SSO for  non sap applications in EP on which siteminder sso is integrated

Hi ,
we have implemented Siteminder SSO on   SAP PORTAL 6 SP16  for authentication.I would like integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder sso external authentication is implemented.
can anybody help for getting  step by step document.
Thanks
Tag

Hi ,
we have implemented Siteminder SSO on SAP PORTAL 6 SP16 for authentication.I would like to integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder sso external authentication is implemented.
can anybody help for getting step by step document.
diff rewards to be given...
Thanks
Tag

Similar Messages

  • SSO FOR NON SAP APPLICATIONS

    SSO for non sap applications in EP on which siteminder sso is integrated
    Posted: Aug 28, 2006 7:09 AM        Reply      E-mail this post 
    Hi ,
    we have implemented Siteminder on SAP PORTAL 6 SP16 for authentication.I would like to integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder external authentication is implemented.
    can anybody help for getting step by step document.
    diff rewards to be given

    Hi,
    if you have access to service.sap.com via S-User, you can download "SAP Enterprise Portal Security Guide" in the portal section. It has dedicated descriptions about SSO-Settings, also about netegrity.
    You can also search help.sap.com about "SSO" which gives you overview descriptions.
    On SAP Service Net, there is also an pdf "Integrating Security functions" in the Netweaver 2004s Portal section, where the description of the Java API for the PDK is included. This is very helpfull for coding.

  • SSO to non SAP Application (ASP)

    We have followed the sample steps for SSO to non SAP Applications in ASP, but we're receiving the following results:
    Start SSO2TICKET main
    Version: SAPSSOEXT 2
    Ticket verifying failed. Return codes error=1 and ssf error=0
    Does anyone know what the problem is and how to solve it?
    Thanks!

    hi ive,
    u cn refer to this links.......these r  some of    the blogs that u cn go throu.its useful.
    <b>User Mapping-based Single Sign On,
    SAP Logon Ticket-based Single Sign-On>
    regards
    bhargava

  • SSO to non SAP Application using SAP Logon Ticket

    Hi Experts,
    I Have EP 7 SP 15 using SPNego Wizard to SSO with Active Directory and SSO between EP and ECC using SAP Certificates.
    Now I have a demand to SSO some JAVA based applications (non SAP) to my portal using the SAP Logon Ticket.
    I Have followed some blogs that directed me to use SAPSSOEXT (some libs) to read the MYSAPSSO2 cookie. The problem is that I didn't found this cookie, I even executed the command javascript:document to look for this cookie but the browser just show me the JSESSIONID info.
    Does anybody knows where I can find this cookie or if there's a better way to set up this SSO? It´s necessary to say that I cannot SSO these application to the kerberos protocol because some security reasons on my company.
    Thanks
    Armando

    Hi,
    I dont have much info related but i can giv u hint
    refer OSS Notes 442401 and 723896.
    When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
    In the first case,  the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
    certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
    In the second case,  the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
    You can refer following link :-
    http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
    user authentication and SSO
    http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
    Authentication Using a Directory with SSO Integration Using Logon Tickets
    http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
    SSO
    SAP Logon Ticket-based Single Sign-On
    http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm

  • "SSO" for non-sap web application using SAPGUI to browse?

    I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
    To strengthen the authentication in the web app, I wanted to implement SSO 
    authentication as we pity the users for having to remember so many strong pw's and I
    dont like LDAP based pw sync or other technology I dont understand, because then we are
    just yet another application with the same pw...
    We are having technical problems implementing SSO on the web app side, and are anyway a
    bit sceptical about the user admin / role admin assignment if we get it to work.
    So I have created a transaction in SAP which browses the web app and the intention is to
    send the SAP sy-uname as the web app user. We can control this using s_tcode, and
    an own auth object on the WAS side and a check on the session type before the connection is
    established. In this sense we are dependent on the SAP concept implemented, but even so:
    The role assignment is controlled in the web app itself -> so assume that I am not overly
    worried about unauthorized access to the web application, as they would not have any
    system role for it as their sy-uname does not exist. (Infact we can monitor this)
    The browser on the front end is the SAPGUI with html controls on the SAP side.
    I would be interested in knowing whether anyone else has experience with this approach, and
    whether there are any areas to be carefull of?
    I would also like to know whether this is a strategic error?
    Kind regards,
    Julius

