You can use logon ticket for the implementation you want to do. For security issues you are talking about then you can use the SSL connection for the client who is accessing the SAP Enterprise portal. For SAP Logon Ticket see the login modules CreateTicketLoginModule and EvaluateTicketLoginModule
Initially set the ume.configuration.active = true
For the security related issues ypu can set the following properties in the login modules
1) ume.logon.security.enforce_secure_cookie to TRUE.
Marks the SAP logon ticket as a secure cookie, to enforce that the client browser sends the cookie only when an SSL connection to the J2EE Engine or the reverse proxy is established.
2) ume.logon.httponlycookie to TRUE
If true, the SAP logon ticket is set to HttpOnly. This prevents it from being read by malicious client-side script code such as JavaScript. The setting is only effective for clients that use Microsoft Internet Explorer 6.0 SP1 or higher.
I would suggest to use the 1st option as SAP also recommend the use of SSL connection for Logon Tickets.
I wish this could help you a bit.
Thanks and with regards
Pravesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.