Portal COOKIE

What I am trying to do is this

a. In a Java iView read the SSO Cookie

b. Pass this encrypted string to an RFC

c. The RFC should decrypt it

Why I am doing this? I want my RFC's to work only if the request is comming from a trusted portal server.

I am aware that by doing this the RFC cant be reused by any other application.

Thanks and Regards,

Prasanna Krishnamurthy

Hello Prasanna,

Not sure if this is what you are looking for, but you can take a look at the class <b>CL_HTTP_ENTITY</b>, which I think is gonna be helpful to you.

Regards,

Anand Mandalika.

Prasanna,

well, the user id actually is not encrypted in the mysapsso2 cookie. You could read it in plain text, if you just knew the data structure (which has not made public). But: What for do you need to explicitely inspect the mysapsso2 cookie?

I assume, you are writing some ABAP based web application (i.e. BSPs), right? Now, you like to do some SSO between EP and your application. This can be realized without custom coding by simply configuring the target system properly. Transaction STRUSTSSO2 should help you out. Also take a look at the relevant securityguides for your systems (available at service.sap.com/securityguide)

Regards,

Dominik

I also couldn't read the client cookie mysapsso2 via the normal abap way to read a clientside cookie .

call method request->get_cookie
    exporting
      name = 'MYSAPSSO2'
    importing
      value = application->sso_id.

But you can read it just fine via this javascript function

function ReadCookie(cookieName)
{
 var theCookie=""+document.cookie;
 var ind=theCookie.indexOf(cookieName);
 if (ind==-1 || cookieName=="") return "";
 var ind1=theCookie.indexOf(';',ind);
 if (ind1==-1) ind1=theCookie.length;
 return unescape(theCookie.substring(ind+cookieName.length+1,ind1));
}

[code]