SSO from non-SAP (Webspher AS) to SAP (EP)

Similar Messages

• SSO from Non-SAP portal to EP

  Hi.
  We need SSO from Non-SAP portal to EP.
  The Non-SAP Portal has publish Form-based authentification.
  I mean userid&password set to URL.
  Then the EP can generate SAP Logon ticket to backend system?
  regards,

  How to Enable Single Sign-on with Non-SAP Web Application                    
  I have very good material coollected for the same implement this.
  http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm                                             
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a7b5ba90-0201-0010-4dbc-8f999dcd2798                                                                                
  Cheers!!                                             
  SJ.

• SSO from non-SAP application to EP system

  Hi all,
  Is it possible to configure the Single sign-on from non-SAP application to SAP Enterprise portal?
  My requirement is
  I have a link to "Enterprise Portal" in my company's website home page. If I click on the link, it should directs to EP portal with out asking for logon.
  Please suggest, is it possible??
  Regards,
  Sujoy

  Hi Sujoy,
  SSO implementation to non-browser applications i.e non-SAP systems is possible in 3 ways which are listed .Can find useful info in the below links.
  http://help.sap.com/saphelp_nw70/helpdata/EN/12/9f244183bb8639e10000000a1550b0/frameset.htm
  among the non-browser applciation if it is an MS dotnet system then the below article will give a clear understanding of SSO implementation.
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f05ae0f0-bf93-2b10-ed9e-a7320c012841
  Regards
  Supraja

• SSO from non-SAP to SAP apps

  Hi All,
  Currently We have SAP applications, non-SAP applications(java, .NET, PHP etc) in our landscape.
  If the client tries to access any non-SAP application it should ask for authentication and thereby for any subsequent access to any URL's(SAP or NON-SAP apps) it should not ask for any authentication.
  FYI:
  The client logins into SAP Portal(SAP to NON-SAP) first and thereby able to achieve SSO for non-SAP applications as well.
  Currently we are stuck for the scanerio of  Non-SAP to SAP apps ?
  Please suggest.......
  Thanks,
  Mano.

  Hi samuli,
  Using SPNEGO, we can incorporate windows authentication for SAP Portal ( after desktop authentication user can logon without userid/password). But for non-sap apps this would be challenge.
  I have another option, using webdispatcher if we enable server redirect for all applications(SAP & NON-SAP) and get authenticated centrally by which SSO can be achieved across all the apps.
  Would above solution work ?
  Thanks,
  Mano.

• SSO from non-SAP J2EE to NW04 ABAP WebService

  Hello,
  I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.
  I must stress that username/password is not a solution.
  Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable
  Best regards,
  Thomas Mouritsen

  >
  Thomas Mouritsen wrote:
  > Hello,
  >
  > I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.
  >
  > I must stress that username/password is not a solution.
  >
  > Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable
  >
  > Best regards,
  > Thomas Mouritsen
  Well, the best solution would be using message-based authentication (WS-Security) - either "X.509 Token" (digitally signed message) or "SAML (1.1) Token". Unfortenately you are using an older ABAP system where this feature is not available.
  Especially regarding Web Services it is definetly worth to consider upgrading to NWAS 7.0 Enhancement Pack 1 (or at least: NWAS 7.0 with SP14 or higher).
  But it also depends on the capabilities of "your" J2EE server. Does it support WS-Security and SAML Tokens? Can it servce as SAML Source Site?
  Transport-level security (e.g. SSL with X.509 client certificates) will not help in your scenario (system-to-system calls). It would only be an option if the WS Consumer is an User Agent (-> SSL client represents a single user); only then X.509 client certificates can be used for SSO.
  Best regards, Wolfgang

• Data extraction from Non-Unicode ECC6 to Unicode SAP BI system

  Hi,
  We have an existing non-unicode ECC6 system. Currently we are installing SAP BI unicode system. Can anyone tell me are there any issues in data extraction for SAP BI from a non-unicode ECC6 system to an Unicode SAP BI system ?
  Please also note that our data consists of Asian (korean, Japanese & Chinese) fonts.
  Regards,
  Anirban

  Hi Des Gallagher,
  Thank you for your reply.
  I have gone through the notes suggested by you, but they suggest issues related to BW 3.x versions. We are currently on SAP_BW 700 - SP16. Also, among other notes i found note 510882 which might be helpful for custom developments.
  But i am still wondering whether we are going to face major issues related to data extraction from non-unicode ECC6 system to unicode SAP_BW 700 system.
  Incase you have any further details, please let me know.
  Thanks in advance.
  Regards,
  Anirban Kundu

