SSO for a Webdynpro App

Similar Messages

• Custom Login for each WebDynPro App

  Hello All,
  We are trying to develop non-Portal WebDynPro applications. Since, checking the authentication box for the WebDynPro Applications will always cause the standard UME Login Screen to appear, I was wondering if this can be customized such that I have different one for <b>each</b> Application.
  This is not about customizing Portal Login Screen.
  Thanks,
  Kiran

  Pran,
  Thank you so much for the reply.
  I have implemented it in a different way. I have a normal login jsp taking username/pwd and with the "action" pointing to a servlet. The servlet has the following code.
  IUser user = UMFactory.getAuthenticator().getLoggedInUser(request, response);
            if (null == user) {
                 try {
                      UMFactory.getLogonAuthenticator().logon(request, response, "uidpwdlogon");
                 } catch (LoginException e) {
                 RequestDispatcher rd = request.getRequestDispatcher("unauthorised.html");
                 rd.forward(request, response);
            response.sendRedirect("http://localhost:50000/webdynpro/dispatcher/local/Welcome/MyWebDynProAppl?SAPtestId=2");     
  I saw that there was a cookie being generated MYSAPSSO2.
  Now, my question is, How different is this approach compared to yours? I looked at the "Security provider" for my application in Visual admin and saw that the authentication template is "no" with just BasicPasswordLoginModule/Sufficient/{}.
  Is this anyway less/more secure than what you mentioned?
  Also, what do u suggest as a better way of redirecting? Is response.sendredirect the only option?
  Do you know what "SAPtestId=2" mean in the URL of the webdynpro application that I need to redirect to?
  Thank you,
  Kiran

• SSO for 'external' partner apps

  Is it possible to use oracle's SSO product with applications written in various languages (php/perl/coldfusion/.net,etc) on non-oracle servers.
  ie, if i have a php application that sits on a server entirely separate from the oracle app server or SSO server, is there documentation that allows me to write code that hands-off authentication responsabilities to the SSO. so, the php application would verify that a user is presenting a login cookie, and speak to the sso server in the backend to verify that the login cookie is valid, etc.
  Thanks very much for any help you can provide!

  I have similar kind of requirements for Single sign-on to external web applications.
  But in my applications I have to auto-generate random userid & password for different external web applications.
  These uids & password are exported to external applications, which upon recieving creates user in their applications.
  So, actual user will never have access to these credentials(uid &pwd).
  So, how can I cutomize the Portlets to do the first time SSO when user is created & their credentials to external apps are stored to OID.
  Any idea Barry..
  Bye

• SSO for some SAP Apps, but forced login for the sensitive data application

  We have R/3 4.7 (Enterprise), with EP 6.0 and Web AS 6.40.  We have implemented Employee Self Service, as well as CRM, and some BW reports through EP 6.0.  We have a Broadvision Portal that is on top of EP 6.0.  In other words, the employees login to the Broadvision Portal, and authenticate against our Active Directory user store.  Then they will choose the SAP apps listed above, which go through the SAP Portal (EP 6.0)
  We want to allow SSO through EP when users choose either CRM, or BW reports, but we want to force a login when they choose ESS, since this data is more sensitive.  The problem we have had is that when we turn on SSO, it allows the user through for all 3 SAP apps.  My question is: How can we force a login for just ESS, but not for the other 2 apps.
  Thanks.

  Rick,
  I suppose, Eric meant Authentication Schemes ("authschemes") instead of security zones.
  An authentication scheme is essentially a pointer to a JAAS logon stacks on the J2EE Engine plus a frontend ("login screen"). Authentication schemes are assigned numbers ("priorities"), the higher the number the more trustworthy the authentication of the underlying JAAS stack is regarded.
  Example:
  Let's assume you use the default authscheme "uidpwdlogon" for all your iviews. It features a password-based or SAP logon ticket-based logon and is assigned a value of 20. All iviews that have this authscheme set in its "authscheme" property are accessible for you without any further authentication once you have passed this scheme (or any other authscheme with a priority <= 20).
  Now, you set one individual iview to use authscheme "certlogon", which requires an X.509 certificate and is valued "21". When accessing this iview, the portal will force a re-authentication (as 21>20).
  By configuring custom authschemes and JAAS logon stacks you can easily implement your scenario. Simply ensure that all your ESS iviews will be using an authscheme with a value greater that your default value.
  Regards,
  Dominik

