SSO to SAP R3 thru ITS 6.20 with Logon tickets

Hi All,
I am trying to configure SSO to R3 thru ITS with the Logon Tickets.
I have configured R3 to accept the tickets using STRUSTSSO2.
Downloaded the verify.der file from Portal and imported to R3
And tried to test the System connection.
If I use SAP GUI for Windows,the logon ticket is passed and SSO happens
with out any problem.
But If I use SAP GUI for html,then ITS Logon screen appears and once I
enter the user id and password it logs in.
In ITS global.srvc file I have added the following parameter
~mysapcomusesso2cookie 1
I also have the following parameters in the global.srvc file
~login <space>
~password <space>
Do I need to configure any thing more in ITS.
Where am I going wrong.
I have read regarding Pluggable Authentication Service(PAS).Is this mandatory for SSO thru ITS
Please let me know
I am working on EP6 SP14
Any help is really appreciated
Thanks in advance
Regards,
Santhosh

Hi,
IWithin System definition of R/3 System, you've to give the FQDN of ITS just same as Portal system. For example if your Portal system's FQDN is below:
http://portal.hedehode.com:50000/irj
then the ITS Server definition (parameter ITS Hostname) must be:
itsserver.hedehode.com:port
for portal to resolve itsserver.hedehode.com host, you may need to enter its IP address into hosts (c:\windows\system32\drivers\etc\hosts) file of portal system.
<ip> itsserver.hedehode.com

Similar Messages

SSO with Logon Ticket to non-SAP Unix based application

Hi all,
Anyone has implemented SSO with Logon Ticket to a Unix box ?
We need to achieve Single Sign On between our EP5.0 SP5 Portal and a third-party web application with a front-end on a Unix AIX machine with Apache.
We achieved SSO with non-SAP applications with Logon Tickets, but one was to an IIS system in another domain (we therefore used the standard Web Filter for IIS and declared it in usermanagement for cross-domain support) and another one running on Windows platform (we used the C libraries provided in the "Logon Ticket Toolkit": NT or Linux only).
From what we understand and found on the web sites, we cannot reuse any standard web filter (none for Unix, am I correct ???) and want to implement custom code using SAP libraries, if possible using Java
-> Are there any Java libraries that are available to both:
. verify the logon ticket with the deployed Portal public key
. decrypt/extract the authenticated username from this ticket ??
I've seen a mention of Java libraries, and Unix, in a SAP EP 6.0 document but I'm not sure where to find them...
Is the SAP Logon Ticket issued the same way in EP 5.0 and EP 6.0 ?
I managed to find something called SAPSSOEXT, for AIX, which contains some partial library and a sample, but it is dated 2000 !! Anyone has more information about this ?
Any hint is very much appreciated.
Thanks a lot
Olivier

Check these links for reference regarding AIX and Apache using X.509 certificates:
http://publib16.boulder.ibm.com/pseries/en_US/aixbman/security/cas_pki.htm
And just using cookies -
http://forums.devshed.com/archive/t-105611 (perl based)
You can also use mod_ssl built into your Apache to facilitate both certificate based authentication as well as encryption.
The mod_ssl route is most secure (because of the encryption), the IBM link is comprehensive but requires extra infrastructure (LDAP).
Nick
Nick

SSO fails with logon ticket

Hi all ,
Could some advice on this .I have some issues with SSO with logon tickets .
My landscape consists of
- EP 6.0 SP on WAS J2EE 6.0
- ECC 5.0 SP7 on WAS ABAP 6.0
I am trying to do SSO between portal and ECC , where in portal is the ticket issuer
and my ECC accepts the ticket . Follwing are the steps I have done .
1. From keystore Administrator , I have downloaded the verity.der .
2. From my ECC system , run STRUSTSS02 transaction and done following activities
a. import the verity.der into certificate area ( selecte dfile format as binary )
b. Added certificate into PSE
c. Add to ACL ( here I have selected my portal SID , client
as 000 ( Do is need to give a different client ???...)
d. Saved everything
3. Then I have created a system object for my ECC system , given all the connector parametrs,
user management as logon ticket and created an alias too .
But when I tested is is failure
I have also created a JCO destination under the webdynpro content admin and selected the
logon ticket as the option , there also the test fails
Could any body advice what am I doing wrong ?
THanks
Aneez