    Hi Julius,
    well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
    a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
    But for non-SAP web applications that does not help.
    In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
    Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
    In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
    Cheers, Wolfgang

  • SSO from non sap application server to SAP systems

    Mysapsso2 cookie has been generated after we are login into the portal https://FQDN/irj/portal for all the backend systems in client browser. Since it is working fine. After login into the portal , while clicking the URL iview of external JBoss application sever in portal home page and it is shows the new windows pop up login page. After login into this external JBoss application server, we have configured work item for SAP ITS WEBGUI login page of the backend system inside this JBoss appliaction. Here we need to pass the mysapsso2 cookie information in SAP WEBGUI, so that login page is bypassed using SSO. Kindly do give some suggestion for fixing this issue. Kind Regards, R Rajavelu

    Try to use it Appsintegrator to access the non sap application from SAP Application

  • SSO from non-SAP application to EP system

    Hi all,
    Is it possible to configure the Single sign-on from non-SAP application to SAP Enterprise portal?
    My requirement is
    I have a link to "Enterprise Portal" in my company's website home page. If I click on the link, it should directs to EP portal with out asking for logon.
    Please suggest, is it possible??
    Regards,
    Sujoy

    Hi Sujoy,
    SSO implementation to non-browser applications i.e non-SAP systems is possible in 3 ways which are listed .Can find useful info in the below links.
    http://help.sap.com/saphelp_nw70/helpdata/EN/12/9f244183bb8639e10000000a1550b0/frameset.htm
    among the non-browser applciation if it is an MS dotnet system then the below article will give a clear understanding of SSO implementation.
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f05ae0f0-bf93-2b10-ed9e-a7320c012841
    Regards
    Supraja

  • SSO to non SAP applications

    Hi,
    I am trying to implement SSO to SAP and JAVA applications in the process i need to verify the "PSE" file downloaded from the keystore administration and to decrypt the "SSO2 Cookie" in order to do this i hv downloaded the SAPSSOEXT.DLL file and placed it in "C:\Windows:\System32". and registed the DLL file using "REGSVR32 C:\Windows:\System32sapsso.dll"
    But when i am executing the program i am getting the follwing error
    java.lang.UnsatisfiedLinkError: no sapssoext in java.library.path
            at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1682)
            at java.lang.Runtime.loadLibrary0(Runtime.java:822)
            at java.lang.System.loadLibrary(System.java:993)
            at SSO2Ticket.<clinit>(SSO2Ticket.java:38)
    at the line
    System.loadLibrary("sapssoext");
    Can some body please help me out how to add the downloaded dll file into java path.
    Thanks in Advance

    HIi check this Link
    Hope it will be usefull.
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d0c78148-12de-2a10-27bf-960acc753aab
    Also use this link
    Single Sign-On to Non-SAP Java Applictions with SAPSSOEXTthanks
    Rewards r welcome
    Edited by: Mayank  Saxena on Sep 6, 2008 1:24 PM

  • SSO from non-SAP to SAP apps

    Hi All,
    Currently We have SAP applications, non-SAP applications(java, .NET, PHP etc) in our landscape.
    If the client tries to access any non-SAP application it should ask for authentication and thereby for any subsequent access to any URL's(SAP or NON-SAP apps) it should not ask for any authentication.
    FYI:
    The client logins into SAP Portal(SAP to NON-SAP) first and thereby able to achieve SSO for non-SAP applications as well.
    Currently we are stuck for the scanerio of  Non-SAP to SAP apps ?
    Please suggest.......
    Thanks,
    Mano.

    Hi samuli,
    Using SPNEGO, we can incorporate windows authentication for SAP Portal ( after desktop authentication user can logon without userid/password). But for non-sap apps this would be challenge.
    I have another option, using webdispatcher if we enable server redirect for all applications(SAP & NON-SAP) and get authenticated centrally by which SSO can be achieved across all the apps.
    Would above solution work ?
    Thanks,
    Mano.

