Skip to Content
0
Former Member
Sep 26, 2012 at 05:50 AM

Need help with implementing SSO to AS Java

138 Views

Hello,

I have implemented SSO to AS ABAP & BSP pages using NW SSO, and am now looking to expand this to AS Java.

However, i am not able to get the AS Java pages to accept the ticket.

My system is ERP 6.0 dual stack and i have implemented SSO using X.509 tickets. When my customer signs in to his windows desktop, the Netweaver SSO client has a ticket issued (valid for 1 day) from the SSO server. He then uses this ticket to login to AS Abap.

The same ticket can also be seen in "IE -> Tools -> Internet Options -> Content -> Certificates". He uses this to SSO to BSP pages. But when he opens any AS Java page it prompts him for a user/password.

Steps done:-

1.) Created SSL/HTTPS cert and imported into Visual Admin - HTTPS is enabled

2.) Trust established between the 2 systems. - Exported logon Keypair from SSO server & imported to ERP java.

3.) Import Root CA's of SSO server to trusted CA's keystore view of ERP java

When the user tries the AS Java URL, he is asked for a user/password and this is what is see in the security log.

LOGIN.OK

User: (User ID)

Authentication Stack: ticket

Login Module Flag Initialize Login Commit Abort Details

  1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule OPTIONAL ok true true
  2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok false false
  3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false false

The EvaluateTicketLoginModule is true & login says true, but he is still on the user/password screen!!

Has anyone faced this before and am i missing out on any step?

The ticket on his browser has a CN = <User ID> and thats the one being used.

Thanks,

Shanser