Phani ,
Here is the trace .
M *** BEGIN USER TRACE UID >915< MODE >1< STEP >1< REQID >11685< TIME >053138< DATE >20050805< WP >0< WP_TYPE >DIA< CONV_ID >5028
N dy_signi_ext: SSO TICKET logon (client 110)
N mySAPUnwrapCookie: was called.
N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.
N HmskiFindTicketInCache: Try to find ticket with cache key: 110:F8906A99658752C18D6007083CC6D4A3 .
N HmskiFindTicketInCache: Couldn't find ticket in ticket cache.
N I don't need to ask RunningCompatibly to know: I'm >= 46C.
N mySAP: Got the following SSF Params:
N DN =CN=DV1
N EncrAlg=DES-CBC
N Format =PKCS7
N Toolkit =SAPSECULIB
N HashAlg =SHA1
N Profile =/usr/sap/DV1/DVEBMGS00/sec/SAPSYS.pse
N PAB =/usr/sap/DV1/DVEBMGS00/sec/SAPSYS.pse
N Got the codepage 4102.
N Got ticket (head) AjExMDAgAA5wb3J0YWw6QUhBTUVFRIgAE2Jhc2lj. Length = 444.
N 00000000 00 41 00 6a 00 45 00 78 00 4d 00 44 00 41 00 67 .A.j.E.x.M.D.A.g
N 00000010 00 41 00 41 00 35 00 77 00 62 00 33 00 4a 00 30 .A.A.5.w.b.3.J.0
N 00000020 00 59 00 57 00 77 00 36 00 51 00 55 00 68 00 42 .Y.W.w.6.Q.U.h.B
N 00000030 00 54 00 55 00 56 00 46 00 52 00 49 00 67 00 41 .T.U.V.F.R.I.g.A
N 00000040 00 45 00 32 00 4a 00 68 00 63 00 32 00 6c 00 6a .E.2.J.h.c.2.l.j
N 00000050 00 59 00 58 00 56 00 30 00 61 00 47 00 56 00 75 .Y.X.V.0.a.G.V.u
N 00000060 00 64 00 47 00 6c 00 6a 00 59 00 58 00 52 00 70 .d.G.l.j.Y.X.R.p
N 00000070 00 62 00 32 00 34 00 42 00 41 00 41 00 41 00 43 .b.2.4.B.A.A.A.C
N 00000080 00 41 00 41 00 4d 00 77 00 4d 00 44 00 41 00 44 .A.A.M.w.M.D.A.D
N 00000090 00 41 00 41 00 4e 00 46 00 55 00 45 00 51 00 45 .A.A.N.F.U.E.Q.E
N 000000A0 00 41 00 41 00 77 00 79 00 4d 00 44 00 41 00 31 .A.A.w.y.M.D.A.1
N 000000B0 00 4d 00 44 00 67 00 77 00 4e 00 54 00 41 00 35 .M.D.g.w.N.T.A.5
N 000000C0 00 4d 00 6a 00 49 00 46 00 41 00 41 00 51 00 41 .M.j.I.F.A.A.Q.A
N 000000D0 00 41 00 41 00 41 00 49 00 43 00 67 00 41 00 41 .A.A.A.I.C.g.A.A
N 000000E0 00 2f 00 77 00 44 00 31 00 4d 00 49 00 48 00 79 ./.w.D.1.M.I.H.y
N 000000F0 00 42 00 67 00 6b 00 71 00 68 00 6b 00 69 00 47 .B.g.k.q.h.k.i.G
N 00000100 00 39 00 77 00 30 00 42 00 42 00 77 00 4b 00 67 .9.w.0.B.B.w.K.g
N 00000110 00 67 00 65 00 51 00 77 00 67 00 65 00 45 00 43 .g.e.Q.w.g.e.E.C
N 00000120 00 41 00 51 00 45 00 78 00 43 00 7a 00 41 00 4a .A.Q.E.x.C.z.A.J
N 00000130 00 42 00 67 00 55 00 72 00 44 00 67 00 4d 00 43 .B.g.U.r.D.g.M.C
N 00000140 00 47 00 67 00 55 00 41 00 4d 00 41 00 73 00 47 .G.g.U.A.M.A.s.G
N 00000150 00 43 00 53 00 71 00 47 00 53 00 49 00 62 00 33 .C.S.q.G.S.I.b.3
N 00000160 00 44 00 51 00 45 00 48 00 41 00 54 00 47 00 42 .D.Q.E.H.A.T.G.B
N 00000170 00 77 00 54 00 43 00 42 00 76 00 67 00 49 00 42 .w.T.C.B.v.g.I.B
N 00000180 00 41 00 54 00 41 00 54 00 4d 00 41 00 34 00 78 .A.T.A.T.M.A.4.x
N 00000190 00 44 00 44 00 41 00 4b 00 42 00 67 00 4e 00 56 .D.D.A.K.B.g.N.V
N 000001A0 00 42 00 41 00 4d 00 54 00 41 00 30 00 56 00 51 .B.A.M.T.A.0.V.Q
N 000001B0 00 52 00 41 00 49 00 42 00 41 00 44 00 41 00 4a .R.A.I.B.A.D.A.J
N 000001C0 00 42 00 67 00 55 00 72 00 44 00 67 00 4d 00 43 .B.g.U.r.D.g.M.C
N 000001D0 00 47 00 67 00 55 00 41 00 6f 00 46 00 30 00 77 .G.g.U.A.o.F.0.w
N 000001E0 00 47 00 41 00 59 00 4a 00 4b 00 6f 00 5a 00 49 .G.A.Y.J.K.o.Z.I
N 000001F0 00 68 00 76 00 63 00 4e 00 41 00 51 00 6b 00 44 .h.v.c.N.A.Q.k.D
N 00000200 00 4d 00 51 00 73 00 47 00 43 00 53 00 71 00 47 .M.Q.s.G.C.S.q.G
N 00000210 00 53 00 49 00 62 00 33 00 44 00 51 00 45 00 48 .S.I.b.3.D.Q.E.H
N 00000220 00 41 00 54 00 41 00 63 00 42 00 67 00 6b 00 71 .A.T.A.c.B.g.k.q
N 00000230 00 68 00 6b 00 69 00 47 00 39 00 77 00 30 00 42 .h.k.i.G.9.w.0.B
N 00000240 00 43 00 51 00 55 00 78 00 44 00 78 00 63 00 4e .C.Q.U.x.D.x.c.N
N 00000250 00 4d 00 44 00 55 00 77 00 4f 00 44 00 41 00 31 .M.D.U.w.O.D.A.1
N 00000260 00 4d 00 44 00 6b 00 79 00 4d 00 6a 00 41 00 31 .M.D.k.y.M.j.A.1
N 00000270 00 57 00 6a 00 41 00 6a 00 42 00 67 00 6b 00 71 .W.j.A.j.B.g.k.q
N 00000280 00 68 00 6b 00 69 00 47 00 39 00 77 00 30 00 42 .h.k.i.G.9.w.0.B
N 00000290 00 43 00 51 00 51 00 78 00 46 00 67 00 51 00 55 .C.Q.Q.x.F.g.Q.U
N 000002A0 00 4e 00 78 00 47 00 53 00 38 00 70 00 65 00 6b .N.x.G.S.8.p.e.k
N 000002B0 00 68 00 62 00 5a 00 32 00 6e 00 79 00 6e 00 61 .h.b.Z.2.n.y.n.a
N 000002C0 00 46 00 4c 00 4b 00 54 00 51 00 2f 00 37 00 43 .F.L.K.T.Q./.7.C
N 000002D0 00 42 00 5a 00 6b 00 77 00 43 00 51 00 59 00 48 .B.Z.k.w.C.Q.Y.H
N 000002E0 00 4b 00 6f 00 5a 00 49 00 7a 00 6a 00 67 00 45 .K.o.Z.I.z.j.g.E
N 000002F0 00 41 00 77 00 51 00 76 00 4d 00 43 00 30 00 43 .A.w.Q.v.M.C.0.C
N 00000300 00 46 00 41 00 32 00 53 00 63 00 53 00 6f 00 71 .F.A.2.S.c.S.o.q
N 00000310 00 4d 00 53 00 51 00 41 00 2f 00 75 00 41 00 42 .M.S.Q.A./.u.A.B
N 00000320 00 70 00 43 00 69 00 61 00 6b 00 6f 00 68 00 69 .p.C.i.a.k.o.h.i
N 00000330 00 68 00 75 00 44 00 79 00 41 00 68 00 55 00 41 .h.u.D.y.A.h.U.A
N 00000340 00 36 00 4e 00 56 00 48 00 43 00 53 00 6b 00 50 .6.N.V.H.C.S.k.P
N 00000350 00 58 00 49 00 52 00 6c 00 63 00 57 00 2b 00 32 .X.I.R.l.c.W.+.2
N 00000360 00 6a 00 41 00 45 00 30 00 31 00 37 00 55 00 62 .j.A.E.0.1.7.U.b
N 00000370 00 61 00 63 00 34 00 3d .a.c.4.=
