SSO to Non SAP Systems with SAPSSOEXT
Hello,
i have a Problem with the SAPSSOext Librarys.
I write a small Programm that uses this librarys, but it wont work. So i try to Use the example, but the Example also not works.
I DO:
- Download SAPSSOEXT_0-10002921.zip, unzip it and Put the DLLs into /windows/system32
- Download SECULIB54_XXXX.sar, unsar it and Put the containing files into /windows/system32
Then i open an Command Window an write the following line in the direktory where the samples are:
ssosample -i .. icket.txt -p SAPdefault
And now i get the following error:
C: mpssosampleC>ssosample -i .. icket.txt -p SAPdefault
Content-type: text/html
Content-length: 248
h1. Error!
Your request cou
ld not be processed. The error message is:
The mySAP.com logon ticket cou
ldn't be verified. The standard error code is 5. The SSF error code is 22.>
C: mpssosampleC>
Did anybode make the example run? I didnt see my mistake :-(.
In a Second try i look into a debugger to look where the problems are. I think i cant initialice the sapsecu.dll. But it pot it definitly in the windows32 folder.
Any hint is welcome, best Regards,
Patrick
Message was edited by: Patrick Höfer
Hi Patrick,
my code which in fact worked (with the versions you have named) is as follows:
package com.mysap.sso;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
* This class provides wrapper functionality for SSO2Ticket (SAP Logon Ticket) in Java.
* @version 1.0 30.11.2000
public class SSO2Ticket
private static boolean initialized = false;
public static String SECLIBRARY ;
public static String SSO2TICKETLIBRARY = "sapssoext";
static {
SECLIBRARY = "sapsecu.dll";
try {
System.loadLibrary(SSO2TICKETLIBRARY);
System.out.println("Lib geladen.");
if ( init(SECLIBRARY) ) {
System.out.println ("SSO2TICKET initialized successful !");
System.out.println ("version: "+getVersion());
} else {
System.out.println ("Implementation of JNI mysapsso2 not loaded. ");
} catch (Throwable e) {
System.out.println ("Error during initialization of SSO2TICKETn");
System.out.println("static beendet.n");
* Initialization
* @param seclib location of ssf-implemenation
* @return true/false whether initailisation was ok
private static native synchronized boolean init(String seclib);
* Returns internal version.
* @return version
public static native synchronized String getVersion();
* eval ticket
* @param ticket the ticket
* @param pab location of pab
* @param pab_password password for access the pab
* @return [0] = (String)user, [1] = (String)sysid, [2] = (String)client , [3] = (byte[])certificate
public static native synchronized Object [] evalLogonTicket(
String ticket,
String pab,
String pab_password)
throws Exception;
* creates ticket.
* @return the ticket
public static void main(String[] args) throws Exception
System.out.println("start SSO2TICKET main");
System.out.println("-------------- test version --------------");
String version =SSO2Ticket.getVersion();
System.out.println(version);
String ticket = "... to be filled with an base64 encoded run time ticket ...";
try {
Object o[] = evalLogonTicket(ticket, "c:\download\verify.pse", "");
System.out.println("The User ID is: " + (String)o[0]);
System.out.println("Issuing System (Sysid) : " + (String)o[1]);
System.out.println("Issuing System (Client): " + (String)o[2]);
System.out.println("Certificate Bytes : " + (byte[])o[3]);
if (o[3] != null){
byte[] cert_ = (byte[]) o[3];
CertificateFactory cf = CertificateFactory.getInstance("X.509");
//X509Certificate cert = (X509Certificate)
cf.generateCertificate(new ByteArrayInputStream(cert_));
System.out.println(o[3]);
} catch (Exception e) {
System.out.println(e);
} catch (Throwable te) {
System.out.println(te);
By <i>System.loadLibrary(SSO2TICKETLIBRARY)</i> sapssoext.dll will be loaded. By <i>init(SECLIBRARY)</i> the sapsecu.dll should be loaded (in fact by sapssoext.dll).
Hope it helps (but I'm afraid that you have got more or less the same code at your site)
Detlev
Similar Messages
-
How to implement SSO to non-SAP systems using SAP logon ticket?
