SSO / external web applications

Similar Messages

• SSO to Web Application from Portal

  Hi,
      I am working on a scenario where I need to access a Web Application from the Portal.
      I read about the Application Integrator that is provided by the Portal .
      I wanted to know that can I only have SSO to those Web Application that accept the userid and password and as URL parameters using Application Integrator , ie: those applications that have post method cannot be integrated.
     Please help me out with clearing this doubt.
  Thnx,
  Pravesh Puria.

  Hi  Abdulbasit ,
      Please give me more details , we have a Lotes Notes Web application hosted on Domino server , another is J2EE based application. I need to achieve SSO to each of these applications from the SAP Portal.
     I followed the below listed steps:
     Created two systems one for each Web application based on the template generated from the application integrator. I entered the user mapping values for both the systems.
     I also created two IViews. When I preview , the logon page of the web application opens but the user credentials are not passed to the application.
     Please help me with the steps to achieve the SSO , from the reply I interpret that Logon ticket method was used to achieve the SSO and user mapping.
      My email id is : [email protected]
      It will be of immense help to me.
  Thnx,
  Pravesh Puria.

• SSO to web application

  Hello all,
  Okay, I'm trying to accomplish SSO between EP5.0 and an existing web application and am having little luck.  Basically, the web app will be called in the portal and I need to somehow pass the web app the userid/pswd that is stored in a user mapping entry in the portal (userid is not the same as the portal userid).  In retrieving the usermapping info, the pswd is encoded (obviously for security reasons).  So, anyone have an idea as how to a) get the usermapping info and b) pass it to the web app.  (I've tried using a session cookie, but it does not appear be globally visible).
  Cheers,
  Mike

  I'm not familiar with EP5.0, but I think maybe using URL rewriting can accomplish SSO.
  But I am worry about if this method will encode the password.

• SSO from Web Application to EP

  Hi,
  We have a requirement where we have to provide SSO from some web application to Portal (EP6 SP15).
  This web application will be having link to portal on its pages.
  User store for Web Application and Portal is different.
  This Web Application can be accessed from Internet.
  We have not yet decided about accessing Portal from internet.
  Is there any solution to this? Is this doable??
  I have looked at thread
  SSO from .Net application to SAP Portal
  can anyone provide more information??
  Thanks in advance

  Hi Santosh,
  there is not much to explain. It your web app side, you must have some matching table between webAppUser and the portal users and their passwords, like:
  webAppUser1  portalUserA  xy56123
  webAppUser2  portalUserB  g6324s3
  Your own "integration" checks which user is logged on, takes the portal user name and password and calls the portal with the parameters "j_user" and "j_password" (and "login_submit=true"); for example via the client and a form where these values are put in and the target is requested per POST. And that's it. For the form (including the pwd) would be send to the client from your webApp server, you definitely should use https at least, as already stated.
  Hope it helps
  Detlev

• SSO for Web Application

  Hi,
  I developed a web application by using a simple web project witch I integrated to Netweaver (deployed the war file).
  If the application starts, the customer have to login on a server with username and password to get a session. That works fine.
  Now I want to use SSO to get a session from the current user using his Netweaver username and password.
  I can get the username with UMFactory but how can I get the password? I already tried to use IUserMappingService but therefore I have to reference com.sap.portal.usermapping in the portalapp.xml witch I donu2019t have in my web project.
  Do I need to create a Portal project or a Web Dynpro project? What I have to do to get the password from the current user?
  Thank you
  Martin Brandl

  Hi Martin
  Pls check this link http://help.sap.com/saphelp_nw70/helpdata/En/f8/9636eedafe8b4589cd6e9e4e73fd3c/frameset.htm
  Regards
  Ajay

• SSO for Web applications

  Hi,
  I want to implement SSO between my portal and web applications. i found some documents but not sufficient information. what would be the correct source of information if i want to impalement SSO between Portal and Web server(non SAP).
  Any help is appreciated.
  Thanks,
  Damodhar.

  Hi,
  i have gone through the some documentation, i am giving the links to help for the others if anyone go through this thread in future.
  Logon tickets for the sap and non sap systems, it's good.
  SAP Logon Ticket-based Single Sign-On
  SSO with SAP logon ticket- Security issues
  SSO with SAP Logon Ticket - security issues
  we have another document but the document has been moved to another link, can you suggest me link for the following document.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/enabling single sign-on from sap j2ee engine to non-sap java applications.article
  the above link has been moved, can anyone suggest me the correct link for the above document.
  Thanks,
  Damodhar.