N Dump of InContext (ssoxxapi.c 155)
N 00000000 00 34 00 31 00 30 00 32 0f ff ff ff ff ff 54 e8 .4.1.0.2.ÿÿÿÿÿTè
N 00000010 00 00 00 01 83 37 73 10 0f ff ff ff ff ff 59 98 .....7s..ÿÿÿÿÿY.
N 00000020 00 00 01 bc 00 00 00 00 00 00 00 01 00 93 ee 8c ...¼..........î.
N 00000030
N Copies from InContext->Format: PKCS7 (ssoxxapi.c 162)
N Copies from InContext->pzcsProName: /usr/sap/DV1/DVEBMGS00/sec/SAPSYS.pse (ssoxxapi.c 165)
N DecodeB64Len returns 0. iDecLength=332
N Dump of Decoded ticket: (ssoxxapi.c 187)
N 00000000 02 31 31 30 30 20 00 0e 70 6f 72 74 61 6c 3a 41 .1100 ..portal:A
N 00000010 48 41 4d 45 45 44 88 00 13 62 61 73 69 63 61 75 HAMEED...basicau
N 00000020 74 68 65 6e 74 69 63 61 74 69 6f 6e 01 00 00 02 thentication....
N 00000030 00 03 30 30 30 03 00 03 45 50 44 04 00 0c 32 30 ..000...EPD...20
N 00000040 30 35 30 38 30 35 30 39 32 32 05 00 04 00 00 00 0508050922......
N 00000050 08 0a 00 00 ff 00 f5 30 81 f2 06 09 2a 86 48 86 ....ÿ.õ0.ò..*.H.
N 00000060 f7 0d 01 07 02 a0 81 e4 30 81 e1 02 01 01 31 0b ÷.... .ä0.á...1.
N 00000070 30 09 06 05 2b 0e 03 02 1a 05 00 30 0b 06 09 2a 0...+......0...*
N 00000080 86 48 86 f7 0d 01 07 01 31 81 c1 30 81 be 02 01 .H.÷....1.Á0.¾..
N 00000090 01 30 13 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 .0.0.1.0...U....
N 000000A0 45 50 44 02 01 00 30 09 06 05 2b 0e 03 02 1a 05 EPD...0...+.....
N 000000B0 00 a0 5d 30 18 06 09 2a 86 48 86 f7 0d 01 09 03 . ]0...*.H.÷....
N 000000C0 31 0b 06 09 2a 86 48 86 f7 0d 01 07 01 30 1c 06 1...*.H.÷....0..
N 000000D0 09 2a 86 48 86 f7 0d 01 09 05 31 0f 17 0d 30 35 .*.H.÷....1...05
N 000000E0 30 38 30 35 30 39 32 32 30 35 5a 30 23 06 09 2a 0805092205Z0#..*
N 000000F0 86 48 86 f7 0d 01 09 04 31 16 04 14 37 11 92 f2 .H.÷....1...7..ò
N 00000100 97 a4 85 b6 76 9f 29 da 14 b2 93 43 fe c2 05 99 .¤.¶v.)Ú.².CþÂ..
N 00000110 30 09 06 07 2a 86 48 ce 38 04 03 04 2f 30 2d 02 0...*.HÎ8.../0-.
N 00000120 14 0d 92 71 2a 2a 31 24 00 fe e0 01 a4 28 9a 92 ...q**1$.þà.¤(..
N 00000130 88 62 86 e0 f2 02 15 00 e8 d5 47 09 29 0f 5c 84 .b.àò...èÕG.)..
N 00000140 65 71 6f b6 8c 01 34 d7 b5 1b 69 ce eqo¶..4×µ.iÎ
N Read version.
N Read Codepage.
N Read InfoUnit (0x20).
N Read length (14).
N Read contents.
N Read InfoUnit (0x88).
N Read length (19).
N Read contents.
N Read InfoUnit (0x01).
N Read length (0).
N Read contents.
N Read InfoUnit (0x02).
N Read length (3).
N Read contents.
N Read InfoUnit (0x03).
N Read length (3).
N Read contents.
N Read InfoUnit (0x04).
N Read length (12).
N Read contents.
N Read InfoUnit (0x05).
N Read length (4).
N Read contents.
N Read InfoUnit (0x0A).
N Read length (0).
N Read contents.
N Read InfoUnit (0xFF).
N ParseTicket returns 0. (ssoxxapi.c 199)
N Bytes processed: 85 (ssoxxapi.c 202)
N Argument Dump for ticket verification:
N Content byte stream:
N 00000000 02 31 31 30 30 20 00 0e 70 6f 72 74 61 6c 3a 41 .1100 ..portal:A
N 00000010 48 41 4d 45 45 44 88 00 13 62 61 73 69 63 61 75 HAMEED...basicau
N 00000020 74 68 65 6e 74 69 63 61 74 69 6f 6e 01 00 00 02 thentication....
N 00000030 00 03 30 30 30 03 00 03 45 50 44 04 00 0c 32 30 ..000...EPD...20
N 00000040 30 35 30 38 30 35 30 39 32 32 05 00 04 00 00 00 0508050922......
N 00000050 08 0a 00 00 ....
N
N Signature byte stream:
N 00000000 30 81 f2 06 09 2a 86 48 86 f7 0d 01 07 02 a0 81 0.ò..*.H.÷.... .
N 00000010 e4 30 81 e1 02 01 01 31 0b 30 09 06 05 2b 0e 03 ä0.á...1.0...+..
N 00000020 02 1a 05 00 30 0b 06 09 2a 86 48 86 f7 0d 01 07 ....0...*.H.÷...
N 00000030 01 31 81 c1 30 81 be 02 01 01 30 13 30 0e 31 0c .1.Á0.¾...0.0.1.
N 00000040 30 0a 06 03 55 04 03 13 03 45 50 44 02 01 00 30 0...U....EPD...0
N 00000050 09 06 05 2b 0e 03 02 1a 05 00 a0 5d 30 18 06 09 ...+...... ]0...
N 00000060 2a 86 48 86 f7 0d 01 09 03 31 0b 06 09 2a 86 48 .H.÷....1....H
N 00000070 86 f7 0d 01 07 01 30 1c 06 09 2a 86 48 86 f7 0d .÷....0...*.H.÷.
N 00000080 01 09 05 31 0f 17 0d 30 35 30 38 30 35 30 39 32 ...1...050805092
N 00000090 32 30 35 5a 30 23 06 09 2a 86 48 86 f7 0d 01 09 205Z0#..*.H.÷...
N 000000A0 04 31 16 04 14 37 11 92 f2 97 a4 85 b6 76 9f 29 .1...7..ò.¤.¶v.)
N 000000B0 da 14 b2 93 43 fe c2 05 99 30 09 06 07 2a 86 48 Ú.².CþÂ..0...*.H
N 000000C0 ce 38 04 03 04 2f 30 2d 02 14 0d 92 71 2a 2a 31 Î8.../0-....q**1
N 000000D0 24 00 fe e0 01 a4 28 9a 92 88 62 86 e0 f2 02 15 $.þà.¤(...b.àò..
N 000000E0 00 e8 d5 47 09 29 0f 5c 84 65 71 6f b6 8c 01 34 .èÕG.)..eqo¶..4
N 000000F0 d7 b5 1b 69 ce ×µ.iÎ
N Encoded content byte stream:
N 00000000 30 63 06 09 2a 86 48 86 f7 0d 01 07 01 a0 56 04 0c..*.H.÷.... V.
N 00000010 54 02 31 31 30 30 20 00 0e 70 6f 72 74 61 6c 3a T.1100 ..portal:
N 00000020 41 48 41 4d 45 45 44 88 00 13 62 61 73 69 63 61 AHAMEED...basica
N 00000030 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 01 00 00 uthentication...
N 00000040 02 00 03 30 30 30 03 00 03 45 50 44 04 00 0c 32 ...000...EPD...2
N 00000050 30 30 35 30 38 30 35 30 39 32 32 05 00 04 00 00 00508050922.....
N 00000060 00 08 0a 00 00 .....
N Verify returns 0 (ssoxxsgn.c 189)
N Certificate is:
N 00000000 30 82 02 1d 30 82 02 08 02 01 00 30 09 06 07 2a 0...0......0...*