Hello,
We would like to implement Single Sign On between our SAP Netweaver system and a Siebel which is a non-SAP system using SAP logon tickets.
Can anyone please give me some leads on this, in particular:
1. Is there a JAVA API or an SAP plug-in that can be implemented on the Siebel machine to extract the SAP logon ticket?
2. As the other machine might seat on a complete different domain, is it possible to implement SAP logon ticket without using cookies (perhaps through the HTTP header?
3. In case you think using SAP logon tickets is not the best solution here I would be happy to hear any other suggestions you might have.
RoyHi,
I'm currently using SAML as well. Unfortunately the SAP J2EE cannot work as authority (identity provider) but what you can do is using an open implementation of SAML such as opensso which is an open version of SUNs Java System access manager.
There are a couple of other projects such as opensaml, apache's wss4j or shibboleth that might be interesting in this context.
I just installed opensso and got it working with SAP J2EE 7.0 using SAPs JAAS SAMLLoginModule to authenticate users within SAP J2EE.
In this scenario opensso serves as identity provider just as you need! There are a couple of Policy agents available on SUNs Download site you can use with Apache, Tomcat, JBOSS, WebSphere, Bea Web Logic etc. in order to authenticate! Otherwise you just directly authenticate against opensso. When installing opensso you can configure the type of user store you want to use! By default it uses LDAP but you can also use different types of user store using JDBC or other mechanisms. Since you have a Directory Service you could easily connect it to your existing directory.
There is also a way to map user ids directly in opensso by adding a uid mapping class. I created some documentation with lots of screenshots about using opensso with SAP J2EE. You can easily use opensso with any other system that supports SAML. In the case of SAP the usage is currently limited to SAML versions 1.0 and 1.1. Version 2.0 is not yet supported but should be in one of the following versions.
Here are some links you might want to check:
OpenSAML: https://spaces.internet2.edu/display/OpenSAML/Home
wss4j: http://ws.apache.org/wss4j/
shibboleth: http://shibboleth.internet2.edu/
opensso: https://opensso.dev.java.net/
On SDN you will find a documentation on how to connect SUN Java System Access Manager to SAP J2EE (see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/906d9fc6-31b9-2910-1385-90edad7d7570). As I said opensso is based on the SUN Access Manager code and looks quite the same. So you can adapt this documentation in order to configure opensso or you can just ask me for the documentation.
Hope this is helpful...
Let me know if you need further assistance on this topic
Cheers -
HI,
I am trying to setup SSO from our portal to plumtree portal. could some one please let me the steps for setting up the SSO.
ThanksHi Yogi,
Please check this link.
<a href="http://help.sap.com/saphelp_nw04s/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm">Single Sign-On to Non-SAP Systems and Applications</a>
Regards,
Siva
P.S: Award points if you find this useful. -
IDoc adapter with Non SAP systems
SAP XI 3.0 help says:
You can use the IDoc adapter to connect SAP systems (as of release 3.1) and non-SAP systems with the Integration Server using native IDoc structures
What does this mean?
-Naveen.Hi Naveen,
Let me give a use-case in one of our projects ....we have 2 middlewares in our landscape...webmethods and XI...and in one particular instance there was a need to send an FI IDoc from webmethods to XI and forward it to R/3....
In this case, the webmethods was treated like any other sap system for receiving IDoc into XI(with settings in IDX1)...
Hope this might clarify a little bit...
Thanks,
Renjith -
We are trying configure SSO to non SAP system using the IIS web filter. We were able to configure the web filter to receive the header variable authentication but the non SAP system is not recognizing it. Could any one of you share the document or throw some ideas on this. Your help is much appreciated.
Dear Ramesh,
Check this note 735639.May be this note will give an idea to narrow down the problem.
Best Regards,
Shyam Dontamsetty -
Extraction of InfoCube data from BW system to non SAP system
Hello All,
Is the extraction of InfoCube data from BW system to non SAP system availbale only for BW 3.5 release ? If yes, how can we extract the InfoCube data to a non SAP system with SAP BW 3.1 ?
Hope to get some help.
Best Regards,
Loveline.Hi Gianfranco,
Thanks for replying.
