Skip to Content
author's profile photo Former Member
Former Member

Portal COOKIE

Whenever a user logs into portal a cookie named MYSAPSSO2 is created. This encrypted cookie contains the logged in user name. This cookie is used to do Single Sign On to R/3 and other external systems. My question is

In ABAP, Has anyone tried to extract the user name from MYSAPSSO2 cookie issued by portal?

If yes kindly tell us how it was done.

The cookie can be decrypted by using the portal system certificated installed in R/3.

Thanks and Regards,

Prasanna Krishnamurthy

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Feb 23, 2005 at 11:09 AM

    What I am trying to do is this

    a. In a Java iView read the SSO Cookie

    b. Pass this encrypted string to an RFC

    c. The RFC should decrypt it

    Why I am doing this? I want my RFC's to work only if the request is comming from a trusted portal server.

    I am aware that by doing this the RFC cant be reused by any other application.

    Thanks and Regards,

    Prasanna Krishnamurthy

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Dominik,

      Thanks.

      I dont want to check for the validity of user as I am using User Mapping in portals. I just want to ensure that the RFC can be executed only by a trusted portal server.

      Let me go thorugh the JCO documentation again.

      Thanks and Regards,

      Prasanna Krishnamurthy

  • author's profile photo Former Member
    Former Member
    Posted on Feb 21, 2005 at 09:32 AM

    Hello Prasanna,

    Not sure if this is what you are looking for, but you can take a look at the class <b>CL_HTTP_ENTITY</b>, which I think is gonna be helpful to you.

    Regards,

    Anand Mandalika.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 21, 2005 at 02:40 PM

    Prasanna,

    well, the user id actually is not encrypted in the mysapsso2 cookie. You could read it in plain text, if you just knew the data structure (which has not made public). But: What for do you need to explicitely inspect the mysapsso2 cookie?

    I assume, you are writing some ABAP based web application (i.e. BSPs), right? Now, you like to do some SSO between EP and your application. This can be realized without custom coding by simply configuring the target system properly. Transaction STRUSTSSO2 should help you out. Also take a look at the relevant securityguides for your systems (available at service.sap.com/securityguide)

    Regards,

    Dominik

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Feb 21, 2005 at 03:42 PM

    I also couldn't read the client cookie mysapsso2 via the normal abap way to read a clientside cookie .

    call method request->get_cookie
        exporting
          name = 'MYSAPSSO2'
        importing
          value = application->sso_id.
    

    But you can read it just fine via this javascript function

    function ReadCookie(cookieName)
    {
     var theCookie=""+document.cookie;
     var ind=theCookie.indexOf(cookieName);
     if (ind==-1 || cookieName=="") return "";
     var ind1=theCookie.indexOf(';',ind);
     if (ind1==-1) ind1=theCookie.length;
     return unescape(theCookie.substring(ind+cookieName.length+1,ind1));
    }

    [code]

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.