N 00000010 86 48 ce 38 04 03 30 0e 31 0c 30 0a 06 03 55 04 .HÎ8..0.1.0...U.
N 00000020 03 13 03 45 50 44 30 1e 17 0d 30 35 30 37 30 35 ...EPD0...050705
N 00000030 31 31 34 30 35 30 5a 17 0d 30 37 30 37 30 35 31 114050Z..0707051
N 00000040 31 34 30 35 30 5a 30 0e 31 0c 30 0a 06 03 55 04 14050Z0.1.0...U.
N 00000050 03 13 03 45 50 44 30 82 01 b6 30 82 01 2b 06 07 ...EPD0..¶0..+..
N 00000060 2a 86 48 ce 38 04 01 30 82 01 1e 02 81 81 00 82 *.HÎ8..0........
N 00000070 7d d4 9c a2 05 69 84 e9 83 71 b1 34 0d 5d 71 83 }Ô.¢.i.é.q±4.]q.
N 00000080 92 85 b2 5a ca a3 82 d7 ac 38 6e 94 40 84 3f 0a ..²ZÊ£.×¬8n.@.?.
N 00000090 46 7a a8 75 a8 c1 ca 3b 70 ba 6a 97 07 12 f6 b1 Fz¨u¨ÁÊ;pºj...ö±
N 000000A0 99 ed 3e ec 53 13 f3 94 0a 67 bb d6 9f 38 72 29 .í>ìS.ó..g»Ö.8r)
N 000000B0 61 ab 02 3d 17 a1 33 3c 52 23 5d 9f b7 d1 0e 95 a«.=.¡3<R#].·Ñ..
N 000000C0 e3 a5 5e f9 b0 4f c7 c9 20 c5 72 da 7a c3 d5 0f ã¥^ù°OÇÉ ÅrÚzÃÕ.
N 000000D0 24 0d bb 8e 54 da 9e bb 70 21 11 c5 35 82 e5 35 $.».TÚ.»p!.Å5.å5
N 000000E0 85 2e 9f 59 39 79 b3 32 50 c8 86 83 96 19 17 02 ...Y9y³2PÈ......
N 000000F0 15 00 fa 50 79 da fa 3f 3a b1 e8 0a 6d f5 bd 16 ..úPyÚú?:±è.mõ½.
N 00000100 f2 24 d8 f8 d7 1b 02 81 80 4f bd f5 2e 33 04 f0 ò$Øø×....O½õ.3.ð
N 00000110 51 c1 7c a5 5c 93 81 b5 c1 7d 4c 20 50 76 85 34 QÁ|¥..µÁ}L Pv.4
N 00000120 50 cf d9 fc 72 b2 e1 b2 b1 6f a0 10 48 b8 ff 17 PÏÙür²á²±o .H¸ÿ.
N 00000130 e7 a9 0a e1 e0 18 05 3e 34 d9 d5 61 df 71 4c c8 ç©.áà..>4ÙÕaßqLÈ
N 00000140 dc 92 b1 51 b5 df 66 59 70 6b 5e 57 c3 19 a2 d6 Ü.±QµßfYpk^WÃ.¢Ö
N 00000150 58 3b 7d 32 d2 e9 e1 f1 66 3e aa ac 46 0d cd 4e X;}2Òéáñf>ª¬F.ÍN
N 00000160 67 70 36 f7 f9 be 0b 2e 16 a0 5d 69 5d 5b 81 13 gp6÷ù¾... ]i][..
N 00000170 a9 03 cb 38 63 56 1a bd 36 4a 5d 6c 15 66 17 fa ©.Ë8cV.½6J]l.f.ú
N 00000180 10 a3 20 99 e1 d2 34 77 13 03 81 84 00 02 81 80 .£ .áÒ4w........
N 00000190 6b a6 d4 4e e8 03 f6 f1 35 83 fb 37 01 1f 3c 5c k¦ÔNè.öñ5.û7..<
N 000001A0 8e 75 ad 1f 2d b3 9b 69 4f b3 a3 36 b6 9f 38 07 .u..-³.iO³£6¶.8.
N 000001B0 fe bf f1 0b ca 24 fe 5c a7 33 a1 55 c9 65 c5 4c þ¿ñ.Ê$þ\u00A73¡UÉeÅL
N 000001C0 97 a1 e7 58 d1 47 7f 72 36 47 bf f4 cc 6d 12 14 .¡çXÑG.r6G¿ôÌm..
N 000001D0 cc 61 be 82 b5 50 be 16 7a cc 4d 47 1e 80 2f 6d Ìa¾.µP¾.zÌMG../m
N 000001E0 2e d4 19 69 80 e6 26 13 23 4f 07 0a 9c 87 13 91 .Ô.i.æ&.#O......
N 000001F0 7b 75 57 93 e1 8d 42 5f 28 47 e2 61 27 6d 0c 4c {uW.á.B_(Gâa'm.L
N 00000200 55 99 37 33 cc 92 c0 b9 06 d1 99 68 d0 17 c1 4d U.73Ì.À¹.Ñ.hÐ.ÁM
N 00000210 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 03 01 0...*.H.÷.......
N 00000220 00 .
N ValidateTicket returns 0. (ssoxxapi.c 225)
N MskiValidateTicket returns 0.
N Next node:
N 00000000 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 00 00 00 00 00 00 00 00 01 84 e7 8a 10 .............ç..
N 00000110 00 00 00 00 00 00 00 00 ........
N Next node:
N 00000000 02 00 30 00 30 00 30 00 00 00 00 00 00 00 00 00 ..0.0.0.........
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 06 00 03 00 00 00 00 00 01 84 e7 95 10 .............ç..
N 00000110 00 00 00 01 84 e4 37 b0 .....ä7°
N Next node:
N 00000000 03 00 45 00 50 00 44 00 00 00 00 00 00 00 00 00 ..E.P.D.........
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 06 00 03 00 00 00 00 00 01 85 0e cd 30 ..............Í0
N 00000110 00 00 00 01 84 e7 8a 10 .....ç..
N Next node:
N 00000000 04 00 32 00 30 00 30 00 35 00 30 00 38 00 30 00 ..2.0.0.5.0.8.0.
N 00000010 35 00 30 00 39 00 32 00 32 00 00 00 00 00 00 00 5.0.9.2.2.......
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 18 00 0c 00 00 00 00 00 01 85 0e d0 b0 ..............Ð°
N 00000110 00 00 00 01 84 e7 95 10 .....ç..
N Next node:
N 00000000 05 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 04 00 00 00 00 00 00 00 01 85 0f 76 90 ..............v.
N 00000110 00 00 00 01 85 0e cd 30 ......Í0
N Next node:
N 00000000 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 00 00 00 00 00 00 00 00 01 84 0a a6 30 ..............¦0
N 00000110 00 00 00 01 85 0e d0 b0 ......Ð°
N Next node:
N 00000000 20 70 6f 72 74 61 6c 3a 41 48 41 4d 45 45 44 00 portal:AHAMEED.
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 0e 00 00 00 00 00 00 00 01 84 0b 7a 10 ..............z.
N 00000110 00 00 00 01 85 0f 76 90 ......v.
N Next node:
N 00000000 88 62 61 73 69 63 61 75 74 68 65 6e 74 69 63 61 .basicauthentica
N 00000010 74 69 6f 6e 00 00 00 00 00 00 00 00 00 00 00 00 tion............
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000110 00 00 00 01 84 0a a6 30 ......¦0
N Got content client = 000.
N Got content sysid = EPD .
N No entry in TWPSSO2ACL for SYS EPD and CLI 000.
N CheckSubject failed (rc=19). Verifying if ticket was issued by me.
N *** ERROR => System ID and client from ticket are not the same than mine. (ssoxxkrn.c 798)
N Data from ticket: sysid=EPD , client=000
N My system data: sysid=DV1 , client=110
N *** ERROR => Neither was ticket issued by myself nor can I find issuer in TWPSSO2ACL. (ssoxxkrn.c 804)
N dy_signi_ext: issuer not trusted
M *** END USER TRACE NAME >SAPSYS < UID >915< MODE >1< STEP >1< TIME >053139< DATE >20050805< WP >0< WP_TYPE >DIA<
Thanks
Aneez