Yes I know that open hub service is the appropriate technique to extract data from the infocube.
But if we look at SAP Netweaver documentation : Prior to SAP NetWeaver '04(since the SAP BW release I am working is 3.1); We find that we have the option to extract to a DB table or flat file.
Now if we look at SAP Netweaver documentation : SAP NetWeaver '04; In addition to the above we have the option to extract to a non SAP system.
My requirment is to extract data from InfoCube to a non SAP system. The SAP BW release I am using is 3.1
Best Regards,
Loveline. -
Scenario for interface between a non sap system and a SAP erp
Hello,
I need some help in order to elaborate a interface between a SAP ERP and a non-sap system with the help of a XI system.
- At first regarding the interface from the non sap system and a SAP ERP :
the non sap system sends a flat file to the XI system. The flat file contains a row with header data and rows with item data. We were thinking when the file arrives to the XI system, to save the data in a header database and in a items database in XI. is it possible ?
And then to have like a job that reads the database and creates idoc and sends them to the SAP erp and updates the xi header and items database with a flag that means that the records have been sent to the SAP erp.
- Regarding the interface SAP erp to non SAP system:
the SAP erp sends idoc to XI. Then the idocs are transformed into flat file.
Is this scenario possible ?
Do we need any adaptator between the non sap system and the XI ?
Thank you for your help
ChristopheHi Bontron,
Idoc doesnot support synchronous call. So you can use either proxy or function module and inturn call the idoc from them and send response back to xi. You need to have two scenarios for your design.
Scenario1: Source File (file adapter) -- xi -- Dump into database tables (Jdbc Adapter)
Scenrio2: Pickup form Database tables (Jdbc Adapter) -- xi -- RFC Adapter ---> This is synchronous call.
Regarding the interface SAP erp to non SAP system
You can send idoc to xi and from there use File adapter to send to the receiving system.
These blogs may help you to some extent:
/people/sap.user72/blog/2005/06/01/file-to-jdbc-adapter-using-sap-xi-30
https://wiki.sdn.sap.com/wiki/display/XI/step%2bby%2bstep%2bRFC%2bto%2bJDBC%2bscenario (your scenario will be opposite to this)
Regards,
---Satish -
Is a third-party tool required for data extraction to non-SAP system?
Hi,
I want to extract data to non-SAP systems with the open hub service.
If I choose Database tables as open hub destinations, I would like to know if a third-party tool is mandatory and if it's possible to send data directly from database tables in BW to non-SAP systems.
Many thanks
Ellayou can choose a flat file on the application server and then transffer the file from the application server to other server where you want to use.
in case you want to use the table in the open hub service. any other software that can connect to oracle db / the databasee you have and can access the data from the table.
Regards,
Bwer
Assign points if helpful. -
SSO from non-SAP application to EP system
Hi all,
Is it possible to configure the Single sign-on from non-SAP application to SAP Enterprise portal?
My requirement is
I have a link to "Enterprise Portal" in my company's website home page. If I click on the link, it should directs to EP portal with out asking for logon.
Please suggest, is it possible??
Regards,
SujoyHi Sujoy,
SSO implementation to non-browser applications i.e non-SAP systems is possible in 3 ways which are listed .Can find useful info in the below links.
http://help.sap.com/saphelp_nw70/helpdata/EN/12/9f244183bb8639e10000000a1550b0/frameset.htm
among the non-browser applciation if it is an MS dotnet system then the below article will give a clear understanding of SSO implementation.
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f05ae0f0-bf93-2b10-ed9e-a7320c012841
Regards
Supraja -
How to integrate the portal system with non-sap system
Hi Gurus,
How to integrate Portal system with non-SAP system?
I know few ways .......Using Usermapping UIDPW method.
Using Appintegrator .....and using Business repository objects in JCA?
Is there anyother way to integrate if so please give me the names and steps for integrating it?
Thanks in Advance,
DharaniHi Dharani,
You can get information from the following links:
http://help.sap.com/saphelp_nw04s/helpdata/en/43/d08b00d73001b4e10000000a11466f/frameset.htm
https://www.sdn.sap.com/irj/sdn/thread?threadID=744043
SAP CONNECTORS:- Basically Connectors are like middlewares , that we use to connect to the backend system including Non SAP systems also. Will try to explain it to u with some examples of SAP Connectors:-
a) SAP Business Connectors:-
A middleware application based on the B2B integration server from webMethods.
