Skip to Content
Former Member
Sep 04, 2012 at 03:16 PM

SAP logon ticket SSO between J2EE applications



We've implemented SAP E-commerce for ERP which is a J2EE application. SAP J2EE server and ECC backend are in Intranet. SAP J2EE engine's UME is pointed to ABAP UME. In XCM of the B2B application, we've used user type as "R3_SU01UserContactPerson". With this setting the login page is served by the application (user/logon/login.jsp) and the authentication is perfomed directly against the ABAP backend using RFC SUSR_LOGIN_CHECK_RFC.

In above scenario the authentication is happening in intranet. Due to security concerns we need to do the authentication in DMZ. For this we are planning to install a stand-alone SAP J2EE server in DMZ and point its UME to an LDAP. This LDAP will have the same user ids as in ABAP UME. We want to deploy a J2EE application in this application server to serve login pages and authenticate against LDAP. Then configure this DMZ J2EE server to issue a SAP logon ticket and the J2EE server in Intranet to accept logon ticket. We don't have portal. Is it possible to achieve this without portal? How can we configure J2EE applications on two different J2EE servers to SSO using logon tickets?

Appreciate any pointers to resolve this issue?