• SSO from non sap application server to SAP systems

  Mysapsso2 cookie has been generated after we are login into the portal https://FQDN/irj/portal for all the backend systems in client browser. Since it is working fine. After login into the portal , while clicking the URL iview of external JBoss application sever in portal home page and it is shows the new windows pop up login page. After login into this external JBoss application server, we have configured work item for SAP ITS WEBGUI login page of the backend system inside this JBoss appliaction. Here we need to pass the mysapsso2 cookie information in SAP WEBGUI, so that login page is bypassed using SSO. Kindly do give some suggestion for fixing this issue. Kind Regards, R Rajavelu

  Try to use it Appsintegrator to access the non sap application from SAP Application

• SSO from non SAP to SAP

  Hi,
  i have a  requirement where the client has a web application i guess Cold fusion application .The user authenticates at the client web application level. After authenticating and clicking on portal link which is inside the client application he should be directly entering portal without any authentication.
  I was thinking of JAAS login module is it possible
  Thanks
  Sushanth

  Hello Sushanth,
  Create a component in your cold fusion application wherein a user can at one time enter his portal username and password and store it in a table or so.
  Now, the link which you have that redirect you to the SAP Netweaver Portal should have a target: http://<host>:<port>/irj/portal?j_user=<get ur mapped portal user here>&j_password=<get your mapped portal password here>.
  This combined URL will open the portal without authentication.
  Hope this helps.
  If it did kindly consider rewarding points.
  Regards,
  Prem
  SAP

• SSO from Portal EP 6 SP14 to  SAP R/3 PRD System.

  I have installed Poryal EP 6 SP14 with SID name as PRD.
  We have SAP R/3 also with the SID name as PRD.
  After the installation of the Portal we were testing SSO with SAP R/3 PRD after I imported certificate to sap R/3 PRD using STRUSTSSO2.
  SSO is not working.
  When I validate the certificate in sap R/3 PRD using SSO2 it gives following error.
  Three red dots followed by following text.
  This is the Certificate of the issuing system for logon ticket. But not the corresponding system.
  I tried all option and it did not work.
  I also installed SAP Crypto libraries. Is there any thing I need to do special when I install SAP Crypto libraries.
  We have the same setup working in DEV, UTS & QAS environments. I am puzzled.
  I was also suspecting the name of the Portal matching with SAP R/3 name. But the clients are different any way.
  Portal PRD client is 000.
  SAP R/3 PRD client is 600.
  My understanding is that combination should be unique.
  Please help me. This is impacting our project.

  Hello Portland,
  please verify the PSE using transaction PSEMAINT in R/3.
  Then come back with the results. Also have a look to this:
  perhaps there are some configuration issues missing.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/8d/903d41b77ba52fe10000000a155106/frameset.htm
  Wolfgang

• SSO from Microsoft wabsite to SAP Portal

  Hi
  My client wants SSO from .net based Microsoft website to SAP Portals. Requirement is that when customer enters the website e.g. www.mysite.com , he will be automatically gain access (SSO) to  SAP Portal .
  How it can be done ?
  Please help
  Thanks in advance

  Hi Ananda,
  This link answers your query.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/interoperability/dotnet/_web%20services%20and%20a2a%20interoperability%20center/sample%20application%3a%20sso%20with%20a%20.net-based%20web%20service%20client%20using%20sap%20logon%20tickets.pdf
  Reward points if handy!
  Regards,
  Sandeep Tudumu

• SSO from SAPJ2EE to Non-SAP Java Applications

  Hello,
  does anybody know, if there is a newer version of MySapSsoSupport-0.5.tar.gz
  This enables Single Sign-On from SAP J2EE Engine/EP to Non-SAP Java Applications.
  Thanks in advance.
  Guenter

  Hi Guenther
  I am not aware of this MySapSsoSupport package. As far as I am aware the only supported scenarios for SSO to non-SAP Systems are listed here:
  http://help.sap.com/saphelp_nwpi71/helpdata/de/12/9f244183bb8639e10000000a1550b0/content.htm

