Sso to non sap systems

HI,
I am trying to setup SSO from our portal to plumtree portal. could some one please let me the steps for setting up the SSO.
Thanks

Hi Yogi,
Please check this link.
<a href="http://help.sap.com/saphelp_nw04s/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm">Single Sign-On to Non-SAP Systems and Applications</a>
Regards,
Siva
P.S: Award points if you find this useful.

Similar Messages

How to implement SSO to non-SAP systems using SAP logon ticket?

Hello,
We would like to implement Single Sign On between our SAP Netweaver system and a Siebel which is a non-SAP system using SAP logon tickets.
Can anyone please give me some leads on this, in particular:
1. Is there a JAVA API or an SAP plug-in that can be implemented on the Siebel machine to extract the SAP logon ticket?
2. As the other machine might seat on a complete different domain, is it possible to implement SAP logon ticket without using cookies (perhaps through the HTTP header?
3. In case you think using SAP logon tickets is not the best solution here I would be happy to hear any other suggestions you might have.
Roy

Hi,
I'm currently using SAML as well. Unfortunately the SAP J2EE cannot work as authority (identity provider) but what you can do is using an open implementation of SAML such as opensso which is an open version of SUNs Java System access manager.
There are a couple of other projects such as opensaml, apache's wss4j or shibboleth that might be interesting in this context.
I just installed opensso and got it working with SAP J2EE 7.0 using SAPs JAAS SAMLLoginModule to authenticate users within SAP J2EE.
In this scenario opensso serves as identity provider just as you need! There are a couple of Policy agents available on SUNs Download site you can use with Apache, Tomcat, JBOSS, WebSphere, Bea Web Logic etc. in order to authenticate! Otherwise you just directly authenticate against opensso. When installing opensso you can configure the type of user store you want to use! By default it uses LDAP but you can also use different types of user store using JDBC or other mechanisms. Since you have a Directory Service you could easily connect it to your existing directory.
There is also a way to map user ids directly in opensso by adding a uid mapping class. I created some documentation with lots of screenshots about using opensso with SAP J2EE. You can easily use opensso with any other system that supports SAML. In the case of SAP the usage is currently limited to SAML versions 1.0 and 1.1. Version 2.0 is not yet supported but should be in one of the following versions.
Here are some links you might want to check:
OpenSAML: https://spaces.internet2.edu/display/OpenSAML/Home
wss4j: http://ws.apache.org/wss4j/
shibboleth: http://shibboleth.internet2.edu/
opensso: https://opensso.dev.java.net/
On SDN you will find a documentation on how to connect SUN Java System Access Manager to SAP J2EE (see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/906d9fc6-31b9-2910-1385-90edad7d7570). As I said opensso is based on the SUN Access Manager code and looks quite the same. So you can adapt this documentation in order to configure opensso or you can just ask me for the documentation.
Hope this is helpful...
Let me know if you need further assistance on this topic
Cheers

SSO to Non SAP Systems with SAPSSOEXT

Hello,
i have a Problem with the SAPSSOext Librarys.
I write a small Programm that uses this librarys, but it wont work. So i try to Use the example, but the Example also not works.
I DO:
- Download SAPSSOEXT_0-10002921.zip, unzip it and Put the DLLs into /windows/system32
- Download SECULIB54_XXXX.sar, unsar it and Put the containing files into /windows/system32
Then i open an Command Window an write the following line in the direktory where the samples are:
ssosample -i .. icket.txt -p SAPdefault
And now i get the following error:
C: mpssosampleC>ssosample -i .. icket.txt -p SAPdefault
Content-type: text/html
Content-length: 248
h1. Error!
Your request cou
ld not be processed. The error message is:
The mySAP.com logon ticket cou
ldn't be verified. The standard error code is 5. The SSF error code is 22.>
C: mpssosampleC>
Did anybode make the example run? I didnt see my mistake :-(.
In a Second try i look into a debugger to look where the problems are. I think i cant initialice the sapsecu.dll. But it pot it definitly in the windows32 folder.
Any hint is welcome, best Regards,
Patrick
Message was edited by: Patrick Höfer