Not able to activate SSO with logon tickets...

Hi all,
I configured SSO with logon tickets on a new installation of EP 7.0 Nw 2004s SR2.
The target R3 server is in a different domain. But i added the certificate receiver portal server address in the UME service entries.
But when i try to test it, it is showing the password entry login screen.
Is there any changes i need to make to the logon stacks?
Given below are the major steps i completed.
1. Created RFC destination in portal
2. Created RFC destination for portal in R3
3. Exported verify.der certificate to R3.
4. Added necessary entries for R3 sever in the portal security providers list.
5. Restarted portal j2ee instance.
Did I miss out any required steps?
I doubt whether logon tickets are generated from the portal , since it directly shows the normal login screen when i test.
Can anyone help me on this?
Thanks in advance
Shobin

Hi,
Thanks alot for your reply.
I checked sso2. The connection fails there. But long back, we had created another destination in the R3 system to use in a different portal instance. There, SSO works fine. Even this destination also fails when checked through sso2.
I login to portal with administrator rights which has the same user id in R3 also. Please note that both these systems are in different domain. But I have added another host name in ume.service.login property which is already set up for SSO with the target R3 system.
When i test SSO, i am not getting any error messages regarding the certificate or logon ticket. It simply ask me for a user name and password.
Is there any change i have to do in logon stacks to give preference to logon tickets?
Thanks alot
Shobin

