SSO to Web application – Cookies blocked in IE

Similar Messages

• SSO to web application

  Hello all,
  Okay, I'm trying to accomplish SSO between EP5.0 and an existing web application and am having little luck.  Basically, the web app will be called in the portal and I need to somehow pass the web app the userid/pswd that is stored in a user mapping entry in the portal (userid is not the same as the portal userid).  In retrieving the usermapping info, the pswd is encoded (obviously for security reasons).  So, anyone have an idea as how to a) get the usermapping info and b) pass it to the web app.  (I've tried using a session cookie, but it does not appear be globally visible).
  Cheers,
  Mike

  I'm not familiar with EP5.0, but I think maybe using URL rewriting can accomplish SSO.
  But I am worry about if this method will encode the password.

• SSO to Web Application from Portal

  Hi,
      I am working on a scenario where I need to access a Web Application from the Portal.
      I read about the Application Integrator that is provided by the Portal .
      I wanted to know that can I only have SSO to those Web Application that accept the userid and password and as URL parameters using Application Integrator , ie: those applications that have post method cannot be integrated.
     Please help me out with clearing this doubt.
  Thnx,
  Pravesh Puria.

  Hi  Abdulbasit ,
      Please give me more details , we have a Lotes Notes Web application hosted on Domino server , another is J2EE based application. I need to achieve SSO to each of these applications from the SAP Portal.
     I followed the below listed steps:
     Created two systems one for each Web application based on the template generated from the application integrator. I entered the user mapping values for both the systems.
     I also created two IViews. When I preview , the logon page of the web application opens but the user credentials are not passed to the application.
     Please help me with the steps to achieve the SSO , from the reply I interpret that Logon ticket method was used to achieve the SSO and user mapping.
      My email id is : [email protected]
      It will be of immense help to me.
  Thnx,
  Pravesh Puria.

• SSO from Web Application to EP

  Hi,
  We have a requirement where we have to provide SSO from some web application to Portal (EP6 SP15).
  This web application will be having link to portal on its pages.
  User store for Web Application and Portal is different.
  This Web Application can be accessed from Internet.
  We have not yet decided about accessing Portal from internet.
  Is there any solution to this? Is this doable??
  I have looked at thread
  SSO from .Net application to SAP Portal
  can anyone provide more information??
  Thanks in advance

  Hi Santosh,
  there is not much to explain. It your web app side, you must have some matching table between webAppUser and the portal users and their passwords, like:
  webAppUser1  portalUserA  xy56123
  webAppUser2  portalUserB  g6324s3
  Your own "integration" checks which user is logged on, takes the portal user name and password and calls the portal with the parameters "j_user" and "j_password" (and "login_submit=true"); for example via the client and a form where these values are put in and the target is requested per POST. And that's it. For the form (including the pwd) would be send to the client from your webApp server, you definitely should use https at least, as already stated.
  Hope it helps
  Detlev

• SSO for Web Application

  Hi,
  I developed a web application by using a simple web project witch I integrated to Netweaver (deployed the war file).
  If the application starts, the customer have to login on a server with username and password to get a session. That works fine.
  Now I want to use SSO to get a session from the current user using his Netweaver username and password.
  I can get the username with UMFactory but how can I get the password? I already tried to use IUserMappingService but therefore I have to reference com.sap.portal.usermapping in the portalapp.xml witch I donu2019t have in my web project.
  Do I need to create a Portal project or a Web Dynpro project? What I have to do to get the password from the current user?
  Thank you
  Martin Brandl

  Hi Martin
  Pls check this link http://help.sap.com/saphelp_nw70/helpdata/En/f8/9636eedafe8b4589cd6e9e4e73fd3c/frameset.htm
  Regards
  Ajay

• SSO for Web applications

  Hi,
  I want to implement SSO between my portal and web applications. i found some documents but not sufficient information. what would be the correct source of information if i want to impalement SSO between Portal and Web server(non SAP).
  Any help is appreciated.
  Thanks,
  Damodhar.