Hi Patrick,
my code which in fact worked (with the versions you have named) is as follows:
package com.mysap.sso;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
* This class provides wrapper functionality for SSO2Ticket (SAP Logon Ticket) in Java.
* @version 1.0 30.11.2000
public class SSO2Ticket
 private static boolean initialized = false;
 public static String SECLIBRARY ;
 public static String SSO2TICKETLIBRARY = "sapssoext";
 static {
 SECLIBRARY = "sapsecu.dll";
 try {
 System.loadLibrary(SSO2TICKETLIBRARY);
 System.out.println("Lib geladen.");
 if ( init(SECLIBRARY) ) {
 System.out.println ("SSO2TICKET initialized successful !");
 System.out.println ("version: "+getVersion());
 } else {
 System.out.println ("Implementation of JNI mysapsso2 not loaded. ");
 } catch (Throwable e) {
 System.out.println ("Error during initialization of SSO2TICKETn");
 System.out.println("static beendet.n");
 * Initialization
 * @param seclib location of ssf-implemenation
 * @return true/false whether initailisation was ok
 private static native synchronized boolean init(String seclib);
 * Returns internal version.
 * @return version
 public static native synchronized String getVersion();
 * eval ticket
 * @param ticket the ticket
 * @param pab location of pab
 * @param pab_password password for access the pab
 * @return [0] = (String)user, [1] = (String)sysid, [2] = (String)client , [3] = (byte[])certificate
 public static native synchronized Object [] evalLogonTicket(
 String ticket,
 String pab,
 String pab_password)
 throws Exception;
 * creates ticket.
 * @return the ticket
 public static void main(String[] args) throws Exception
 System.out.println("start SSO2TICKET main");
 System.out.println("-------------- test version --------------");
 String version =SSO2Ticket.getVersion();
 System.out.println(version);
 String ticket = "... to be filled with an base64 encoded run time ticket ...";
 try {
 Object o[] = evalLogonTicket(ticket, "c:\download\verify.pse", "");
 System.out.println("The User ID is: " + (String)o[0]);
 System.out.println("Issuing System (Sysid) : " + (String)o[1]);
 System.out.println("Issuing System (Client): " + (String)o[2]);
 System.out.println("Certificate Bytes : " + (byte[])o[3]);
 if (o[3] != null){
 byte[] cert_ = (byte[]) o[3];
 CertificateFactory cf = CertificateFactory.getInstance("X.509");
 //X509Certificate cert = (X509Certificate)
 cf.generateCertificate(new ByteArrayInputStream(cert_));
 System.out.println(o[3]);
 } catch (Exception e) {
 System.out.println(e);
 } catch (Throwable te) {
 System.out.println(te);
By System.loadLibrary(SSO2TICKETLIBRARY) sapssoext.dll will be loaded. By init(SECLIBRARY) the sapsecu.dll should be loaded (in fact by sapssoext.dll).
Hope it helps (but I'm afraid that you have got more or less the same code at your site)
Detlev

SSO to non sap

We are trying configure SSO to non SAP system using the IIS web filter. We were able to configure the web filter to receive the header variable authentication but the non SAP system is not recognizing it. Could any one of you share the document or throw some ideas on this. Your help is much appreciated.

Dear Ramesh,
Check this note 735639.May be this note will give an idea to narrow down the problem.
Best Regards,
Shyam Dontamsetty

SSO from non-SAP application to EP system

Hi all,
Is it possible to configure the Single sign-on from non-SAP application to SAP Enterprise portal?
My requirement is
I have a link to "Enterprise Portal" in my company's website home page. If I click on the link, it should directs to EP portal with out asking for logon.
Please suggest, is it possible??
Regards,
Sujoy

Hi Sujoy,
SSO implementation to non-browser applications i.e non-SAP systems is possible in 3 ways which are listed .Can find useful info in the below links.
http://help.sap.com/saphelp_nw70/helpdata/EN/12/9f244183bb8639e10000000a1550b0/frameset.htm
among the non-browser applciation if it is an MS dotnet system then the below article will give a clear understanding of SSO implementation.
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f05ae0f0-bf93-2b10-ed9e-a7320c012841
Regards
Supraja

SSO from Non-SAP portal to EP

Hi.
We need SSO from Non-SAP portal to EP.
The Non-SAP Portal has publish Form-based authentification.
I mean userid&password set to URL.
Then the EP can generate SAP Logon ticket to backend system?
regards,

How to Enable Single Sign-on with Non-SAP Web Application
I have very good material coollected for the same implement this.
http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a7b5ba90-0201-0010-4dbc-8f999dcd2798
Cheers!!
SJ.