  • SSO to Non-SAP using login-tickets

    Hi all,
    I'd like to set up an SSO connection to a non-SAP HTTP system by using the SSO web filter (iis_sso.dll) on IIS 5.0.
    I've created an iView (using the application integrator) with the URL template : http://<ip-address-host>:82/reqvars.asp?<Authentication> in which <Authentication> is MYSAPSSO2=<Request.SSO2Ticket>. The reqvar.asp page comes with the web filter as an example and displays all HTTP header fields. That way you can check whether the user-ID has been extracted successfully from the SAP logon ticket. However, I fail to get any value into the REMOTE_USER variable. The ISAPI filter (iss_sso) has been installed (global) successfully.
    I'm using the following settings in the verify.properties files:
    remote_user_alias = REMOTE_USER
    pse_file = C:\SSOFilter\verify.pse
    application = portal
    log_file = C:\SSOFilter\filter.log
    log_level = 3
    Remark: in the original example the remote_user_alias is set to REMOTE-USER: However, I feel this is wrong since the actual variable is REMOTE_USER. Also I have seen this one in another forum post as being a working properties file. Or should I use original value?
    No entries are being written to the log so I believe nothing is happening at all.
    The SSOFilter folder contains the following files:
    iis_sso.dll
    sapsecu.dll
    sapsecu.lib
    verify.properties
    verify.pse
    mfc71.dll, mfc71u.dll, msvcp71.dll, msvcr71.dll and sapsecin.exe
    This folder also has been added to the environmental PATH variable.
    Any suggestions would be highly appreciated (and rewarded ,
    Frodo

    Hi,
    I dont have much info related but i can giv u hint
    refer OSS Notes 442401 and 723896.
    When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
    In the first case,  the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
    certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
    In the second case,  the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
    You can refer following link :-
    http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
    user authentication and SSO
    http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
    Authentication Using a Directory with SSO Integration Using Logon Tickets
    http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
    SSO
    SAP Logon Ticket-based Single Sign-On
    http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm

  • SSO for SAP and Non-SAP applications without Enterprise Portal

    Dear all,
    Is it possible to implement SSO for both SAP and non-SAP applications without involvement of EP at all?
    I have gone through this link.
    <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm">http://help.sap.com/saphelp_nw04s/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm</a>
    But I still i am not able to get the precise answer on how to enable SSO for both  SAP and non-SAP applications without EP.
    We have decided not to implement EP in first phase of SAP implementation. But we need to enable SSO for other SAP and Non-SAP applications.
    A detailed description on how to deal this kind of scenarios will be helpful.
    Thanks.

    A client of our's uses <b>SAP Enterprise Portal</b>, and is using the SAP SSO, which is implemented with tickets, and requires the use of SAPSECULIB.  My company provides an application for this client, and our application in hosted in our data center for the client, as a Software as a Service application, obviously across the internet.  Our client, which owns a SAP license, has asked that we support the SAP SSO as a non-SAP SSO application.  The client user's SSO ticket will be created from SAP EP, and then passed across the internet to our application, and we are to use that SSO ticket as an authentication ticket to our application.  I beleive I know how to do this work technically, having reviewed the SAP document named: "Dynamic Library for Verifying SSO Tickets in Third-Party Software"   Specification   Version 2.00  December 2005.
    My question is, does my company have the right to use the SAPSECULIB?  Where is the official download and <b>license</b> download, that indicates we can download this library, and use it to support a SAP customer?  We do not own a SAP license.  Thank you for your help.  I have searched many places in SAP support.<b></b>

  • SSO to non-SAP java running on Websphere

    Hi,
    I have an EP6 SP2 P5 and another java b2b app running on websphere app server and they are on different domains. I'm trying to figure out how to make sso to that app. There is  a guide on SDN written by Tim Mullé, Stephan Boecker "Enabling Single Sign-On from SAP J2EE Engine/EP to Non-SAP Java Applications" . I'm wondering if can make it work if I follow that guide and also the cross domain integration guide for sending cookies across domains?
    Regards
    Ahmet

    The process described in the cross-domain document will be necessary in order to get the MYSAPSSO2 cookies to your non-SAP application. You cannot get your browser to send domain1.com cookies to a domain2.com server. Therefro it is necessary to provide an alternate pathway - in this case using http POST. Then the target of the POST on domain2 can handle the data and return a cookie in its own domain. At that point you can either create your own cookie for websphere to use, or you can simply re-issue the cookie in domain2.com. SAP provides some libraries that will enable the other application to validate the cookie.
    Nick