SSO-Logon from mobile device - create logon ticket from WebDynpro for Java

Hi Experts,
I'm developing WebDynpro-JAVA application for some warehouse stuff (runs on a portal system, clients are mobile barcode-scanners with Windows mobile 5.0). JCOs from the portal system to the R/3-backend are confirgured for SSO with Logon-tickets and portal uses LDAP for authentication against a Windows-ADS.
This works so far ... but my problem is the standard Logon-screen, which is nearly unusable on the mobile device (screen size, layout, etc.). Is there any solution to create logon-tickets directly from the WebDynpro application (using something from com.sap.engine.interfaces.security.auth or similar ?) or any chance to have a special logon screen for mobile devices (parameter sap-wd-client=Pie03Client is ignored for the logon screen).
Thanks in advance.
regards,
Hendrik

Hi Henrik,
Did you find the solution to your problem ?
I'm facing the same issue, so I'd be pleased to know the solution!
Regards
Stekam

SSO to non SAP Application using SAP Logon Ticket

Hi Experts,
I Have EP 7 SP 15 using SPNego Wizard to SSO with Active Directory and SSO between EP and ECC using SAP Certificates.
Now I have a demand to SSO some JAVA based applications (non SAP) to my portal using the SAP Logon Ticket.
I Have followed some blogs that directed me to use SAPSSOEXT (some libs) to read the MYSAPSSO2 cookie. The problem is that I didn't found this cookie, I even executed the command javascript:document to look for this cookie but the browser just show me the JSESSIONID info.
Does anybody knows where I can find this cookie or if there's a better way to set up this SSO? It´s necessary to say that I cannot SSO these application to the kerberos protocol because some security reasons on my company.
Thanks
Armando

Hi,
I dont have much info related but i can giv u hint
refer OSS Notes 442401 and 723896.
When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
In the first case, the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
In the second case, the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
You can refer following link :-
http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
user authentication and SSO
http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
Authentication Using a Directory with SSO Integration Using Logon Tickets
http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
SSO
SAP Logon Ticket-based Single Sign-On
http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm

SSO to SAP EP6 (for Employee Self Service) using WebSEAL

Hi SDN friends,
We are about to embark on a SSO implementation using IBM WebSEAL for SAP EP6 ESS (Employee Self Service) connecting through to an SAP R/3 4.7 server. Since the ESS solution for 4.7 still uses ITS services, this means that we have ITS iViews in the EP6 portal.
We have managed to look through the whitepaper 'IBM Tivoli Access Manager - Single Sign On for SAP NetWeaver - September 2005' described at https://www.sdn.sap.com/irj/sdn/developerareas/ibm
We have the following queries, if anybody has a simple answer to these:
- Is it absolutely necessary to configure an SNC connection between ITS/EP6 and R/3 server to achieve SSO for the portal?
- Given that SAP EP6 references ITS IAC iviews, is it necessary for us to configure both ITS and EP6 for SSO, or can we simply configure EP6 for SSO? If so, is it also necessary to configure both for SSL?
- Otherwise, how easy is it to set up SSO in this scenario without SSL (for demo purposes)?
Any thoughts would be greatly appreciated.
Cheers
John Moy

Hello John,
regarding your questions:
ad 1) no. SNC is only mandatory if you use X.509-based SSO to R/3. You can also use SAP logon ticket-based SSO from EP to R/3 or usermapping that do both not require SNC.
ad 2) yes, you have to configure both EP and ITS at WebSeal.
ad 3) you can always omit SSL. However for production use, it is recommended.
Regards
Michael

SSO to R/3 via ITS, working, but got a little doubt

Hi ALL,
    I was configuring SSO from EP6.0 to an ITS Server,which talks to backend SAP system. from what i know was that both EP and ITS and CRM should be in the same domain to work with SAP logon ticket.
   in my scenario, I have EP and CRM in same domain ex: comp.com, but my ITS server is in different domain comp.co.corp, and the alias of this ITS server is comp.com
    I am able to set up SSO, but was surprised becuase i didnt do any cross domain SSO steps.. is it ok, if we have just an alias in the same domain of ep or crm (is it not necessary that the ITS system should be in same domain)..
please lemme know

Hi Gregor,
   I think I am facing the problem now. Are you sure that A DNS alias which is in same domain of portal will not redirect the cookie.
becuase my problem is that , It worked fine with CRM, but am facing some problem with R3.
what do u think?
Please see the answer from Sean,Morgan in the following post and lemme know your comments.
SSO EP6 and R/3
any help is appreciated
Thank you

SSO between SAP EP and JAVA app on WebSphere Application Server 5.1

Hi. I have 2 questions.
I am implementing SAP EP6 and need to display content from a WebSphere JAVA application inside the portal. The application is currently running on WAS 5.1.
1. Does anyone have any sample code or documentation regarding how to pass the SAP logon ticket to WebSphere JAVA application to accomplish SSO when inside the portal?
2. Does anyone have any sample code or documentation regarding how to pass the SAP logon ticket to WebSphere JAVA application to accomplish SSO when outside the SAP EP, but still within the same IE browser window where the SAP logon ticket exists?
Thanks for any feedback you could provide.