• Please guide me for user authentication and authorization in WebDynPro App

  Hi,
      I just study the WebDynPro to develop the SAP Portal. I've ever developed the Web-based App using J2EE. So when i developed the Web-based App i have to develop the control of the user authentication and authorization on each page for example ,checking the session of the user whether they can access this page or whether session is expired or not,. So i have no idea with the WebDynPro and the SAP Portal because i never had experience for both WebDynPro and Portal.
  I need to ask you some question to clarify my doubt :
  1. SAP Portal  is web page that include every enterprise application with in one page and user log-in to them just on time, isn't it?
  2. If i integrate WebDynPro with SAP Portal, which one will do the authentication and authorization?. I mean that, Do i have to develop the code to check authentication and authorization in the WebDynPro App or Let the SAP Portal manage them?
  3.Could you please suggest the best practice for authentication and authorization in webDynPro.
  Many Thanks
  Noppong J

  in most case you don't have to write code to deal with session, authentication and authorization.
  1. yes,
  2. no, no code needed. you just set an attribute to your application, which make the the authentication required. when user access this page, portal will display the logon page
  3 you can put some authorization related code in web dynpro for specific requirement, search this doc "Protecting Access to the Web Dynpro Car Rental Application Using UME Permissions"

• Getting the following error while creating the model for webdynpro app.

  Plugin Name: Web Dynpro Model Editor Services
  Plugin ID  : com.sap.ide.webdynpro.service.modeleditor
  Class      :ap.ide.webdynpro.modeleditor.wizards.model.              creation.ModelDialog
  Method     : nextPressed
  Exception  : org.eclipse.swt.SWTException: Failed to  execute runnable (java.lang.NoClassDefFoundError)
  This is the error i am getting while creating the model for the webdynpro application. Can some one help ?
  Thanks & Regards
  Lalith

  hi
  This error occurs mainly due to the reason that particular plugin is not there in the NWDS.
  So please try to reinstall the NWDS or try tracing out whether that particular plugin is there or not.
  Thank,
  kris

• "SSO" for non-sap web application using SAPGUI to browse?

  I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
  To strengthen the authentication in the web app, I wanted to implement SSO 
  authentication as we pity the users for having to remember so many strong pw's and I
  dont like LDAP based pw sync or other technology I dont understand, because then we are
  just yet another application with the same pw...
  We are having technical problems implementing SSO on the web app side, and are anyway a
  bit sceptical about the user admin / role admin assignment if we get it to work.
  So I have created a transaction in SAP which browses the web app and the intention is to
  send the SAP sy-uname as the web app user. We can control this using s_tcode, and
  an own auth object on the WAS side and a check on the session type before the connection is
  established. In this sense we are dependent on the SAP concept implemented, but even so:
  The role assignment is controlled in the web app itself -> so assume that I am not overly
  worried about unauthorized access to the web application, as they would not have any
  system role for it as their sy-uname does not exist. (Infact we can monitor this)
  The browser on the front end is the SAPGUI with html controls on the SAP side.
  I would be interested in knowing whether anyone else has experience with this approach, and
  whether there are any areas to be carefull of?
  I would also like to know whether this is a strategic error?
  Kind regards,
  Julius

  Hi Julius,
  well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
  a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
  But for non-SAP web applications that does not help.
  In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
  Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
  In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
  Cheers, Wolfgang

• SSO for JDeveloper application -- how?

  Hello,
  I am developing a servlet with JDeveloper & Struts, and I am curious whether it is possible to configure SSO and JDeveloper so that when I DEBUG the project and the embedded OC4J server starts, my application gets protected by the Single-Sign-On. That is, when I access http://<server>:8988/MYApplication/request.do?<params>, the SSO login page shows up, and after I type in correct login and pwd, my original page gets called again, only with the SSO cookie set this time.
  I have all the things set up (infrastructure etc), and I guess if I go and deploy my application into Apache web folders, things should work -- but is there a way to do this with embedded OC4J server -- with its ports, etc?
  Thank you very much,
  Sasha.