How to send sales orders through XI to non sap system

Hello Experts,
i need to send Sales order details from ECC to non sap system.
anybody can help me to proceed with this in detailed way.
i know how to send idoc through xi between sap systems.
But i need between sap to non sap system.
Thanks & Regards,
Lakshmi..

Hi !!
Check this weblog on how to enable SSL:
/people/gregor.wolf3/blog/2005/10/11/setup-https-ssl-for-the-sneak-preview-sap-netweaver-04-abap-edition-on-windows
refer this realtive thread which shows the .NETnet integration with XI
Re: .NET Client Integration with SAP XI
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2131 [original link is broken] [original link is broken] [original link is broken]
for idoc related settings in r/3 refer the below link...
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/73527b2c-0501-0010-5398-c4ac372c9692
IDoc to File scenario
/people/prateek.shah/blog/2005/06/08/introduction-to-idoc-xi-file-scenario-and-complete-walk-through-for-starters
check this out ..
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/CABFAALEQS/CABFAALEQS.pdf
http://www.thespot4sap.com/Articles/SAP_ALE_Introduction.asp
Also go thru this Blogs
ALE Configuration for Pushing IDOC's from SAP to XI by Swaroopa Vishwanath
Configuration Steps for Posting IDOC's by Ravikumar Allampalam.
IDOC - File scenario
/people/prateek.shah/blog/2005/06/08/introduction-to-idoc-xi-file-scenario-and-complete-walk-through-for-starters
configuring IDOCS
/people/sravya.talanki2/blog/2006/12/27/aspirant-to-learn-sap-xiyou-won-the-jackpot-if-you-read-this-part-iii
IDOC scenarios
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/cdded790-0201-0010-6db8-beb9bb2b2660
Idoc related setting
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/73527b2c-0501-0010-5398-c4ac372c9692
refer this thread also
Integration between sap and non-sap
/people/prateek.shah/blog/2005/06/08/introduction-to-idoc-xi-file-scenario-and-complete-walk-through-for-starters
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/5651.. [original link is broken] [original link is broken] [original link is broken]
also referthe concept of SSO
To undersand SSO scenarios gothro the links in my reply in the following thread:
SSO scenarios and configuring steps
Check the following link to know the procedure for user mapping:
Procedure to follow for user mapping.
The following link gives you more idea on User Mapping:
More Info on User Mapping
Pls reward if useful

Provision UserID/Password from SAP Ssyetm to Non-SAP System

Hi,
I have a requirement to be able to provision UserID & Password from a SAP ECC6 system to a non-SAP thick client application. All interactions between ECC6 & the non-SAP Application will be via SAP PI. (SAP EEC6 <-> SAP PI <-> Non-SAP App)
Our landscape includes:
SAP ECC6
SAP BI
SAP PI
SAP SOLMAN
SAP Portal
non-SAP App
SAP IdM has been ruled out due to budget constraints, Active Directory is not suitable due to the requirement that the non-SAP application must be able to authenticate users if the WAN/LAN is down.
Yes, we could simply maintain the users in both systems, but for the time being that has been deemed not appropriate.
I have thought about using CUA on SOLMAN to provision to the SAP Systems & then use SAP PI somehow to provision to the non-SAP App, but I have no idea how to pass the raw user password through SAP PI.
If anyone has any ideas or can point me to links where I can do further research would be much appreciated.
Thanks in advance,
Stephen Hall

