We are working at exposing some SAP functionality externally and need a way to authenticate external users but not have them re-authenticate as they bounce around external content.
- We already have an external portal (.Net)with it's own custom logon module( .Net).
- At this point we can't take on reworking that portal or it's logon module for external users.
- We have just put ADFS in place and tested it with SAP.
- We plan a design that will have users authenticate on the custom .Net logon module and then we will somehow use ADFS to issue the SAML assertion based on the custom logon module authentication. We haven't worked out these details but maybe cookie based and a custom logon in ADFS. We want to do this because it will position us on SAML but allow us to use the old module until a total rework is in the budget. all of this bullet point is background but not pertinent to my question.
- Once an external user authenticates we need a way to provide a persistent cookie so they won't be asked to reauthenticate in that session.
- We would prefer to not use the portal.
So here's the question. Once the user hits the SAP box with the SAMLassertion that box can issue a logon ticket. Can that ticket be used on the same box from which it was issued? If not has anyone done any work to programmatically fetch a ticket into the browser session. We just want them to hit the sap box once via SAML and subsequent re-visits use the SSO ticket. (With no portal.)
Thanks for your help,
Edited by: Doug Steckel on Aug 24, 2011 11:52 AM