• Accessing the external web application through web clipping portlet

  We have configured the web provider with the following details:
  1) Accessed the web provider with the
  URL
  http://hostname/portalTools/webClipping/providers/webClipping
  2) Accessed Edit link beside the HTTP Proxy under Provider Configuration.
  logged in as Portal Administrator.
  We haven't changed any values in Repository Settings.
  Under Proxy Settings
  Configured the HTTP proxy field with proxy server name e.x: proxy2.company.com.This is configured to browser
  wherver my application server is installed.
  portnumber value configured as 8080
  Checked the Requires Authentication.
  Selected Type as "Type"
  Realm value configured e.g: AD AUTHENTICATION Do not prefix mycomp\ with the
  username
  selected "Use login below for all users"
  configured the user name /password which I used to access my internet sites. (googl.com)
  All the above steps for provider configuration.
  login to portal for configuring webclipping portlet to a page.
  Followed the below procedure to add web clipping portlet to a page.
  1) From the portlet Repository, selected web clipping portlet and entered the URL location value as http:// www.google.com
  2) In the next step , It has thrown the below exception.
  An exception has occurred : oracle.portal.wcs.transport.http.HttpTransportException WCS-519 -- HTTP Proxy
  Authentication failed for proxy proxy2.mycomp.com:8080 with authentication of
  type "Basic" at realm "AD AUTHENTICATION Do not prefix mycomp\ with the
  username". Update your proxy login information in the Edit Defaults /
  Personalize page to authenticate.
  Please click "Cancel" or "Back" in the above panel (if present) to retry. Otherwise, please try to click "Back" (from
  the browser) to go back to the Oracle Portal page to restart.
  We have checked manually the provider.xml file for webclipping provider and the
  configured details are available in provider.xml file.
  Please let us know, what could be the problem and try to provde a solution at the earliest.
  This is very critical issue for us.if anybody have any suggestions on this , please do let us know.
  Regards,
  -Venu

  Either the login information is not correct (it explains it should not be domain\username but just username) or the authentication format from your Microsoft proxy server (Kerberos?) is not compatible with the Web Clipping portlet. You might get a better reply in the Portal forum about supported proxy authentication methods for the WebClipping portlet.

• SSO to Web application – Cookies blocked in IE

  Hi Experts
  I need to create SSO to a webpage (that contains a standard html login form) into a NetWeaver 2004 Portal
  I have used the App Integrator iView and it all seems to work fine except cookies are block in the user’s Internet Explorer and therefore the logon screen is shown instead.
  The website is located on another domain, which I guess is why cookies are blocked. If a user enables cookies from this specific site then it works fine.
  Anyone have a workaround on how to solve this issue? Hopefully I don't need to tell all users that they have to change their IE settings.
  Would it help if I create a sub-domain for the website in the portal setup which hopefully should resolve in that the website and portal are located in the same domain?
  Thanks in advance
  Cheers
  John

  Are the two domains within the same subdomain at all?  In which case, you could use domain relaxing...
  See note 701205 and the property ume.logon.security.relax_domain.level
  Hope this helps,
  Darren

• "SSO" for non-sap web application using SAPGUI to browse?

  I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
  To strengthen the authentication in the web app, I wanted to implement SSO 
  authentication as we pity the users for having to remember so many strong pw's and I
  dont like LDAP based pw sync or other technology I dont understand, because then we are
  just yet another application with the same pw...
  We are having technical problems implementing SSO on the web app side, and are anyway a
  bit sceptical about the user admin / role admin assignment if we get it to work.
  So I have created a transaction in SAP which browses the web app and the intention is to
  send the SAP sy-uname as the web app user. We can control this using s_tcode, and
  an own auth object on the WAS side and a check on the session type before the connection is
  established. In this sense we are dependent on the SAP concept implemented, but even so:
  The role assignment is controlled in the web app itself -> so assume that I am not overly
  worried about unauthorized access to the web application, as they would not have any
  system role for it as their sy-uname does not exist. (Infact we can monitor this)
  The browser on the front end is the SAPGUI with html controls on the SAP side.
  I would be interested in knowing whether anyone else has experience with this approach, and
  whether there are any areas to be carefull of?
  I would also like to know whether this is a strategic error?
  Kind regards,
  Julius

  Hi Julius,
  well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
  a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
  But for non-SAP web applications that does not help.
  In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
  Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
  In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
  Cheers, Wolfgang

• How to upload documents to DMS from web application externally

  We have a webdynpro based J2EE application. We want to create a SAP DMS ( KPRO ) document using this web application externally.
  Any inputs on this scenario ?
  I am able to create similar using an ABAP report which reads the client file and create the DMS document using BAPI_DOCUMENT_CREATE.
  How do we achieve this using external web application ..
  Please HELP in this.
  Thanks..

