Skip to Content
Former Member
Apr 27, 2005 at 12:28 PM

How to secure a web service with the Logon Ticket


Hi there,

I'm trying to secure the web service exposed by an EJB by using SAP Logon Tickets. The application is written and deployed on WAS 640 SP 9.

There is a radio button in the configuration pane for my web service in NWDS labeled "Use SAP Logon Ticket"; there is a corresponding radio button in the configuration pane for the Deployable Proxy that accesses the service. Unfortunately, both seem to be purely ornamental, as selecting or unselecting them has no effect on the behaviour of either endpoint.

The bottom line so far: If I configure the web service to require authentication, I have to pass a username and a password to the logical port of my Deployable Proxy on the client side. Otherwise, the web service call is rejected (error code 401, Unauthorized).

I also tried to achieve usage of the ticket by passing "$MYSAPSSO2$" as the username and the URL-decoded ticket string as the password (as I would do for a JCo connection). If I do so, however, the web service call is also rejected, this time with error code 400 (Bad Request)

Does anybody have a working example for a web service accessed by a Deployable Proxy and secured on both ends with the Logon Ticket?

Kind Regards