cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to retrieve SSO logon details in a bsp page

Former Member

on ‎03-29-2005 12:28 PM

0 Kudos

Hi ,

I am developing a BSP application , i want to retrieve user logon details in BSP environment . It is assumed that user will logon to SSO before accesing this application .

Any pointers in this regard are highly appreciated .

Regards,

Ashok

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member181879
Active Contributor
‎04-15-2005 11:14 PM
0 Kudos

First, the SSO2 cookie is a browser cookie and have nothing to do with server side cookies. Next, it is stripped from the incoming HTTP request, and not available via a request->get_cookie call. Finally, the SSO2 is about 1.5KB of digital binary stuff. Unfortunately, no API is available that helps you to read the information from the SSO2 cookie.

Show replies
Show replies
Former Member
‎03-29-2005 1:05 PM
0 Kudos

Several options, one typical way is the following.


  DATA: RETURN TYPE TABLE OF BAPIRET2,
        user_data TYPE BAPIADDR3.

  CALL FUNCTION 'BAPI_USER_GET_DETAIL'
    EXPORTING
      USERNAME = SY-UNAME
    IMPORTING
      ADDRESS  = user_data
    TABLES
      RETURN   = return.

  usrdept = user_data-DEPARTMENT.
  usremail = user_data-E_MAIL.
  usrfullname = user_data-FULLNAME.
  usrlang = user_data-LANGU.
  usrname = user_data-FIRSTNAME.

Once logged in the user name is stored in the SY-UNAME and that method above gives back several pieces of data, the example there doesn't use all the data just some of it.

Show replies
Show replies
Former Member
‎03-29-2005 2:17 PM
0 Kudos

Hi craig ,

I need to know the SSO details not the user details . I mean with one Single Sign On , user can access so many systems , here i need to save details regarding SSO not system specific details .

SSO has some extra details which are not system specific and i need those details as well .

I hope i am clear in explaining the problem .

Former Member
‎03-29-2005 2:27 PM
0 Kudos

Here is the link for the docs on Single Sign On:

http://help.sap.com/saphelp_47x200/helpdata/en/5c/ced9382c378319e10000000a114084/frameset.htm

However single sign on passes the user from system to system for example using SSO Cookies in which case the cookie contains the info such as http://help.sap.com/saphelp_47x200/helpdata/en/5f/1fbaa04aee11d189740000e8322d00/frameset.htm

Exactly what info is it you want ot keep track of?

Former Member
‎03-30-2005 12:15 PM
0 Kudos

I want to have the SSO login id , Mail id and user name . The user id changes from system to system so SY-UNAME will not help in this case , also mail id are not neccesarily maintained for all sap logon id's .

Can u name any cookies which are set for that SSO .Which have data about user who logged on .

Former Member
‎03-30-2005 1:24 PM
0 Kudos

Sorry, I'm a bit confused.

SY-UNAME is the name of the user logged in with their information, if the person is logged in via SSO then they are logged in and SY-UNAME contains that value.

If some of the data is not maintained for all systems I would read the value in once and save it to a server side cookie.

Perhaps I just compleltely don't understand either your problem or what you are trying to accomplish. The point of SSO is to have 1 single login for all and therefore SSO for all systems in every case I know of is the same unless you are dealing with user-mapping in which case server side cookies or similiar methods hold your session data.

Former Member
‎03-31-2005 6:34 AM
0 Kudos

I need mail ID of the logged on person , which may not be maintained for every system user , also every login user may not have a system ID and can use a common id for logging in .

What i am searching here is a way to get information from cookie you mentioned so that i will get the user's Mail id (SSO specific) .

I hope i am clear this time .

Former Member
‎03-31-2005 7:29 AM
0 Kudos

So you are using a common login across all systems and storing user info in a cookie or at least this is what you want. Strange way to do it but OK.

Check out:

Weblogs:

/people/thomasalexander.ritter/blog/2005/03/07/bsp-stateless-modelbinding--proof-of-concept

/people/eddy.declercq/blog/2005/01/13/the-unfortunate-cookie

/people/mark.finnern/blog/2003/09/24/bsp-in-depth-confusion-between-stateless-stateful-and-authentication

Former Member
‎03-31-2005 9:16 AM
0 Kudos

Its not common login across all systems , its common login for several users in one system and the distingushing entity among all these users is that they will logon with their SSO iD's though their system logon id is same .

I am able to get SSO cookie data with java code but this will not work in BSP .

If i use following code :-

CALL METHOD CL_BSP_SERVER_SIDE_COOKIE=>GET_SERVER_COOKIE EXPORTING NAME = 'MYSAPOSS2' APPLICATION_NAME = runtime->application_name APPLICATION_NAMESPACE = runtime->application_namespace USERNAME = name SESSION_ID = runtime->session_id DATA_NAME = '?????????'

CHANGING DATA_VALUE = page_data.

what should be the value for parameter data_name ?

Can i get information as to how to set this cookie so that i can get it in same way .

Former Member
‎03-31-2005 9:50 AM
0 Kudos

All of those links I gave you above don't help?

Former Member
‎04-01-2005 8:27 AM
0 Kudos

Nope .

I am able to get data from client side cookie 'MYSAPSSO2' , but it seems to be in encrypted form . Do you have any idea regarding this ?

Former Member
‎04-02-2005 11:14 AM
0 Kudos

Hi,

The method to set cookie:

CALL METHOD cl_bsp_server_side_cookie=>set_server_cookie

EXPORTING

name = 'uid_name'

application_namespace = runtime->application_namespace

application_name = runtime->application_name

username = sy-uname

session_id = runtime->session_id

expiry_date_abs = sy-datum

  • expiry_time_abs = sy-uzeit

data_name = 'uid_cookie'

data_value = user.

And the method to get / read ccokie:

CALL METHOD cl_bsp_server_side_cookie=>get_server_cookie

EXPORTING

name = 'uid_name'

application_namespace = runtime->application_namespace

application_name = runtime->application_name

username = sy-uname

session_id = runtime->session_id

data_name = 'uid_cookie'

IMPORTING

expiry_date = sy-datum

  • expiry_time = sy-uzeit

CHANGING

data_value = user.

I hope this will help u to create/read server side cookies for user and further can easily use any func mod to get the user details.

Re

Jignesh

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
‎04-16-2005 5:30 PM
0 Kudos

Please notice that this information (mail address) is not required for SSO purposes but an additional user attribute. BAPI_USER_GET_DETAIL is the appropriete BAPI for obtaining that information. It is the task of the user management system to distribute this information to all relevant systems (=> user provisioning); for ABAP systems you can use the CUA (Central User Administration) to achieve this.

The SAP logon ticket (transmitted as session cookie MYSAPSSO2) does not contain that information; the SAP logon ticket is not encrypted but digitally signed (and then Base64 encoded). It contains the information which system has issued the ticket (+ timestamp + validity timeframe) and which user has been authenticated by that issuing system.

Please notice that there are other SSO mechanisms, e.g. X.509 client certificates and SAML authentication assertions (just to mention a few).

You cannot expect SSO mechanisms to provide any other data than authentication information.

Kind regards,

Wolfgang

Ask a Question