The SAP Business Connector enables both bi-directional synchronous communication and asynchronous communication between SAP applications and SAP and non-SAP applications.
The SAP Business Connector makes all SAP functions that are available via BAPIs or IDocs accessible to business partners over the Internet as an XML-based service.
The SAP Business Connector uses the Internet as a communication platform and XML or HTML as the data format. It integrates non-SAP products by using an open, non-proprietary technology.
b) SAP Java Connector:-
SAP Java Connector (SAP JCo) is a middleware component that enables the development of SAP-compatible components and applications in Java. SAP JCo supports communication with the SAP Server in both directions: inbound calls (Java calls ABAP) and outbound calls (ABAP calls Java).
SAP JCo can be implemented with Desktop applications and with Web server applications.
SAP JCo is used as an integrated component in the following applications:
1) SAP Business Connector, for communication with external Java applications
2) SAP Web Application Server, for connecting the integrated J2EE server with the ABAP environment.
SAP JCo can also be implemented as a standalone component, for example to establish communication with the SAP system for individual online (web) applications.
To Know more go through,
SAP Java Connectors
II) ALE Concept:-
ALE is not restricted to communication between SAP systems, it can also be used for connecting SAP Systems to non-SAP systems.
By using IDocs as universal information containers, ALE can reduce the number of different application interfaces to one single interface that can either send IDocs from an SAP system or receive IDocs in an SAP system.
SAP certified Translator Programs can convert IDoc structures into customer-defined structures.
Alternatively, the RFC interface for sending and receiving IDocs can be used in non-SAP systems.
In both cases you need the RFC Library of the RFC Software Development Kit (RFC-SDK).
This link gives a great insight into landscape for Connectivity to Non-SAP systems:-
SAP to Non-SAP systems
III) Communication Between SAP Systems and External (Non-SAP) Systems using RFC:-
When you use RFC for communication with an external (non-SAP) system, you can also implement the SAP Java Connector or the SAP .Net Connector for the conversion of data. However, there are no specific security requirements for these components, since they only perform internal system conversion functions.
The additional security recommendations for communication with external systems in this section make particular reference to cases where an external system is used as a server (SAP calls the external system). If you use an external system as a client (the external system calls SAP), the appropriate SAP-specific security mechanisms are implemented on the SAP side.
This link explains in detail all the security considerations you need to take for connecting to an External Non SAP system like, User administration, Network Security etc.
Communication Between SAP Systems and External (Non-SAP) Systems using RFC
Hope this helps,
Regards,
Rudradev Devulapalli
Reward the points if helpful -
Http communication with non-sap system
Hi ,
We have a requirement to send OM related data to a non-sap system using HTTP post in XML format and receive the response from that external system. We are on ECC 6.0 and we cannot use XI at this time.
What would be the correct approach to do this? I read that we could use ICM for HTTP communication am I on the right track?
ThanksHi ,
We have similar type of requirement, if you have the solution then let me know .
Thanks in adv
Vishnu -
Non-XI HTTP Communication with non-sap system
Hi ,
We have a requirement to send OM related data to a non-sap system using HTTP post in XML format and receive the response from that external system. We are on ECC 6.0 and we cannot use XI at this time.
What would be the correct approach to do this? I read that we could use ICM for HTTP communication am I on the right track?
ThanksWhat setup do we need for this ?
We are on ECC 6.0. I am trying to run the program, I am getting http_communication_failure = 1 in the receive function.
I am not sure if I am missing any authorizations/setup.
Thanks for your help.
VV -
SAP 4.7 Interface through RFC with non-sap system
We have SAP 4.7 instance and no XI and currently we are looking at following solutions using SAP connector, need following infrormation:
1. Which standard connector can be used ?
2. How Master Data to be replicated from SAP system to non-sap system( Outbound) ?
3. How Transactional data from non-sap sytem to SAP system ( Inbound)?
We need the above input considering that we don't have XI
regardshi ,
Can you tell me which other non-sap system you are using
either it is dot net or some other
Regards
Deepak . -
Hi.
