SSO from non-SAP application to EP system

Similar Messages

• SSO from non sap application server to SAP systems

  Mysapsso2 cookie has been generated after we are login into the portal https://FQDN/irj/portal for all the backend systems in client browser. Since it is working fine. After login into the portal , while clicking the URL iview of external JBoss application sever in portal home page and it is shows the new windows pop up login page. After login into this external JBoss application server, we have configured work item for SAP ITS WEBGUI login page of the backend system inside this JBoss appliaction. Here we need to pass the mysapsso2 cookie information in SAP WEBGUI, so that login page is bypassed using SSO. Kindly do give some suggestion for fixing this issue. Kind Regards, R Rajavelu

  Try to use it Appsintegrator to access the non sap application from SAP Application

• SSO from Non-SAP portal to EP

  Hi.
  We need SSO from Non-SAP portal to EP.
  The Non-SAP Portal has publish Form-based authentification.
  I mean userid&password set to URL.
  Then the EP can generate SAP Logon ticket to backend system?
  regards,

  How to Enable Single Sign-on with Non-SAP Web Application                    
  I have very good material coollected for the same implement this.
  http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm                                             
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a7b5ba90-0201-0010-4dbc-8f999dcd2798                                                                                
  Cheers!!                                             
  SJ.

• SSO to non SAP Application (ASP)

  We have followed the sample steps for SSO to non SAP Applications in ASP, but we're receiving the following results:
  Start SSO2TICKET main
  Version: SAPSSOEXT 2
  Ticket verifying failed. Return codes error=1 and ssf error=0
  Does anyone know what the problem is and how to solve it?
  Thanks!

  hi ive,
  u cn refer to this links.......these r  some of    the blogs that u cn go throu.its useful.
  <b>User Mapping-based Single Sign On,
  SAP Logon Ticket-based Single Sign-On>
  regards
  bhargava

• SSO from non-SAP to SAP apps

  Hi All,
  Currently We have SAP applications, non-SAP applications(java, .NET, PHP etc) in our landscape.
  If the client tries to access any non-SAP application it should ask for authentication and thereby for any subsequent access to any URL's(SAP or NON-SAP apps) it should not ask for any authentication.
  FYI:
  The client logins into SAP Portal(SAP to NON-SAP) first and thereby able to achieve SSO for non-SAP applications as well.
  Currently we are stuck for the scanerio of  Non-SAP to SAP apps ?
  Please suggest.......
  Thanks,
  Mano.

  Hi samuli,
  Using SPNEGO, we can incorporate windows authentication for SAP Portal ( after desktop authentication user can logon without userid/password). But for non-sap apps this would be challenge.
  I have another option, using webdispatcher if we enable server redirect for all applications(SAP & NON-SAP) and get authenticated centrally by which SSO can be achieved across all the apps.
  Would above solution work ?
  Thanks,
  Mano.

• SSO FOR NON SAP APPLICATIONS

  SSO for non sap applications in EP on which siteminder sso is integrated
  Posted: Aug 28, 2006 7:09 AM        Reply      E-mail this post 
  Hi ,
  we have implemented Siteminder on SAP PORTAL 6 SP16 for authentication.I would like to integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder external authentication is implemented.
  can anybody help for getting step by step document.
  diff rewards to be given

  Hi,
  if you have access to service.sap.com via S-User, you can download "SAP Enterprise Portal Security Guide" in the portal section. It has dedicated descriptions about SSO-Settings, also about netegrity.
  You can also search help.sap.com about "SSO" which gives you overview descriptions.
  On SAP Service Net, there is also an pdf "Integrating Security functions" in the Netweaver 2004s Portal section, where the description of the Java API for the PDK is included. This is very helpfull for coding.

• SSO from non-SAP (Webspher AS) to SAP (EP)

  Hi,
  We need to connect in SSO an WebSphere Application Server with SAP EP.
  In practice our users will log on Corporate Portal, go to a section in which there will be a link to SAP EP (in particular access to the functionality ESS and MSS).
  How do I implement a SSO for my scenario?
  All the documentation I found is from SAP EP to a non-SAP application and not vice versa.
  Best Regards.
  Diego.

