SSO to web application

Hello all,
Okay, I'm trying to accomplish SSO between EP5.0 and an existing web application and am having little luck.  Basically, the web app will be called in the portal and I need to somehow pass the web app the userid/pswd that is stored in a user mapping entry in the portal (userid is not the same as the portal userid).  In retrieving the usermapping info, the pswd is encoded (obviously for security reasons).  So, anyone have an idea as how to a) get the usermapping info and b) pass it to the web app.  (I've tried using a session cookie, but it does not appear be globally visible).
Cheers,
Mike

I'm not familiar with EP5.0, but I think maybe using URL rewriting can accomplish SSO.
But I am worry about if this method will encode the password.

Similar Messages

  • SSO to Web Application from Portal

    Hi,
        I am working on a scenario where I need to access a Web Application from the Portal.
        I read about the Application Integrator that is provided by the Portal .
        I wanted to know that can I only have SSO to those Web Application that accept the userid and password and as URL parameters using Application Integrator , ie: those applications that have post method cannot be integrated.
       Please help me out with clearing this doubt.
    Thnx,
    Pravesh Puria.

    Hi  Abdulbasit ,
        Please give me more details , we have a Lotes Notes Web application hosted on Domino server , another is J2EE based application. I need to achieve SSO to each of these applications from the SAP Portal.
       I followed the below listed steps:
       Created two systems one for each Web application based on the template generated from the application integrator. I entered the user mapping values for both the systems.
       I also created two IViews. When I preview , the logon page of the web application opens but the user credentials are not passed to the application.
       Please help me with the steps to achieve the SSO , from the reply I interpret that Logon ticket method was used to achieve the SSO and user mapping.
        My email id is : [email protected]
        It will be of immense help to me.
    Thnx,
    Pravesh Puria.

  • SSO from Web Application to EP

    Hi,
    We have a requirement where we have to provide SSO from some web application to Portal (EP6 SP15).
    This web application will be having link to portal on its pages.
    User store for Web Application and Portal is different.
    This Web Application can be accessed from Internet.
    We have not yet decided about accessing Portal from internet.
    Is there any solution to this? Is this doable??
    I have looked at thread
    SSO from .Net application to SAP Portal
    can anyone provide more information??
    Thanks in advance

    Hi Santosh,
    there is not much to explain. It your web app side, you must have some matching table between webAppUser and the portal users and their passwords, like:
    webAppUser1  portalUserA  xy56123
    webAppUser2  portalUserB  g6324s3
    Your own "integration" checks which user is logged on, takes the portal user name and password and calls the portal with the parameters "j_user" and "j_password" (and "login_submit=true"); for example via the client and a form where these values are put in and the target is requested per POST. And that's it. For the form (including the pwd) would be send to the client from your webApp server, you definitely should use https at least, as already stated.
    Hope it helps
    Detlev

  • SSO for Web Application

    Hi,
    I developed a web application by using a simple web project witch I integrated to Netweaver (deployed the war file).
    If the application starts, the customer have to login on a server with username and password to get a session. That works fine.
    Now I want to use SSO to get a session from the current user using his Netweaver username and password.
    I can get the username with UMFactory but how can I get the password? I already tried to use IUserMappingService but therefore I have to reference com.sap.portal.usermapping in the portalapp.xml witch I donu2019t have in my web project.
    Do I need to create a Portal project or a Web Dynpro project? What I have to do to get the password from the current user?
    Thank you
    Martin Brandl

    Hi Martin
    Pls check this link http://help.sap.com/saphelp_nw70/helpdata/En/f8/9636eedafe8b4589cd6e9e4e73fd3c/frameset.htm
    Regards
    Ajay

  • SSO for Web applications

    Hi,
    I want to implement SSO between my portal and web applications. i found some documents but not sufficient information. what would be the correct source of information if i want to impalement SSO between Portal and Web server(non SAP).
    Any help is appreciated.
    Thanks,
    Damodhar.

    Hi,
    i have gone through the some documentation, i am giving the links to help for the others if anyone go through this thread in future.
    Logon tickets for the sap and non sap systems, it's good.
    SAP Logon Ticket-based Single Sign-On
    SSO with SAP logon ticket- Security issues
    SSO with SAP Logon Ticket - security issues
    we have another document but the document has been moved to another link, can you suggest me link for the following document.
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/enabling single sign-on from sap j2ee engine to non-sap java applications.article
    the above link has been moved, can anyone suggest me the correct link for the above document.
    Thanks,
    Damodhar.

  • SSO / external web applications

    We have our portal configured to authenticate against our active directory server. We also have an external web system that is also configured to authenticate against the same active directory server. We would like to integrate apps from that external web system into the portal via the app integrator using sso. Ultimately, we simply want to pass the user's id and password to the external system for either basic auth or forms-based auth without manually configuring each user via user mapping. Is this possible? I've done lots of research and I can't seem to come up with a conclusive answer.

    Yes, I've gotten past that. I found this great article that gets me 90% of the way there:
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/e3c4a190-0201-0010-3aa0-95aa874d20c4
    The problem is that the code sample shows a java servlet createing an object that I can't find anywhere (SAPTicketVerifier), and the source code and .war file links at the end of the document are dead.