  • Configure sso to non sap

    dear all,
    i would like implement sso from ep to other web application ( non SAP )
    the legacy system is using " PHP and Web Server APACHE "
    there any want can help me how to configure the sso and how to create iview for my legacy system ( using URL iView  or application integrator )
    thanks for your help
    echo

    Hi Echo,
    Single Sign On to non-SAP applications normally can't be done by configuration.
    How SSO can be done depends on your application.
    Maybe these few hints may help you:
    You need the same usernames in portal and in your external application
    You may integrate your app using an application integration iView
    If your external application can be run in some kind of 'trusted' mode (this means, no password, just the username is required to log on as long as the request comes from certain IP adresses / your portal server) you can just pass the userid using the app integrator iView mechanism
    SAP provides a library (currently written in C, but there is at least a java wrapper available) to decode the SAP SSO Ticket
    You may extend your external applications logon mechanism to use the mentioned SSO ticket and do the login without password. Application Integrator is able to send the SSO ticket to your external app.
    In less words: you need to do some coding on your external application
    Hope this helps (or come back for more),
    Carsten

  • SSO from non-SAP (Webspher AS) to SAP (EP)

    Hi,
    We need to connect in SSO an WebSphere Application Server with SAP EP.
    In practice our users will log on Corporate Portal, go to a section in which there will be a link to SAP EP (in particular access to the functionality ESS and MSS).
    How do I implement a SSO for my scenario?
    All the documentation I found is from SAP EP to a non-SAP application and not vice versa.
    Best Regards.
    Diego.

    >
    Diego Garofalo wrote:
    > Hi,
    > We need to connect in SSO an WebSphere Application Server with SAP EP.
    > In practice our users will log on Corporate Portal, go to a section in which there will be a link to SAP EP (in particular access to the functionality ESS and MSS).
    > How do I implement a SSO for my scenario?
    > All the documentation I found is from SAP EP to a non-SAP application and not vice versa.
    >
    > Best Regards.
    >
    > Diego.
    Question: which kind of authentication mechanism is used when the users will log on Corporate Portal ?
    It might be a smart idea to use the same authentication mechanism also for SAP EP.
    Well, if not only SSO (Single Sign-On) but also SLO (Single Log-Off) is demanded, then you should focus on SAML 2.0 - provided that all parties do support it. NetWeaver will support SAML 2.0 with a future release, so this is only an outlook for you by now.

  • SSO from Non-SAP portal to EP

    Hi.
    We need SSO from Non-SAP portal to EP.
    The Non-SAP Portal has publish Form-based authentification.
    I mean userid&password set to URL.
    Then the EP can generate SAP Logon ticket to backend system?
    regards,

    How to Enable Single Sign-on with Non-SAP Web Application                    
    I have very good material coollected for the same implement this.
    http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm                                             
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a7b5ba90-0201-0010-4dbc-8f999dcd2798                                                                                
    Cheers!!                                             
    SJ.

Maybe you are looking for

  • Opening Balance in FBL3N

    Hello Friends, I want to see only closing balance of last year transactions and transaction figures of this year  if i run report for this year. e.g.GL.NO.11000010 has balance in the year 2009 and 2010. if i execute the report for 2010, report should

  • How do I use PFIO as my analog trigger channel?

    I'm trying to use PFIO/TRIG1 as a analog trigger signal in a channel scan list. The analog input configuration doesn't seem to recognize this as a analog channel (just 1 to 15. I'm using Labview 6.1, PCI-MIO-16e-4, and the BNC-2090

  • Feature Request: Export and Import all or part of vCenter configuration from the GUI

    One of the challenges we face is how to recover a large vCenter to a different VM, without having to restore any databases or use vCenter VMs and databases on replicated storage. We currently have a PowerCLI based process for exporting vCenter config

  • Camera RAW 5.6RC update

    Is the Camera RAW 5.6 update suitable for PSE 7.0?

  • Re: High Level Complaints contact number?

    Hi, 2 engineer appointments missed by BT, 2 days off work sitting on my **bleep** for 6 hours waiting for them, thousands of endless phone calls through my mobile as I have been without a phoneline or broadband or tv for nearly 2 months now. They can