• SSO to Non-SAP using login-tickets

  Hi all,
  I'd like to set up an SSO connection to a non-SAP HTTP system by using the SSO web filter (iis_sso.dll) on IIS 5.0.
  I've created an iView (using the application integrator) with the URL template : http://<ip-address-host>:82/reqvars.asp?<Authentication> in which <Authentication> is MYSAPSSO2=<Request.SSO2Ticket>. The reqvar.asp page comes with the web filter as an example and displays all HTTP header fields. That way you can check whether the user-ID has been extracted successfully from the SAP logon ticket. However, I fail to get any value into the REMOTE_USER variable. The ISAPI filter (iss_sso) has been installed (global) successfully.
  I'm using the following settings in the verify.properties files:
  remote_user_alias = REMOTE_USER
  pse_file = C:\SSOFilter\verify.pse
  application = portal
  log_file = C:\SSOFilter\filter.log
  log_level = 3
  Remark: in the original example the remote_user_alias is set to REMOTE-USER: However, I feel this is wrong since the actual variable is REMOTE_USER. Also I have seen this one in another forum post as being a working properties file. Or should I use original value?
  No entries are being written to the log so I believe nothing is happening at all.
  The SSOFilter folder contains the following files:
  iis_sso.dll
  sapsecu.dll
  sapsecu.lib
  verify.properties
  verify.pse
  mfc71.dll, mfc71u.dll, msvcp71.dll, msvcr71.dll and sapsecin.exe
  This folder also has been added to the environmental PATH variable.
  Any suggestions would be highly appreciated (and rewarded ,
  Frodo

  Hi,
  I dont have much info related but i can giv u hint
  refer OSS Notes 442401 and 723896.
  When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
  In the first case,  the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
  certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
  In the second case,  the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
  You can refer following link :-
  http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
  user authentication and SSO
  http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
  Authentication Using a Directory with SSO Integration Using Logon Tickets
  http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
  SSO
  SAP Logon Ticket-based Single Sign-On
  http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm

• Web Server Filter Based SSO to Non-SAP Apps

  Hi,
  I am following SAP Note 442401 for configuring the Non-SAP App for Web Server Filter based SSO using SAP Logon Ticket. Also, I have downloaded the 5_0_2_8.zip file.
  The Readme doc of this zip file says:
  "<b>Changes in Web server filter plugins
  The Web server filter plug ins and the Ticket Toolkit now were separated.
  See subdirectories for further information:
  "C"          the Ticket Toolkit
  "filter"     the Web server filter plug ins
  This is the last released version (5.0.2.8) on SAPSERV.
  Pleaser refer for newer versions to SAP Service Marketplace (http://service.sap.com/patches)
  Technology Components-> SAP SSOEXT -> SAP SSOEXT</b>"
  Zip file has two folders named "C" and "filter".
  "C" folder has cpp code to varify the ticket.
  "Filter" folder has DLLs for the different web servers.
  So far so good . Now, what I want to know is that is placing the  DLL from the Filter folder onto the respective web server and doing some configs, as per the PDF provided with ZIP file, enough?
  Or do I need to do anything else, like writing any class to read and validate the Ticket?
  Thanks,
  Vivek

  See Web Server Filter Based SSO to Non-SAP Apps

• Configure sso to non sap

  dear all,
  i would like implement sso from ep to other web application ( non SAP )
  the legacy system is using " PHP and Web Server APACHE "
  there any want can help me how to configure the sso and how to create iview for my legacy system ( using URL iView  or application integrator )
  thanks for your help
  echo

  Hi Echo,
  Single Sign On to non-SAP applications normally can't be done by configuration.
  How SSO can be done depends on your application.
  Maybe these few hints may help you:
  You need the same usernames in portal and in your external application
  You may integrate your app using an application integration iView
  If your external application can be run in some kind of 'trusted' mode (this means, no password, just the username is required to log on as long as the request comes from certain IP adresses / your portal server) you can just pass the userid using the app integrator iView mechanism
  SAP provides a library (currently written in C, but there is at least a java wrapper available) to decode the SAP SSO Ticket
  You may extend your external applications logon mechanism to use the mentioned SSO ticket and do the login without password. Application Integrator is able to send the SSO ticket to your external app.
  In less words: you need to do some coding on your external application
  Hope this helps (or come back for more),
  Carsten

• Sso to non sap systems

  HI,
    I am trying to setup SSO from our portal to plumtree portal. could some one please let me the steps for setting up the SSO.
  Thanks

  Hi Yogi,
    Please check this link.
  <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm">Single Sign-On to Non-SAP Systems and Applications</a>
  Regards,
  Siva
  P.S: Award points if you find this useful.