  Hi Divya,
  Good day...!
  A custom UI component will berrequired to upload the data from a Flat File into CRM WEBUI.
  The View in this UI Component can have 2 fields lets say u2013  ID and File to Upload and a button 'upload'.
  When the UPLOAD button is clicked , the event u2018ONFILEUPLOADu2019 is triggered.
  A Javascript function u2018fileUpload()u2019 reads the Excel file and formats the data in the form of a long string with Line Breaks corresponding to each row in the excel file. This string is stored in a Hidden HTML form element u2018Excel_Datau2019.
  In the Event Handler for u2018ONFILEUPLOADu2019, the hidden form element u2018EXCEL_DATAu2019 is read and retrived.
    lv_file_data = request->get_form_field( name = lv_excel_data ).
    me->lv_id = request->get_form_field( name = lv_schema_id ).

• Looking up external JNDI (JBOSS Namely) from web applications.

  Hi,
  I am unable to look up names bound to JBOSS JNDI from external web apps.
  Dump of the JBOSS JNDI
  java: Namespace
  +- XAConnectionFactory (class: org.jboss.mq.SpyXAConnectionFactory)
  +- DefaultDS (class: javax.sql.DataSource)
  +- SecurityProxyFactory (class: org.jboss.security.SubjectSecurityProxyFactory)
  +- ABTestDS (class: javax.sql.DataSource)
  +- DefaultJMSProvider (class: org.jboss.jms.jndi.JNDIProviderAdapter)
  +- comp (class: javax.naming.Context)
  +- JmsXA (class: org.jboss.resource.adapter.jms.JmsConnectionFactoryImpl)
  +- ConnectionFactory (class: org.jboss.mq.SpyConnectionFactory)
  +- jaas (class: javax.naming.Context)
  | +- JmsXARealm (class: org.jboss.security.plugins.SecurityDomainContext)
  | +- jbossmq (class: org.jboss.security.plugins.SecurityDomainContext)
  | +- HsqlDbRealm (class: org.jboss.security.plugins.SecurityDomainContext)
  +- timedCacheFactory (class: javax.naming.Context)
  Failed to lookup: timedCacheFactory, errmsg=null
  +- TransactionPropagationContextExporter (class: org.jboss.tm.TransactionPropagationContextFactory)
  +- StdJMSPool (class: org.jboss.jms.asf.StdServerSessionPoolFactory)
  +- Mail (class: javax.mail.Session)
  +- TransactionPropagationContextImporter (class: org.jboss.tm.TransactionPropagationContextImporter)
  +- TransactionManager (class: org.jboss.tm.TxManager)
  +- hibernate (class: org.jnp.interfaces.NamingContext)
  | +- SessionFactory (class: org.hibernate.impl.SessionFactoryImpl)
  Global JNDI Namespace
  +- XAConnectionFactory (class: org.jboss.mq.SpyXAConnectionFactory)
  +- UIL2ConnectionFactory[link -> ConnectionFactory] (class: javax.naming.LinkRef)
  +- UserTransactionSessionFactory (proxy: $Proxy11 implements interface org.jboss.tm.usertx.interfaces.UserTransactionSessionFactory)
  +- HTTPConnectionFactory (class: org.jboss.mq.SpyConnectionFactory)
  +- console (class: org.jnp.interfaces.NamingContext)
  | +- PluginManager (proxy: $Proxy37 implements interface org.jboss.console.manager.PluginManagerMBean)
  +- UIL2XAConnectionFactory[link -> XAConnectionFactory] (class: javax.naming.LinkRef)
  +- UUIDKeyGeneratorFactory (class: org.jboss.ejb.plugins.keygenerator.uuid.UUIDKeyGeneratorFactory)
  +- HTTPXAConnectionFactory (class: org.jboss.mq.SpyXAConnectionFactory)
  +- topic (class: org.jnp.interfaces.NamingContext)
  | +- testDurableTopic (class: org.jboss.mq.SpyTopic)
  | +- testTopic (class: org.jboss.mq.SpyTopic)
  | +- securedTopic (class: org.jboss.mq.SpyTopic)
  +- queue (class: org.jnp.interfaces.NamingContext)
  | +- A (class: org.jboss.mq.SpyQueue)
  | +- testQueue (class: org.jboss.mq.SpyQueue)
  | +- ex (class: org.jboss.mq.SpyQueue)
  | +- DLQ (class: org.jboss.mq.SpyQueue)
  | +- D (class: org.jboss.mq.SpyQueue)
  | +- C (class: org.jboss.mq.SpyQueue)
  | +- B (class: org.jboss.mq.SpyQueue)
  +- ConnectionFactory (class: org.jboss.mq.SpyConnectionFactory)
  +- UserTransaction (class: org.jboss.tm.usertx.client.ClientUserTransaction)
  +- jmx (class: org.jnp.interfaces.NamingContext)
  | +- invoker (class: org.jnp.interfaces.NamingContext)
  | | +- RMIAdaptor (proxy: $Proxy36 implements interface org.jboss.jmx.adaptor.rmi.RMIAdaptor,interface org.jboss.jmx.adaptor.rmi.RMIAdaptorExt)
  | +- rmi (class: org.jnp.interfaces.NamingContext)
  | | +- RMIAdaptor[link -> jmx/invoker/RMIAdaptor] (class: javax.naming.LinkRef)
  +- HiLoKeyGeneratorFactory (class: org.jboss.ejb.plugins.keygenerator.hilo.HiLoKeyGeneratorFactory)
  +- UILXAConnectionFactory[link -> XAConnectionFactory] (class: javax.naming.LinkRef)
  +- UILConnectionFactory[link -> ConnectionFactory] (class: javax.naming.LinkRef)
  I have an external web application that has
  jndi.properties in the classpath -- JBOSS is running on localhost
  java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
  java.naming.provider.url=jnp://localhost:1099
  java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
  web.xml for my external webapp
  <resource-ref>
  <res-ref-name>jdbc/ABTestDS</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  </resource-ref>
  <resource-ref >
  <res-ref-name>hibernate/SessionFactory</res-ref-name>
  <res-type>net.sf.hibernate.SessionFacory</res-type>
  <res-auth>Container</res-auth>
  </resource-ref>
  Mycode:
  try {
  Context ctx = new InitialContext();
  sessionFactory = (SessionFactory) ctx.lookup("java:comp/env/hibernate/SessionFactory");
  } catch (ClassCastException cce) {
  throw new ServiceLocatorException(cce);
  } catch (NamingException ne) {
  throw new ServiceLocatorException(ne);
  I get a NamingException.
  Any hints would be really appreciated.
  thanks
  MH