The search term "password AND synchronize" will help you further to find "flamewars" from the past.
You cannot send "raw" passwords from CUA, as the password is represented by a "one way" hash which is not decryptable by mortals, but rather the "raw" password is encrypted and the hashes are compared locally. Non-SAP systems cannot do this... (bar trial-and-error).
A better option would be to use a SSO mechanism. This is very easy within SAP.
For bi-directional authentication with non-SAP you will face some challanges...
The easiest option is to re-use a PKI certificate based authentication or re-use the native Kerberos authentication available for Windows bases PCs.
In the SAP --> non-SAP direction you can consider using a verification library to extract the user name - but that is not "state of the art" and if such a UID should be encrypted then have fun...
In the non-SAP --> SAP direction you are best off forgeting about the infrastructure trust or worste-case-scenario is a password sync. Rather re-authenticate the caller using a realm which already exist.
Active Directory is not suitable due to the requirement that the non-SAP application must be able to authenticate users if the WAN/LAN is down.
I would consider an application specific password self-service as a failover only and go for the AD or an "identity provider" which your applications trust as a service.
If your AD or entire network goes down you will probably be in bigger trouble than passwords... so you should not expose "raw" passwords during normal operations for this eventuality...
Cheers,
Julius

SSO to non SAP Application (ASP)

We have followed the sample steps for SSO to non SAP Applications in ASP, but we're receiving the following results:
Start SSO2TICKET main
Version: SAPSSOEXT 2
Ticket verifying failed. Return codes error=1 and ssf error=0
Does anyone know what the problem is and how to solve it?
Thanks!

hi ive,
u cn refer to this links.......these r some of the blogs that u cn go throu.its useful.
User Mapping-based Single Sign On,
SAP Logon Ticket-based Single Sign-On>
regards
bhargava

Web Server Filter Based SSO to Non-SAP Apps

Hi,
I am following SAP Note 442401 for configuring the Non-SAP App for Web Server Filter based SSO using SAP Logon Ticket. Also, I have downloaded the 5_0_2_8.zip file.
The Readme doc of this zip file says:
"Changes in Web server filter plugins
The Web server filter plug ins and the Ticket Toolkit now were separated.
See subdirectories for further information:
"C" the Ticket Toolkit
"filter" the Web server filter plug ins
This is the last released version (5.0.2.8) on SAPSERV.
Pleaser refer for newer versions to SAP Service Marketplace (http://service.sap.com/patches)
Technology Components-> SAP SSOEXT -> SAP SSOEXT"
Zip file has two folders named "C" and "filter".
"C" folder has cpp code to varify the ticket.
"Filter" folder has DLLs for the different web servers.
So far so good . Now, what I want to know is that is placing the DLL from the Filter folder onto the respective web server and doing some configs, as per the PDF provided with ZIP file, enough?
Or do I need to do anything else, like writing any class to read and validate the Ticket?
Thanks,
Vivek

See Web Server Filter Based SSO to Non-SAP Apps

Using ale u can send from sap to sap and sap to non sap systems

hi,
using ale u can send from sap to sap and sap to non sap systems,
then what is diff b/w ALE and EDI

Hello KALYAN KUMAR,
Application Link Enabling (ALE)
1.You distribute data using ALE if you want to communicate from one system to one or more other (mostly internal) systems.
2.ALE transfers data in IDoc format and uses the methods of tRFC for data transfer.
3.ALE enables the integration of business processes across several SAP or non-SAP systems.
Electronic Data Interchange (EDI)
1.You use EDI if you want to exchange business application documents with an (external) partner system (for example, a customer or vendor).
2. The SAP system sends EDI messages in IDoc format to an EDI subsystem, where they are converted to a universal EDI standard (UN/EDIFACT or ANSI/X12).
3. This enables communication with non-SAP systems.
By definition, two partners are involved in the process in an EDI application scenario: The sender and the recipient of an EDI message
I hope u understands the difference:)

SSO from non-SAP to SAP apps

Hi All,
Currently We have SAP applications, non-SAP applications(java, .NET, PHP etc) in our landscape.
If the client tries to access any non-SAP application it should ask for authentication and thereby for any subsequent access to any URL's(SAP or NON-SAP apps) it should not ask for any authentication.
FYI:
The client logins into SAP Portal(SAP to NON-SAP) first and thereby able to achieve SSO for non-SAP applications as well.
Currently we are stuck for the scanerio of Non-SAP to SAP apps ?
Please suggest.......
Thanks,
Mano.