  Krrish,
  For enabling security for your ADF application in JDeveloper use ADF Security wizard. Read this:
  http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
  You should set up your identity management with the application server.
  (App Server Console->Administration->Identity Management)
  You should set the identity management as the security provider of the ADF Application.
  (App Server Console->Your Application->Security Provider)
  You should have installed your APP Server in advanced mode.
  You have to enable SSO for application server and define the ADF application as a partner application:
  http://download-uk.oracle.com/docs/cd/B32110_01/web.1013/b28957/configldap.htm#BEHCGHHF
  see Configure SSO (Optional) section.
  Despite that, I myself have had problem making this work. I am using Identity Management 10.1.4.
  Regards
  Farbod

• SSO for Oracle Apex application

  Hi All,
  I am working on the requirement where the client want to implement the SSO for the apex application which are in different workspaces.
  But not using oracle SSO server :(
  The Microsoft active directory is used for authentication.
  Please give me some idea how to implement SSO for these apex applications.
  Thanks & Regards,
  Prutha

  Hi,
  I am trying to implement Single-Sign On for my Apex applications. Below are the requirement steps:
  This is working fine within same WORKSPACE and on single DB, but I need to implement SSO across DB with different workspaces.
  1. I have *2 Databases* DB-1 and DB-2. Both are different and running on different machines.
  2. On Both DB's Apex is configured.
  3. I have to deploy an app which uses internal Application Express account credentials for Login on DB-1
  4. From DB-1, after login, I have to provide a link to open another Apex App deployed on DB-2
  5. All Apex Apps on both DB's are using same Authentication Schemes.
  6. In both DB's I have PAGE SENTRY function for session validation.
  Can we configure Apex only once on both DB servers like RAC. Do we have any admin setting in Apex by which we can achieve th motive.
  Please help me to implement such functionality using only Apex across different DB's and different Workspaces.
  Thanks,
  Ismail
  Edited by: user9536278 on Mar 27, 2012 4:18 AM

• SSO for Forms9i & Rep9i applications

  Hai all,
  We have developed forms9i & Reports application(around 3 applications .
  We want to use SSO for authentication process and expose this application as portelts in 9iAS portal release2.
  Can any body give the steps to follow.
  How to configure forms9i apps in Portal?
  As partner applications or external application?
  If partner applications which mechanism ia goob.
  Mod_osso or PDK?
  Regards,
  Sreenivas

  Anupam,
  Thanks for response.
  Can users create the resources themselves? if yes what user interface is available for this?
  Do you know how the users can change their password for a particular resource if it changes?
  Harish

• URGENT: SSO for multiple Applications

  I have integrated 4 different applications in a single domain with OAM for SSO.
  Individually all apps are working fine (for SSO). Now I want to Apply only single login for all the applications. So what changes need to be done in OAM side?
  Continuing to my above Question. For the first time if I access application A, Authentication should be done and if I access Application B, C, D no authentication should be done
  and What changes to be done for Single Log OUT.
  Help me what to do for SSO for all the applications.
  Thanks
  Ajay
  Edited by: 915734 on Mar 12, 2012 7:57 PM

  You have to configure single sign-on policy for same
  Go through the blelow documents
  http://docs.oracle.com/cd/E14571_01/doc.1111/e15478/sso.htm#BJFGFBDC
  http://docs.oracle.com/cd/E14571_01/doc.1111/e15478/intro.htm#BABCDGEH
  http://docs.oracle.com/cd/E23943_01/core.1111/e10043/osso_b_oam11g.htm
  http://docs.oracle.com/cd/E24269_01/doc.11120/e24477/sso.htm

• How to consume a ABAP webservice in a  webdynpro app?