Hello Kevin,
please look here: https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/nw/ibm/how to set up sso between sap enterprise portal and ibm websphere portal using tai.pdf
Regarding your second questions: as long as you did not log off from SAP EP your browser hosts the SAP Logon Ticket cookie (within its timeframe of validity which is typically a couple of hours). So if you access a non SAP application that accepts SAP logon ticket with your browser, you're authenticated.
Please note that the cookie based authentication only works withing the same DNS domain. So if your SAP EP is configured to issues the SAP logon ticket to "company.com" then your browser sends it only to servers in that domain.
Regards
Michael

My experience of SSO between SAP Portal6.0 and non-Sap Application

Firstly I announce that I am not a Sap developer or a Sap Consultant. I am a Cognos Consultant. I need do SSO between Sap Portal and Cognos Portal in my project, So I have to make SSO between two portals.
I tested SSO between the two products on IIS5 of Windows XP and IIS6 of Windows 2003 and passed.
Step 1: Copy sapsecin.exe and sapsecu.dll on any directory where you want, such as C:PortalSecurity
Then add this directory to your Environment variable PATH. You can find the two files on sapserv<x> under general/misc/security/SAPSECU/<platform>;
Step 2: Copy your Filter ISAPI Files IIS_SSO.dll or IIS6_SSO.dll in any directory where you want, such as C:PortalFilter. You can find this two files on SAP note 442401.
Step 3: Get you verify.pse which is located in
<irj>
ootWEB-INFpluginsportalservicesusermanagementdata and put it on the same directory with your ISAPI Files ,such as C:PortalFilter
(According Sap Support articles , IIS_SSO.dll should be used on IIS 5 and IIS6_SSO should be used on IIS 6,but I can not load IIS_SSO.dll on IIS 5 of Windows XP, I use IIS6_SSO.dll );
Step 4: Create a new file named verify.properties , the content of this file see the appendix A;
Step 5: Load the IIS6_SSO.dll on your IIS. On IIS5, Select Website PropertiesISAPI FilterAdd IIS6_SSO.dll and name it wp . On IIS6,do as such and Create a Web Extensions named wp and allocate file IIS6_SSO.dll. Finally restart the www service.
I
If you can load the filter successfully, you will see the filter color is green.
On IIS6,Maybe you find that you cant load your ISAPI file IIS6_SSO.dll, Its state is unloaded and its color is red. I am confused by this question long time. I finally found you must install some R3 dll files on your system! The .dll files which I mentioned can be found in SAP note 684106, put it in a same directory with your security files, such as C:PortalSecurity and restart your web server.
(The steps above I reference Chris beck s topic)
Step 6: I write an ASP file named headerdumper.asp on my website and create a i-view to show my asp file in SAP Portal. If you succeed, you can see the http header variable<your logon name> in ASP page. If you application can receive http header variables, then Congratulations! You have apply SSO successfully.
If your log file show Can't find MYSAPSSO2 ticket cookie for URI "" on host "", dont worry about it. I am confused by this question long time though. I found the key cause the errors are cross domain or different DNS suffix.
I tested 3 scenarios :
1 if your Sap Portal URL is http://sap-server:50000/irj/protal ,and your asp file is located in http://sap-server:80/headerdumper.asp, You cant access this asp page from i-view . I am sorry that I have no idea about this.
2 if your Sap Portal URL is http://sap-server:50000/irj/protal ,and your asp file is located in http://your-server:80/headerdumper.asp, Your log will show Can't find MYSAPSSO2 ticket cookie for URI "" on host "". because they have no domain name, which is seemed that they meant different domain.
3 you must deploy your asp file and sap portal like below ,So you can apply SSO correctly:
you must access SAP Portal like : http://sap-server.domain.com:50000/irj/portal
you must access your asp file like http://yourserver.domain.com:80/headerdumper.asp
then add your asp file as i-view to your SAP Portal which URL is like above , you can get Http header variable correctly.
I am not an native English speaker, I hope you can understand what I said.
Appendix A The Content of Verfy.properties
remote_user_alias=REMOTE_USER
pse_file=C:PortalFilterverify.pse
application=portal
log_file=C:PortalFilterverfy.log
log_level=3
cache_size= 1000
Appendix B The Code of headerdumper.asp

I'd recommend to cross-post your inquiry to the Security

SSO / Logon Ticket: Taking over ITS session

Hi,
we have an serious SSO issue.
SCENARIO:
User A logs in the portal and accesses SAP EBP via ITS (HTTP link within Enterprise Portal opening a new Browser Window and launching https://buyer.test.xxx.intranet.com/scripts/wgate/bbpstart/!). User A close the browser window where EBP is launched and logs off the Portal but does not close the browser window where the Portal was accessed. On the same client machine and same browser window User B logs in the Portal and access SAP EBP via ITS the same way the user A did before. If we now look at the users settings in SAP EBP ITS he has the user details from User A. Hence User B has the ITS session of User A. On the other hand within the Portal the users are recognized correctly after login.
SETUP:
Portal load-balancing.
EP URL: https://portal.test.xxx.intranet.com
ITS EBP URL: https://buyer.test.xxx.intranet.com
ISSUE:
The SSO ticket should be killed after logging off the portal.
System versions:
6.0.2.33.0.Enterprise_Portal_Support_Package_2
6.0.2.33.0.ContentManagement_Collaboration
J2EE patch level 33
ITS 6200.1017.50954.0, build 730827 (620 patch level 17)
Regards,
Adam Kreuschner

