which is a feature of the browser. Please read

    BSP In-Depth: Confusion between Stateless, Stateful and Authentication

    /people/mark.finnern/blog/2003/09/24/bsp-in-depth-confusion-between-stateless-stateful-and-authentication

    and also the online documentation about "Basic Authentication".

    With this technique you get the popup you see when you call the link in your page.

    Regards,

    Rainer

    Add a comment
    10|10000 characters needed characters exceeded

    • The SYSTEM logon application requires SSO2 cookies to be active. If you are interested in how to do form based logon without SSO2, then all the code is there. Once you understand this application, it is just a small step to integration this into your application. However, this is a very complex topic, and not something for the faint of heart. It is definitely going to be more than an hour of work.

      brian

  • Posted on Jan 12, 2005 at 08:26 AM

    Hi Vasco,

    if you want to login via something like our logon page you have to use SSO2. This is the recommended possibility. With Basic Authentication you always get that popup where you can enter user and password. But normally this occurs only at the beginning. After the login your browser tries to call other pages without login info, gets the authenticaten error and tries it a second time with the login information you made in the popup. The user won't see all of this (only in a HTTP trace).

    Please have a look at the attachments to SAP note 517860

    Regards,

    Rainer

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.