Hi samuli,
Using SPNEGO, we can incorporate windows authentication for SAP Portal ( after desktop authentication user can logon without userid/password). But for non-sap apps this would be challenge.
I have another option, using webdispatcher if we enable server redirect for all applications(SAP & NON-SAP) and get authenticated centrally by which SSO can be achieved across all the apps.
Would above solution work ?
Thanks,
Mano.

SSO FOR NON SAP APPLICATIONS

SSO for non sap applications in EP on which siteminder sso is integrated
Posted: Aug 28, 2006 7:09 AM Reply E-mail this post
Hi ,
we have implemented Siteminder on SAP PORTAL 6 SP16 for authentication.I would like to integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder external authentication is implemented.
can anybody help for getting step by step document.
diff rewards to be given

Hi,
if you have access to service.sap.com via S-User, you can download "SAP Enterprise Portal Security Guide" in the portal section. It has dedicated descriptions about SSO-Settings, also about netegrity.
You can also search help.sap.com about "SSO" which gives you overview descriptions.
On SAP Service Net, there is also an pdf "Integrating Security functions" in the Netweaver 2004s Portal section, where the description of the Java API for the PDK is included. This is very helpfull for coding.

Uploading data from non sap system to sap system

hi to all experts,
my requirement is to upload data into the sap system from non sap system . the data is in a flat file ,but the problem is that in the flat file all the field lengths and fields are not in order or same as sap system. How to upload the data into sap system ....

hi,
the data is in a flat file,but the problem is that in the flat file all the field lengths and fields are not in order or same as sap system.
If the data is in excel sheet use this FM.
CALL FUNCTION 'ALSM_EXCEL_TO_INTERNAL_TABLE'
    EXPORTING
      FILENAME                      = P_FILE
      I_BEGIN_COL                   = 1
      I_BEGIN_ROW                   = 1
      I_END_COL                     = 17
      I_END_ROW                     = 3000
    TABLES
      INTERN                        = itab
EXCEPTIONS
INCONSISTENT_PARAMETERS       = 1
UPLOAD_OLE                    = 2
OTHERS                        = 3
It will read the data from excel sheet column wise and then store it in ITAB. you can change the order after reading the file.
In case of Text file use FM GUI_UPLOAD.
You can change the order of the fileds after reading it from file, but the length and all you have to make compatible to SAP standard fields.
Regards,
Sachin

External requirement from non SAP system created in SRM 7.0 Extended Classi

Hello SRM Gurus:
Has anyone created an external requirement using XI ExternalRequirement_Create_In (http://sap.com/xi/EBP). We are getting a E001 "No company code could be determined for backend for product##". I traced the error to FM 'BAPI_SCEC_CREATE' in class "CL_BBPX_EXTERNAL_REQUIREMENT". What I found is that it check the attributes for BUK and updates a table with the backend EEC system. Then it checks if any of the entries match our external non SAP system in our external requirement and since it is a non SAP system none do. Then it sets a return error code.
I configured our non SAP system in the SLD and in SPRO under "Define System Landscape" as a non SAP system.
We are running external classic scenario. We just want to created a shopping cart from an external non SAP system. Source the shopping cart in SRM and create the PO in SRM/ECC. We are not using a product master but creating "describe requirement" in our external system. Our product categories are replicated from ECC and the same codes used in our external non SAP planning system.
If I change the external planning system to the ECC backend system, the external requirement is created in SRM but when I source it and convert it to a PO, it returns a backend error that the external requirement number does not exist in ECC. Therefore it appears all of our data from our external system is correct with the exception of how to deternine the backend company code
According to SAP this should be possible using XI.
Has anyone been successful doing this or can you please advise any OSS notes or documentation explaining how to do this. Please advise if you need additikonal info.
Thanks in advance.
Bert

Dear Poster,
As no response has been provided to the thread in some time I must assume the issue is resolved, if the question is still valid please create a new thread rephrasing the query and providing as much data as possible to promote response from the community.
Best Regards,
SDN SRM Moderation Team

Sso to non sap systems

Similar Messages

Maybe you are looking for