cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sending SAP Logon Ticket from another system

Go to solution
Former Member

on ‎01-18-2005 8:42 AM

0 Kudos

Hello,

i want to use for authentication of a webapplication sap logon tickets. The ticket to be used is the one for our R/3 System. How can i attach this ticket when calling the url of the webapplication?

regards,

Marco

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-18-2005 10:12 AM
0 Kudos

Hi Marco,

Are you using java HttpURLConnection to call the URL of the web application? If yes, then just call the "enrich" method on the credentials object, passing it the HttpURLConnection. The "enrich" method will update the URL with the SAP Logon ticket.

I hope this helps.

Akhilesh

Show replies
Show replies
Former Member
‎01-18-2005 12:12 PM
0 Kudos

Hello Akhilesh,

thanks. If i use the enrich method on the HttpURLConnection, a SAP Logon Ticket is added, ok. But how can i choose the system the ticket should be created for, to be able to choose the userid set within the ticket?

regards,

Marco

Answers (3)

Answers (3)

Former Member
‎02-11-2005 3:38 PM
0 Kudos

Hello Marco,

as I know the SAP ticket contains two User-IDs, the logon UID from portal and an ID of the SAP reference system. The SAP Enterprise Portal Security Guide says

"When you use SAP logon tickets for Single Sign-On to SAP Systems, users must have the

same user IDs in all SAP Systems that are configured to use SAP logon tickets. If the SAP

user IDs are different to the portal user IDs, you must define an SAP reference system. Users

then map their portal user ID to the user ID in the SAP reference system.

The mapped user ID is included in the SAP logon ticket and enables Single Sign-On using

logon tickets to all SAP Systems in which the user has the same user ID."

We use this mechanism with success to access our SAP systems with an (for them) unknown Portal account.

Hope this will help you

Wolfgang

Show replies
Show replies
Former Member
‎01-20-2005 11:13 PM
0 Kudos

Hi marco ,

I am not so sure if using HttpURLConnection is mandatory for your requirement, but if it is not I think AppIntegrator could solve your problem. Please take a look at the below given document.

https://media.sdn.sap.com/html/submitted_docs/Best_Practices/EP/documentation/How-to_Guides/25_HowTo...

Regards

Pallayya

Show replies
Show replies
Former Member
‎01-19-2005 8:56 AM
0 Kudos

Hi Marco,

The SAPLogon ticket is not created for a system. The logon ticket is so called "universal" i.e. independent of the system that will use it. It is upto the backend system to read and understand this SAPLogon ticket.

I hope this somewhat clarifies your doubt.

Akhilesh

Show replies
Show replies
Former Member
‎01-19-2005 9:13 AM
0 Kudos

Hello Akhilesh,

i understand you, but imagine the user has user mappings for 2 systems with different UserIDs. Both systems use SAP Logon Tickets for authentication. When i now only add with the enrich method a SAP Logon Ticket, what is the UserID contained in the ticket: System1, System2 or the Portal-UserID?

regards,

Marco

Former Member
‎01-19-2005 9:31 AM
0 Kudos

Hi Marco,

If you are using SAPLogon ticket, then why do you need the user to maintain the user mapping. By doing so you are defeating the whole idea of the Logon ticket. The SAPLogon ticket is used so that the user gets rid of the user mapping concept.

The logon ticket generally has the portal user id.

Akhilesh

Former Member
‎01-19-2005 12:14 PM
0 Kudos

Hello Akhilesh,

In many cases is the portal-user-id(Novell-User-ID) and the user-id in the backendsystems(SAP-User-ID) different, so i have to do a usermapping.

If i now want to attach a SAP Logon Ticket, i have to able to say for which system or? Because the default value (portal-user-id) will result in an unknown-user-error.

regards,

Marco

Former Member
‎01-20-2005 5:10 AM
0 Kudos

Hi Marco,

The SAP Logon ticket is generated based on the portal user. Now if your backend system userid is different than the portal userid, then there is a problem.

What you can do is maintain a mapping between the portal userid and the backend userid "somewhere". Then it will the responsibility of your application to read and understand the Logon ticket and convert it appropriately to a format that the backend understands.

The classis example for this is the SSO to MS Exchnage. There is a dll that reads the SAP Logon ticket and then converts it into a NTLM token, which the Exchange server interprets. So you will also have to do something like this.

Akhilesh

Former Member
‎01-20-2005 7:45 AM
0 Kudos

Hello Akhlilesh,

this mapping "somewhere" i do directly in the portal for a system XX. The backend application is ready to accept the ticket and extract the userid. I only have to set within the ticket the correct userid, by saying please attach the saplogonticket issued for system XX.

regards,

Marco

Former Member
‎01-20-2005 9:36 AM
0 Kudos

so you want the SAP logon ticket to have the userid/password specified in the usermapping, and then your backend system will extract it from the ticket. I do not think this is possible using the "enrich" method.

Very sorry i could not be of much help in this.

This really is an intersting thing that you are trying to do. If you find a solution do let me know.

Thanks, Akhilesh

Ask a Question