  Hi,
  i have gone through the some documentation, i am giving the links to help for the others if anyone go through this thread in future.
  Logon tickets for the sap and non sap systems, it's good.
  SAP Logon Ticket-based Single Sign-On
  SSO with SAP logon ticket- Security issues
  SSO with SAP Logon Ticket - security issues
  we have another document but the document has been moved to another link, can you suggest me link for the following document.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/enabling single sign-on from sap j2ee engine to non-sap java applications.article
  the above link has been moved, can anyone suggest me the correct link for the above document.
  Thanks,
  Damodhar.

• SSO / external web applications

  We have our portal configured to authenticate against our active directory server. We also have an external web system that is also configured to authenticate against the same active directory server. We would like to integrate apps from that external web system into the portal via the app integrator using sso. Ultimately, we simply want to pass the user's id and password to the external system for either basic auth or forms-based auth without manually configuring each user via user mapping. Is this possible? I've done lots of research and I can't seem to come up with a conclusive answer.

  Yes, I've gotten past that. I found this great article that gets me 90% of the way there:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/e3c4a190-0201-0010-3aa0-95aa874d20c4
  The problem is that the code sample shows a java servlet createing an object that I can't find anywhere (SAPTicketVerifier), and the source code and .war file links at the end of the document are dead.

• SSO from portal to Java based web application not happening

  Hi,
  We are trying to configure SSO from SAP Enterprise portal with Java based
  web application(Solaris on SPARC 64 bit).
  Then we downloaded library files for "Solaris on SPARC 64 bit" from
  service market place from the path "Support Packages and Patches"
  Additional Components" SAPSSOEXT".
  We are successful in sending the portal side cookie to the application.
  But while loading the library files we get the following error
  INFO | jvm 1 | 2009/04/13 04:47:00 | java.lang.UnsatisfiedLinkError:
  /usr/local/blackboard/apps/tomcat/lib/libsapssoext.so: ld.so.1: java:
  fatal: /usr/local/blackboard/apps/tomcat/lib/libsapssoext.so: wrong ELF
  class: ELFCLASS64 (Possible cause: endianness mismatch)
  Can you please suggest us what went wrong in this whole process.
  But when i tried with the 32 bit library files i was able to load libsapssoext.so file but when I
  tried to initialize libsapsecu.so i got the below message
  java.lang.Exception: MySapInitialize failed: rc= 14
  Also do we require to take"SAPSECULIB" from Support Packages and Patches" ...>Additional Components" ...>SAPSECULIB" ...>SAPSECULIB 5.4  for this SSO activity.
  Please get back on this ASAP as we are nearing the golive date.
  regards
  Bharath

  hi,
  am facing similar issue... i.e.
  java.lang.Exception: MySapInitialize failed: rc= 14
          at com.mysap.sso.SSO2Ticket.init(Native Method)
          at com.mysap.sso.SSO2Ticket.<clinit>(SSO2Ticket.java:27)
          at org.apache.jsp.index_jsp._jspService(index_jsp.java:92)
          at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
          at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
          at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
          at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
          at java.lang.Thread.run(Thread.java:619)
  static beendet.
  java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0
  CustomeSSO: Object is null.
  pls. help me in resolving it.
  rgds,
  santosh malavade

• SSO to Web App using Application Integrator - not working

  Hi,
  I've set up App Integrator for my web application, following the Yahoo example in the guide. My URL template is <System.protocol>://<System.server><System.uri>?<Authentication> and the fraction for user mapping is op=<MappedUser>&pwd=<MappedPassword>.
  It doesn't log me in. Even if I change the URL template to the actual address of my web app and use a real user & password (rather than <Mapped..>), it still doesn't work.
  I've got SSO to my web app working using a HTTP system and URL iview but I would really like to see the App Integrator working as well. Any ideas?
  Many thanks
  Jane