  >
  Diego Garofalo wrote:
  > Hi,
  > We need to connect in SSO an WebSphere Application Server with SAP EP.
  > In practice our users will log on Corporate Portal, go to a section in which there will be a link to SAP EP (in particular access to the functionality ESS and MSS).
  > How do I implement a SSO for my scenario?
  > All the documentation I found is from SAP EP to a non-SAP application and not vice versa.
  >
  > Best Regards.
  >
  > Diego.
  Question: which kind of authentication mechanism is used when the users will log on Corporate Portal ?
  It might be a smart idea to use the same authentication mechanism also for SAP EP.
  Well, if not only SSO (Single Sign-On) but also SLO (Single Log-Off) is demanded, then you should focus on SAML 2.0 - provided that all parties do support it. NetWeaver will support SAML 2.0 with a future release, so this is only an outlook for you by now.

• SSO to non SAP Application using SAP Logon Ticket

  Hi Experts,
  I Have EP 7 SP 15 using SPNego Wizard to SSO with Active Directory and SSO between EP and ECC using SAP Certificates.
  Now I have a demand to SSO some JAVA based applications (non SAP) to my portal using the SAP Logon Ticket.
  I Have followed some blogs that directed me to use SAPSSOEXT (some libs) to read the MYSAPSSO2 cookie. The problem is that I didn't found this cookie, I even executed the command javascript:document to look for this cookie but the browser just show me the JSESSIONID info.
  Does anybody knows where I can find this cookie or if there's a better way to set up this SSO? It´s necessary to say that I cannot SSO these application to the kerberos protocol because some security reasons on my company.
  Thanks
  Armando

  Hi,
  I dont have much info related but i can giv u hint
  refer OSS Notes 442401 and 723896.
  When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
  In the first case,  the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
  certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
  In the second case,  the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
  You can refer following link :-
  http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
  user authentication and SSO
  http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
  Authentication Using a Directory with SSO Integration Using Logon Tickets
  http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
  SSO
  SAP Logon Ticket-based Single Sign-On
  http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm

• SSO for  non sap applications in EP on which siteminder sso is integrated

  Hi ,
  we have implemented Siteminder SSO on   SAP PORTAL 6 SP16  for authentication.I would like integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder sso external authentication is implemented.
  can anybody help for getting  step by step document.
  Thanks
  Tag

  Hi ,
  we have implemented Siteminder SSO on SAP PORTAL 6 SP16 for authentication.I would like to integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder sso external authentication is implemented.
  can anybody help for getting step by step document.
  diff rewards to be given...
  Thanks
  Tag

• SSO to non SAP applications

  Hi,
  I am trying to implement SSO to SAP and JAVA applications in the process i need to verify the "PSE" file downloaded from the keystore administration and to decrypt the "SSO2 Cookie" in order to do this i hv downloaded the SAPSSOEXT.DLL file and placed it in "C:\Windows:\System32". and registed the DLL file using "REGSVR32 C:\Windows:\System32sapsso.dll"
  But when i am executing the program i am getting the follwing error
  java.lang.UnsatisfiedLinkError: no sapssoext in java.library.path
          at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1682)
          at java.lang.Runtime.loadLibrary0(Runtime.java:822)
          at java.lang.System.loadLibrary(System.java:993)
          at SSO2Ticket.<clinit>(SSO2Ticket.java:38)
  at the line
  System.loadLibrary("sapssoext");
  Can some body please help me out how to add the downloaded dll file into java path.
  Thanks in Advance

  HIi check this Link
  Hope it will be usefull.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d0c78148-12de-2a10-27bf-960acc753aab
  Also use this link
  Single Sign-On to Non-SAP Java Applictions with SAPSSOEXTthanks
  Rewards r welcome
  Edited by: Mayank  Saxena on Sep 6, 2008 1:24 PM

• SSO from non-SAP J2EE to NW04 ABAP WebService

  Hello,
  I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.
  I must stress that username/password is not a solution.
  Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable
  Best regards,
  Thomas Mouritsen