  I have hte same question
  Hey DID you figure it out?
  let me know please
  maybe by email:
  [email protected]
  THANKS A LOT

• Passing Parameters via Post Method from Webdynpro Java to a web application

  Hello Experts,
  I want to pass few parameters from a web dynpro application to an external web application.
  In order to achieve this, I am referring to the below thread:
  HTTP Post
  As mentioned in the thread, I am trying to create an additional Suspend Plug parameter (besides 'Url' of type String) with name 'postParams' and of type Map.
  But when I build my DC, I am getting the same error which most of the people in the thread have mentioned:
  Controller XXXCompInterfaceView [Suspend]: Outbound plug (of type 'Suspend') 'Suspend' may have at most two parameters: 'Url' of type 'string' and 'postParams' of type 'Map'.
  I am using SAP NetWeaver Developer Studio Version: 7.01.00
  Kindly suggest if this is the NWDS version issue or is it something else that I am missing out.
  Also, if it is the NWDS version issue please let me know the NWDS version that I can use to avoid this error.
  Any other suggestion/alternative approach to pass the parameters via POST method from webdynpro java to an external web application apart from the one which is mentioned in the above thread is most welcome.
  Thanks & Regards,
  Anurag

  Hi,
  This is purely a java approach, even you can try this for your requirement.
  There are two types of http calls synchronous call or Asynchronous call. So you have to choose the way to pass parameters in post method based on the http call.
  if it is synchronous means, collect all the values from users/parameters using UI element eg: form and pass all the values via form to the next page is nothing but your web application url.
  If it is Asynchronous  means, write a http client in java and integrate the same with your custom code and you can find an option for sending parameters in post method.
  here you go and find the way to implement Asynchronous  scenario,
  http://www.theserverside.com/news/1365153/HttpClient-and-FileUpload
  http://download.oracle.com/javase/tutorial/networking/urls/readingWriting.html
  http://digiassn.blogspot.com/2008/10/java-simple-httpurlconnection-example.html
  Thanks & Regards
  Rajesh A