  Hi,
  I have a BAPI in ABAP that is exposed as a webservice. I want to use this to build a webdynpro app so that i can consume this webservice. This BAPI returns the Employee data. As soon as the person logs into the portal i am going to pass his login id to this BAPI so that it retrieves the Employee data for that user id. But i need to know the procedure of consuming this webservice in a webdynpro app. Any pointers in this regard will be greatly appreciated.
  Thanks,
  Arun E V

  Hi Arun,
  Consumption of a web service is univesal I guess so it wont matter if it is an ABAP webservice. For consumtion of webservice in Web Dynpro you can go through the following tutorials
  <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/using%20car%20rental%20web%20service%20with%20web%20dynpro.pdf">https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/using%20car%20rental%20web%20service%20with%20web%20dynpro.pdf</a>
  <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/creating%20an%20email-client%20using%20web%20dynpro%20and%20web%20services.pdf">https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/creating%20an%20email-client%20using%20web%20dynpro%20and%20web%20services.pdf</a>
  Do reward points if it helps
  Regards
  Sid

• Consuming ABAP Webservice in Webdynpro app

  Hi,
  I have wrote a webdynpro app for consuming ABAP webservice. I used the procedure in the link below
  http://wiki.sdn.sap.com/wiki/display/WDJava/ConsumingABAPWebServiceinJavaWD
  Everything seemed to be went well, I created model and Webservice destinations. I have written the code for calling the webservice, which does not return data as part of response. I mean though the RFC returns data at the backend,its not showing the returned records in the webdynpro table.
  I have also tried checking the same by setting external break point. when the webservice is executed from my webdynpro app,it goes to the ABAP debugger and i could clearly see the records in the export parameters of RFC,but the same is not returned in the reponse object.
  Could any one let me know what could be missing. Any help is greatly appreciated?
  I have used the following code in Init method of my View
  Request_ZMYRFC input=new Request_ZMYRFC (model);
  wdContext.nodeRequest_ZMYRFC ().bind(input);
  ZMYRFC  req= new ZMYRFC (model);
  req.setPUserid("EDLAS00C");
  req.setPLtc("E");
  input.setMYRFC (req);
  IWDMessageManager manager = wdComponentAPI.getMessageManager();
      try
      wdContext.currentRequest_ZMYRFCElement().modelObject().execute();
        wdContext.nodeResponse().invalidate();
        wdContext.nodeZMYRFCResponse().invalidate();
        wdContext.nodeReturn_res().invalidate();
       wdContext.nodeItem_res_ret().invalidate();
        wdContext.nodeILtcg_res().invalidate();
        wdContext.nodeItem_res_ltcg().invalidate();
      catch(Exception e)
        manager.reportException(e.getMessage(), false);
  Thanks
  Santhosh

  santosh,
  Check provider system defination in nwa for webservice.After this mapp the provider system and service group after wd app deployed.This is mandatory while consuming webservice in webdynpro for latest versions of CE7.11 or later.for reference check this article/document. http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/50d70a19-45a3-2b10-bba0-807d819daf46
  Thanks,
  Murthy.
  Edited by: Murthy Karaka on Mar 22, 2010 12:59 PM

• Can I execute a function module in my  Webdynpro App ?

  Hi,
  Can I execute a function module in my Webdynpro App ?  I mean, it's not a BAPI.
  Is it possible ?   which is the procedure to follow ?  (comparing to a bapi procedure).
  Thanks for your help !
  Regards from Mexico.  =)
  Diego

  Hi Diego,
  the warning icon indicates that you're using a function module that has not been externally released. If the corresponding function module has been defined by SAP, its interface might be changed in an incompatible way within one of the next releases, e.g. removing / renaming a parameter or structure field. Stability is only guaranteed for BAPIs or external released function modules.
  From the point of view of the model import it does not make any difference. If import does not work, there seems to be some other problem. Maybe the function module has not been activated in the R/3 system. Or check the log file or the import log page which will be the last page of the import wizard.
  You might want to import some other none external released function module in order to verify that model import of these kind of function module works.
  Kind regards,
  Lothar Bender

• ABAP session id with a webdynpro app

  Hi....
  I have a custom webdynpro app that makes JCO calls to ABAP.
  So when i open the abap debugger (debugging remotely from the java webdynpro) i can see that sy-uname
  is in fact the user that logged into the portal....
  What I am wondering is this....
  Is there a way to get a unique session id (or guid) on the abap side for that users session? when the user logs off of the portal, there session closes on the abap side as well...if they logged into the portal then they
  would have a new session on the abap side as well....
  I need to find a way to get this session id on the abap side.

  maybe this function module?
  TH_GET_SESSION_ID