Hi Adam,
it looks to me like the Portal SSO ticket is destroyed at logoff but not the EBP SSO ticket. This is a normal behavior within the portal, because SAP EP can only destroy its own session identifiers, not those created by third-party tools.
For your SP2 version there is a solution for this kind of problems as described in SAP Note 696294.
It describes how to set some UME properties in order to redirect at logoff to a special site. This should be a site that destroys the session of EBP (EBP Log-Off URL?!?).
Hope this helps,
Robert

SSO using Kerberos with SAP Logon Tickets

Hi,
I am creating a Repository Manager for the Portal Knowledge Management System and I want to use SSO to a backend IIS application and I have a few questions here.
I have a three tiered architecture.
A. The presentation tier (SAP Portal which has my Repository Manager implementation)
B. ASP.NET web service data layer.
C. Backend document management system which runs on IIS.
I have installed the ISAPI filter on my ASP.NET application server and have enabled this HOST account for delegation in MSAD 2003. Server B will use Kerberos constrained delegation to access Server C, which is an IIS backend server.
My question is how do I pass an SAP Logon Ticket to an ASP.NET web service request from my Repository Manager implementation? Basically how do I just make an HTTP request to an ASP.NET application from some portal iView or WebDynPro code and pass along the SAP Logon Ticket in the request so it can be interpreted by the ISAPI filter on the IIS server. Does anyone have any sample code or an application here that does this?
Thanks,
Scott

Hi Scott
Did you managed to find out anything regarding how to pass SAP Logon ticket to ASP.NET Webservice. Can you share it with me?
regards
ram

SSO to SAP works but no OLAP Connection per SSO Auth

Hi experts,
we have setup an SSO for the Authentication of SAP BW and SAP BO and used the portal integration. We are using SAP BO 4.1 SP4 and SAP BW 7.4.
We use the Login via Netweaver Portal go then to the SAP BO where the reports are stored.
The SSO login works fine, but the OLAP connection to the SAP BW system does not fly. I have tried to create a connection via IDT. This works.
After that I created a WebI report in the Applet and chose BEx Connection and retreived the error:
error.openSapBwBrowsingSessionFailed
Then i tried the WebI Rhich Client and recieved the message: Unknown Error in SL Service and Even do not recieve the list of possible Bex connections.
We are using SNC for the user authentication in SAP BW.
An now it is getting very unnormal:
When i go the IDT tool and create the connection again and republish this to the repository and try to connect again via WebI Applet, i do not get the error message again.
Can you please assist, as our Business user can not publish their OLAP connection.
Regards,
Markus

The new Business Objects version (BI 4.0) comes with a new authentication
technology to create a trust relationship between a non-SAP user and the SAP
data source. How to determine the correct method to be used?
When using legacy .unv universes (XI 3.1 technology) = SNC
When using .unx environments (BI 4.0 new semantic layer) = STS
when you try to connet BICS connection or IDT it is important to use the STS methodology.
check the below link to have configurations.
Follows a Wiki link with a "How to setup SSO against SAP BW in SBO BI4.0 for LDAP users". and follow the raunak kumar suggestion when you configire SNC and STS.
http://wiki.sdn.sap.com/wiki/display/BOBJ/How+to+setup+SSO+against+SAP+BW+in+SBO+BI4.0+for+LDAP+users

SSO to SAP via SAP Logon Group

Hi,
I've tried to configure SSO to SAP via SAP logon group. When trying this I'll get the following error:
Connect to message server failed Connect_PM MSHOST=<server>, R3NAME=IB1, GROUP=IB1_Web LOCATION CPIC (TCP/IP) on local host ERROR The message received isn't from a message server. Are you really connected to the message server? Please check your connection parameters. (<server> / sapmsIB1) TIME Tue Dec 16 16:48:49 2008 RELEASE 640 COMPONENT MS (message handling interface, multithreaded) VERSION 4 RC -2
I've also configured the file services under winnt\system32\drivers\etc on the BO server with the following line:
+sapmsIB1 443/tcp +
Is there anything I'll have to configure too? Or what does this error mean? The server which I have tried to reach is a message server.
Thanks in advice.
Claudia

HI Ingo,
yes I can connect with SAP GUI via message server and application server. I can also connect with BO via sso to the application server. Only the message server failed.
I have now found out that I had the wrong port. But also the right port doesn't work. I have tested the port with telnet. The port is reachable.
Thanks
Claudia

SSO EP 6.0 and ITS

Hello,
I try to establish a single sign on connection from our portal to an its instance.
The portal version is 6.0 SP2 PL31
The ITS is 6.20 PL 17
My problem is that when I call a certain transaction via the ITS URL I always get the logon screen...
When I call a transaction by using the sap transaction starter I am immediately connected without login, but the transaction starter is using the sap gui...
I set the parameter ~mysapcomusesso2cookie 1 in the global.srvc; when I trace my html stream I can see that the SAP Logon Ticket arrives at the ITS, but I always get the logon screen.
I searched the forums for similar problems, but could not find a solution...
thanx for your help
Philipp

For what it's worth, I was about to post the very same problem! The problem also occurs with ITS PL16. We had this functionality working last year with EP6 SP2 P4 HF6 and ITS 620 PL7 - obviously something has changed in the patches from then until now.
I have found that using an IAC iView works OK, but trying to use a URL-based iView does not (both portal and ITS server are in the same DNS domain, all the usual stuff). We have to use a URL-based iView because our IAC will not run in an iFRAME as the portal launcher insists on doing.
- Darren

SSO to SAP R3 thru ITS 6.20 with Logon tickets

Similar Messages

Maybe you are looking for