  Can anyone please help with this? I installed a http sniffer so maybe I could see what was going on. My HTTP System simply goes to the URL with the parameters added as expected, but the app integrator one is a bit more complex - I can see the URL & parameters in this function:
      function requestTargetURL() {
        var theURL = "<b>HTTPS://(myserver)/log-in.htm?op=(####)&pwd=(####)</b>";
        var dsmObj;
        if (hasNestedFrameStructure()) {
          location.replace(theURL);
          dsmObj = parent.EPCM.DSM;
        } else {
          document.body.scroll = "no"; // for IE only
          var theIframe = document.getElementById("iframe_GETRedirect_1593748234");
          theIframe.style.visibility = "visible";
          theIframe.src = theURL;
          dsmObj = EPCM.DSM;
          document.title = 'JDS';
      function onloadhandler(){
        setTimeout("requestTargetURL()",1);
  and the server/username/password are all correct but there's a lot of other stuff in there which I'm not sure how affects it. Anyone know have any ideas why this isn't working? Does it matter that my web app is https but the portal is http?
  Any help greatly appreciated!
  Thanks in advance
  Jane

• "SSO" for non-sap web application using SAPGUI to browse?

  I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
  To strengthen the authentication in the web app, I wanted to implement SSO 
  authentication as we pity the users for having to remember so many strong pw's and I
  dont like LDAP based pw sync or other technology I dont understand, because then we are
  just yet another application with the same pw...
  We are having technical problems implementing SSO on the web app side, and are anyway a
  bit sceptical about the user admin / role admin assignment if we get it to work.
  So I have created a transaction in SAP which browses the web app and the intention is to
  send the SAP sy-uname as the web app user. We can control this using s_tcode, and
  an own auth object on the WAS side and a check on the session type before the connection is
  established. In this sense we are dependent on the SAP concept implemented, but even so:
  The role assignment is controlled in the web app itself -> so assume that I am not overly
  worried about unauthorized access to the web application, as they would not have any
  system role for it as their sy-uname does not exist. (Infact we can monitor this)
  The browser on the front end is the SAPGUI with html controls on the SAP side.
  I would be interested in knowing whether anyone else has experience with this approach, and
  whether there are any areas to be carefull of?
  I would also like to know whether this is a strategic error?
  Kind regards,
  Julius

  Hi Julius,
  well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
  a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
  But for non-SAP web applications that does not help.
  In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
  Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
  In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
  Cheers, Wolfgang

• Using APEX as SSO redirect for existing web application

  Hi,
  I have an existing PHP based Web Application hosted on an Apache server. I want to protect these web pages by authenticating users via Oracle SSO.
  I tested this by creating a simple APEX web page with redirect <Meta> tag to route traffic to my application upon successful SSO login. This works fine if request comes directly to APEX page....
  So my question is how do I protect php pages from being directly accessed and still be able to get sso user login information (like username) coming from APEX page?
  Do I still need to set up mod_sso.so in osso.conf for my Apache Server or should I just register my php web application as partner application with SSO server without going through APEX?
  Any advice on this is greatly appreciate.
  Thanks,
  james

  Tony,
  Sorry for taking so long to respond as I got side tracked with other tasks.
  Thank you so much for the link. The provided link is very helpful.
  One difference in my situation is that I am using a generic Apache installation (version 2.2.11) and not Oracle Apache Server from OAS.
  So I copied mod_osso.so from OAS 10.1.3.1.0 installation to my generic Apache location. As I tried to startup Apache instance I got following error while loading mod_osso.so.
  ... Cannot load /apache-2.2.11/modules/mod_osso.so into server: /apache-2.2.11/modules/mod_osso.so: undefined symbol: ap_configtestonly
  I did some search and found that other folks are reporting success of using mod_osso.so on generic Apache (without saying which version of Apache). I wonder if mod_osso.so can only work with older version of Apache?
  Do you have insights on this by any chance?
  Thanks again,
  James

• Web Application Designer - Columns and Navigation Block

  Hello,
  I have problems concerning a web application.
  The names of the columns are not displayed and the columns are not displayed in the navigation block.
  Maybe you have experience with this problem and can give me some hints.
  I'm looking forward to your answer!
  Best regards.

  Hi,
  see this thread for getting colum names:
  Re: Accessing  table column names from WAD
  thnks.