  >
  Thomas Mouritsen wrote:
  > Hello,
  >
  > I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.
  >
  > I must stress that username/password is not a solution.
  >
  > Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable
  >
  > Best regards,
  > Thomas Mouritsen
  Well, the best solution would be using message-based authentication (WS-Security) - either "X.509 Token" (digitally signed message) or "SAML (1.1) Token". Unfortenately you are using an older ABAP system where this feature is not available.
  Especially regarding Web Services it is definetly worth to consider upgrading to NWAS 7.0 Enhancement Pack 1 (or at least: NWAS 7.0 with SP14 or higher).
  But it also depends on the capabilities of "your" J2EE server. Does it support WS-Security and SAML Tokens? Can it servce as SAML Source Site?
  Transport-level security (e.g. SSL with X.509 client certificates) will not help in your scenario (system-to-system calls). It would only be an option if the WS Consumer is an User Agent (-> SSL client represents a single user); only then X.509 client certificates can be used for SSO.
  Best regards, Wolfgang

• SSO from non SAP to SAP

  Hi,
  i have a  requirement where the client has a web application i guess Cold fusion application .The user authenticates at the client web application level. After authenticating and clicking on portal link which is inside the client application he should be directly entering portal without any authentication.
  I was thinking of JAAS login module is it possible
  Thanks
  Sushanth

  Hello Sushanth,
  Create a component in your cold fusion application wherein a user can at one time enter his portal username and password and store it in a table or so.
  Now, the link which you have that redirect you to the SAP Netweaver Portal should have a target: http://<host>:<port>/irj/portal?j_user=<get ur mapped portal user here>&j_password=<get your mapped portal password here>.
  This combined URL will open the portal without authentication.
  Hope this helps.
  If it did kindly consider rewarding points.
  Regards,
  Prem
  SAP

• Open Data Set Error while trying to read file from non SAP server

  Hi all,
  is it possible to read data from non-SAP application Sever?
  I'm using OPEN DATASET p_filin FOR INPUT IN LEGACY TEXT MODE CODE PAGE '1504',
  Where p_filin is other Windows server.Our applicition server is under Unix.Is it a problem?
  I make test to read file from SAP application server and it was ok.So how to call other server?
  Thanks!

  Hi,
  Yes it is possible to read data from a non SAP server through the statement OPEN DATASET.
  The important thing to check is that the SAP Server got enough access to the non SAP server so it can perform a reading/writing process depending on your needs.
  You should contact your network administrator and BASIS to help you check the permissions. This can be pretty tricky, specially if the servers are in different domains.
  Regards,
  Gilberto Li

• RFC ; setting in SM59 to get data from NON SAP

  Dear ,
          i have  developed REMOTE ENABLED RFC which take input one serial no. from NON SAP  (i,e IPMS system ) and store in SAP database. so now i have to know how give setting in SM59 to get access my RFC by non sap.
  Edited by: manoj kv on Jul 30, 2008 12:38 PM

  Hi,
  Place the cursor on -> HTTP Connections to R/3 System
  Create Give description, connection type H,
  In technical settings give target host and path...

• "SSO" for non-sap web application using SAPGUI to browse?

  I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
  To strengthen the authentication in the web app, I wanted to implement SSO 
  authentication as we pity the users for having to remember so many strong pw's and I
  dont like LDAP based pw sync or other technology I dont understand, because then we are
  just yet another application with the same pw...
  We are having technical problems implementing SSO on the web app side, and are anyway a
  bit sceptical about the user admin / role admin assignment if we get it to work.
  So I have created a transaction in SAP which browses the web app and the intention is to
  send the SAP sy-uname as the web app user. We can control this using s_tcode, and
  an own auth object on the WAS side and a check on the session type before the connection is
  established. In this sense we are dependent on the SAP concept implemented, but even so:
  The role assignment is controlled in the web app itself -> so assume that I am not overly
  worried about unauthorized access to the web application, as they would not have any
  system role for it as their sy-uname does not exist. (Infact we can monitor this)
  The browser on the front end is the SAPGUI with html controls on the SAP side.
  I would be interested in knowing whether anyone else has experience with this approach, and
  whether there are any areas to be carefull of?
  I would also like to know whether this is a strategic error?
  Kind regards,
  Julius

  Hi Julius,
  well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
  a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
  But for non-SAP web applications that does not help.
  In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
  Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
  In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
  Cheers, Wolfgang