• Integration of a Web Application

  Hi all,
  I am looking for a smart way to realize in ABAP a call of an external web application from a R/3 screen
  - with exchanging data back and forth,
  - with the R/3 to hold on until web app. sends data back
  - with the web app. to run a separate Internet Explorer window (not the one within SAP GUI).
  The web app. shall calculate the conditions for a quotation. So the user calls VA21 in R/3 (ECC5.0). On the conditions screen there will be a button “web.app” (comes there through modification). Pressing that button the Web Calculation App. will start in an Inter Explorer window. The user enters information here, some information already had to be received from SAP call. When the user finishes in the web appl. the results (conditions) shall appear in the condition lines of VA21.
  How can I do it?
  I know there is the demo report SAPHTML_DEMO1 using html_control techniques. But this opens always in a SAP GUI IE window. The web application wouldn’t work here as it has some PopUp windows. The SAP GUI IE opens the PopUp in the real Internet Explorer and here the session is lost.
  I know the FB CALL_BROWSER. But I wouldn’t know, how to get information back to SAP this way and how to make the R/3 Screen stop just until the web app. has finished.
  Any ideas? Thanx!
  Karsten

  I was thinking of something like:
  You create an R3 transaction that does the processing that you need and saves the data in a Z table.
  Then create a service file that will run this transaction on the web. You will probably have to use an anonymous logon with the userid and password in the service file.
  Modify VA21 (hopefully through user exits or BADIs) so that it can call FM CALL_BROWSER with the url of the new service. Before the browser is called, it would have to lock some object – probably the row of data in the Z table that will be entered.
  The web enabled transaction will have to unlock the data that was locked before the call to the browser when it completes.
  After any key is pressed in VA21, if the lock object is still set, you will have to let the user know that the web transaction has not completed (he or she may have closed the session or forgotten about it). Then give the user the option of continuing without the web data or going back to complete the web session. You have to decide what to do if they want to continue without the web data. It would have to be able to do the unlock.
  If the web transaction tries to unlock the data but it’s not locked, it means that the lock was released by VA21. In this case, the transaction should not save the data.
  This analysis is quick and probably very incomplete, but it may give you some ideas on how to proceed.
  Good luck.
  Rob

• Delivering serialized session or logon token to external web app?

  Hello,
  I have the following situation, the user logs into SAP BO 4.0 Launch pad application, he needs to start our external web application and therefore we created an hyperlink. The application opens in a new tab, that's running fine. Our application uses BO SDK to provide some functionality (browse user SAP folders, reports or so), and therefore we need to log in into the current user session.
  Is there any way to deliver either the serialized session or logon token to external application? Are there any internal variables to be used? Or should I use totally different approach? 
  There would be a workaround by delivering just the current BO user name to the external app, and than using a separate (administrators) login to fetch only the current user's data. But this I guess is not the right way to do the job.
  Any help is greatly appreciated

  Hi Martin,
  I am facing same situation than you and I also considered using the trusted authentication until I reads following statement in java docs
  To enable trusted authentication on a client machine, create a text file named TrustedPrincipal.conf on the client machine and add the following text:
  SharedSecret=<secret>
  where <secret> is the trusted authentication shared secret configured in BusinessObjects Enterprise.
  So, if the external web app may be launched from any user this would mean having to install this file in all BI LaunchPad desktop computers. It isn´t? This does not sound very elegant. Is this what you did?
  Thanks

• How to update survey in Complaint from developed web application

  Hello,
  We've setup complaint management including the usage of surveys within a complaint document.
  Complaint documents are accessed using the SAP GUI but will also be maintained using a newly developed application in the Enterprise Portal.
  To access the survey using the external web application I need to know how to call the URL for the survey within a complaint transaction. I know how to setup the survey parameter xml but that allows me to call the survey irrespective of a transaction document. How do I call a URL that allows me to bring up a survey stored within a complaint document (is there for example a parameter I can pass to the URL indicating the GUID of the document the survey is in?
  Thanks,
  Patrick

  I have used local ejbs in other application servers, WebSphere and JBoss, from discrete web applications running in the same VM as the ejbs. The requirement for local interfaces is that the ejb and client be running in the same VM. Maybe Weblogic is different in that respect, but I doubt it. Why marshal data through a Remote interface when both components are in the same VM?
  I have gone through the Weblogic documentation and have not been able to find an answer to my question, which is why I posted the original question the way I did. Weblogic does not put the ejb in the jndi namespace, but the ejb can be acquired through jndi. In the Weblogic console deployments view I can see the bean deployed as CustomerBean, but there is no clue as to its jndi name. This forum is peppered with different schemes for accessing an ejb, but none of those has worked for me, hence the different names I tried.