• Bex Web Application Designer launched from desktop NOT SSO (single sign-on)

  NW 2004s
  BI 7.0
  The SSO from the Portal to BI/BW is working correctly, The SSO from BI/BW to the POrtal is working correctly.
  The problem is from the desktop, launching Bex Web Application DEsigner, it prompts to Logon to the BI system, then when you execute the selection it prompts you to log on to the Portal. I would expect the Portal logon to be SSO. Is there an SSO option for the Bex WAD I need ?
  Is there a  Bex tool or desktop configuration that I need to implement?
  Thanks in advance for any help
  Sarah

  Hello Sarah,
  Please refer this SSO SAP Pages
  http://help.sap.com/saphelp_nw04s/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm
  For Portals
  http://help.sap.com/saphelp_nw04s/helpdata/en/89/6eb8deaf2f11d5993700508b6b8b11/content.htm
  You can also refer this forum
  /thread/342517 [original link is broken]
  Hope it helps
  Thanks
  Chandran
  Edited by: Chandran Ganesan on Feb 6, 2008 8:26 PM

• I am using my iPhone 4s personal hotspot as the internet router for my notebook. However, I am gtting the WEB SITE IS BLOCKED BY NETGEAR FIREWALL. I've deleted some other wifi connections I had before, had system restores, clear cahes and cookie. FAILED.

  I am using my iPhone 4s personal hotspot as the internet router for my notebook. However, I am gtting the WEB SITE IS BLOCKED BY NETGEAR FIREWALL. I've deleted some other wifi connections I had before, had system restores, clear caches and cookie. Still, I failed. Whenever I tried to access FACEBOOK, it's still blocked so I still had to use https:// or tl-gp. please help asap.

  Well, aren't you all that and a bag of chips!!!!
  Oh what a relief!  What a RELIEF!  
  That just cleaned up my life.  And Cranky Boy is actually smiling!!!
  Houston, we've got dots AND BARS!!!
  P.S.  All my firware and software are always current.  If I spent as much time looking for a reset button as I spend checking for software updates, I mighta not needed to work at this!!!!
  P.P.S.  Airport Utility shows Cranky Boy's iPad as the Airport Express' Wireless Client!!!   Who knew?
  Thank you so much, m'Lord.  I am in your debt.  What would you have me do?
  Patti in Tucson AZ

• Problem when running the cookie WAR web application

            This relates to the cookie example mentioned in your "Web Application (WAR) examples" section. This is the example where a cookieWar.war is created and moved to the /weblogic/myserver directory. I followed the exact steps mentioned therein. but when I'm loading the "http://localhost:7001/cookie" I noticed that I'm getting the following excetion in the WebLogic console,
            Thu Sep 21 06:29:45 GMT+06:00 2000:<I> <RMI> Registry started Thu Sep 21 06:29:45 GMT+06:00 2000:<I> <EJB> 0 EJB jar files loaded, containing 0 EJBs Thu Sep 21 06:29:45 GMT+06:00 2000:<I> <EJB> 0 deployed, 0 failed to deploy. Thu Sep 21 06:29:49 GMT+06:00 2000:<E> <HTTP> Could not find Web application '/weblogic/myserver/cookieWar.war' java.io.FileNotFoundException: WEB-INF/web.xml XML file not found in jar file at weblogic.xml.dom.DOMParser.getDocument(DOMParser.java:93) at weblogic.servlet.internal.dd.DescriptorLoader.<init>(DescriptorLoader.java:132) at weblogic.t3.srvr.HttpServer.loadWARContext(HttpServer.java:583) at weblogic.t3.srvr.HttpServer.initServletContexts(HttpServer.java:559) at weblogic.t3.srvr.HttpServer.start(HttpServer.java:388) at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1305) at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827) at java.lang.reflect.Method.invoke(Native Method) at weblogic.Server.startServerDynamically(Server.java:99) at weblogic.Server.main(Server.java:65) at weblogic.Server.main(Server.java:55) at weblogic.NTServiceHelper.run(NTServiceHelper.java:19) at java.lang.Thread.run(Thread.java:484)
            Thu Sep 21 06:29:50 GMT+06:00 2000:<E> <HTTP> Error creating servlet context for Web application '/weblogic/myserver/cookieWar.war
            Please let me know how to overcome this problem
            

  Did you ever resolve this problem?  If so, I am experiencing the same problem.  Is it possible for you to share the solution? 
  Thank you.
  Jim