We need SSO from Non-SAP portal to EP.
The Non-SAP Portal has publish Form-based authentification.
I mean userid&password set to URL.
Then the EP can generate SAP Logon ticket to backend system?
regards,How to Enable Single Sign-on with Non-SAP Web Application
I have very good material coollected for the same implement this.
http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a7b5ba90-0201-0010-4dbc-8f999dcd2798
Cheers!!
SJ. -
How to send sales orders through XI to non sap system
Hello Experts,
i need to send Sales order details from ECC to non sap system.
anybody can help me to proceed with this in detailed way.
i know how to send idoc through xi between sap systems.
But i need between sap to non sap system.
Thanks & Regards,
Lakshmi..Hi !!
Check this weblog on how to enable SSL:
/people/gregor.wolf3/blog/2005/10/11/setup-https-ssl-for-the-sneak-preview-sap-netweaver-04-abap-edition-on-windows
refer this realtive thread which shows the .NETnet integration with XI
Re: .NET Client Integration with SAP XI
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2131 [original link is broken] [original link is broken] [original link is broken]
for idoc related settings in r/3 refer the below link...
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/73527b2c-0501-0010-5398-c4ac372c9692
IDoc to File scenario
/people/prateek.shah/blog/2005/06/08/introduction-to-idoc-xi-file-scenario-and-complete-walk-through-for-starters
check this out ..
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/CABFAALEQS/CABFAALEQS.pdf
http://www.thespot4sap.com/Articles/SAP_ALE_Introduction.asp
Also go thru this Blogs
ALE Configuration for Pushing IDOC's from SAP to XI by Swaroopa Vishwanath
Configuration Steps for Posting IDOC's by Ravikumar Allampalam.
IDOC - File scenario
/people/prateek.shah/blog/2005/06/08/introduction-to-idoc-xi-file-scenario-and-complete-walk-through-for-starters
configuring IDOCS
/people/sravya.talanki2/blog/2006/12/27/aspirant-to-learn-sap-xiyou-won-the-jackpot-if-you-read-this-part-iii
IDOC scenarios
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/cdded790-0201-0010-6db8-beb9bb2b2660
Idoc related setting
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/73527b2c-0501-0010-5398-c4ac372c9692
refer this thread also
Integration between sap and non-sap
/people/prateek.shah/blog/2005/06/08/introduction-to-idoc-xi-file-scenario-and-complete-walk-through-for-starters
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/5651.. [original link is broken] [original link is broken] [original link is broken]
also referthe concept of SSO
To undersand SSO scenarios gothro the links in my reply in the following thread:
SSO scenarios and configuring steps
Check the following link to know the procedure for user mapping:
Procedure to follow for user mapping.
The following link gives you more idea on User Mapping:
More Info on User Mapping
Pls reward if useful
Maybe you are looking for
-
Error while processing audit message
hi I'm running a reconciliation, and throws me the following error . please help me ERROR,28 Aug 2009 03:50:32,492,[XELLERATE.AUDITOR],Error while processing audit message java.lang.NullPointerException at com.thortech.xl.audit.engine.AuditEngine.pro
-
Dear All, In my Scenario I created the Independent requirement of my finish product in Plant 1000. Now i have depot 1001 where the material is received against stock transfer order created by depot on Plant 1000. After MRP & production
-
i just loaded the 'lion' now my mail takes a new life....how do i move the reading panel to the bottom / also how do i get rid of the text/content under each mail..two simple things not sure obvious on this version !!!
-
No more songs in playlists?...
all my playlists are stilled listed in itunes BUT theres no tracks in them? I recently moved tracks out of 'unknown folder' in my itunes libary but when i put them back in unknown, there was still nothing in my playlists. how can i have my playlists
-
Xdock Output Cable (USB to RCA?)
I own a Xdock base?unit transmitter that has optical audio out and USB out. I want just plain RCA on mini jack audio out. The unit also has Svideo out. Is there a USB to RCA cable available? If not how do I get the audio out to a old fashion non surr