  • SSO to Web application – Cookies blocked in IE

    Hi Experts
    I need to create SSO to a webpage (that contains a standard html login form) into a NetWeaver 2004 Portal
    I have used the App Integrator iView and it all seems to work fine except cookies are block in the user’s Internet Explorer and therefore the logon screen is shown instead.
    The website is located on another domain, which I guess is why cookies are blocked. If a user enables cookies from this specific site then it works fine.
    Anyone have a workaround on how to solve this issue? Hopefully I don't need to tell all users that they have to change their IE settings.
    Would it help if I create a sub-domain for the website in the portal setup which hopefully should resolve in that the website and portal are located in the same domain?
    Thanks in advance
    Cheers
    John

    Are the two domains within the same subdomain at all?  In which case, you could use domain relaxing...
    See note 701205 and the property ume.logon.security.relax_domain.level
    Hope this helps,
    Darren

  • SSO to Web App using Application Integrator - not working

    Hi,
    I've set up App Integrator for my web application, following the Yahoo example in the guide. My URL template is <System.protocol>://<System.server><System.uri>?<Authentication> and the fraction for user mapping is op=<MappedUser>&pwd=<MappedPassword>.
    It doesn't log me in. Even if I change the URL template to the actual address of my web app and use a real user & password (rather than <Mapped..>), it still doesn't work.
    I've got SSO to my web app working using a HTTP system and URL iview but I would really like to see the App Integrator working as well. Any ideas?
    Many thanks
    Jane

    Can anyone please help with this? I installed a http sniffer so maybe I could see what was going on. My HTTP System simply goes to the URL with the parameters added as expected, but the app integrator one is a bit more complex - I can see the URL & parameters in this function:
        function requestTargetURL() {
          var theURL = "<b>HTTPS://(myserver)/log-in.htm?op=(####)&pwd=(####)</b>";
          var dsmObj;
          if (hasNestedFrameStructure()) {
            location.replace(theURL);
            dsmObj = parent.EPCM.DSM;
          } else {
            document.body.scroll = "no"; // for IE only
            var theIframe = document.getElementById("iframe_GETRedirect_1593748234");
            theIframe.style.visibility = "visible";
            theIframe.src = theURL;
            dsmObj = EPCM.DSM;
            document.title = 'JDS';
        function onloadhandler(){
          setTimeout("requestTargetURL()",1);
    and the server/username/password are all correct but there's a lot of other stuff in there which I'm not sure how affects it. Anyone know have any ideas why this isn't working? Does it matter that my web app is https but the portal is http?
    Any help greatly appreciated!
    Thanks in advance
    Jane

  • SSO from portal to Java based web application not happening

    Hi,
    We are trying to configure SSO from SAP Enterprise portal with Java based
    web application(Solaris on SPARC 64 bit).
    Then we downloaded library files for "Solaris on SPARC 64 bit" from
    service market place from the path "Support Packages and Patches"
    Additional Components" SAPSSOEXT".
    We are successful in sending the portal side cookie to the application.
    But while loading the library files we get the following error
    INFO | jvm 1 | 2009/04/13 04:47:00 | java.lang.UnsatisfiedLinkError:
    /usr/local/blackboard/apps/tomcat/lib/libsapssoext.so: ld.so.1: java:
    fatal: /usr/local/blackboard/apps/tomcat/lib/libsapssoext.so: wrong ELF
    class: ELFCLASS64 (Possible cause: endianness mismatch)
    Can you please suggest us what went wrong in this whole process.
    But when i tried with the 32 bit library files i was able to load libsapssoext.so file but when I
    tried to initialize libsapsecu.so i got the below message
    java.lang.Exception: MySapInitialize failed: rc= 14
    Also do we require to take"SAPSECULIB" from Support Packages and Patches" ...>Additional Components" ...>SAPSECULIB" ...>SAPSECULIB 5.4  for this SSO activity.
    Please get back on this ASAP as we are nearing the golive date.
    regards
    Bharath

    hi,
    am facing similar issue... i.e.
    java.lang.Exception: MySapInitialize failed: rc= 14
            at com.mysap.sso.SSO2Ticket.init(Native Method)
            at com.mysap.sso.SSO2Ticket.<clinit>(SSO2Ticket.java:27)
            at org.apache.jsp.index_jsp._jspService(index_jsp.java:92)
            at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
            at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
            at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
            at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
            at java.lang.Thread.run(Thread.java:619)
    static beendet.
    java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0
    CustomeSSO: Object is null.
    pls. help me in resolving it.
    rgds,
    santosh malavade

  • "SSO" for non-sap web application using SAPGUI to browse?

    I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
    To strengthen the authentication in the web app, I wanted to implement SSO 
    authentication as we pity the users for having to remember so many strong pw's and I
    dont like LDAP based pw sync or other technology I dont understand, because then we are
    just yet another application with the same pw...
    We are having technical problems implementing SSO on the web app side, and are anyway a
    bit sceptical about the user admin / role admin assignment if we get it to work.
    So I have created a transaction in SAP which browses the web app and the intention is to
    send the SAP sy-uname as the web app user. We can control this using s_tcode, and
    an own auth object on the WAS side and a check on the session type before the connection is
    established. In this sense we are dependent on the SAP concept implemented, but even so:
    The role assignment is controlled in the web app itself -> so assume that I am not overly
    worried about unauthorized access to the web application, as they would not have any
    system role for it as their sy-uname does not exist. (Infact we can monitor this)
    The browser on the front end is the SAPGUI with html controls on the SAP side.
    I would be interested in knowing whether anyone else has experience with this approach, and
    whether there are any areas to be carefull of?
    I would also like to know whether this is a strategic error?
    Kind regards,
    Julius

    Hi Julius,
    well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
    a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
    But for non-SAP web applications that does not help.
    In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
    Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
    In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
    Cheers, Wolfgang

  • Using APEX as SSO redirect for existing web application

    Hi,
    I have an existing PHP based Web Application hosted on an Apache server. I want to protect these web pages by authenticating users via Oracle SSO.
    I tested this by creating a simple APEX web page with redirect <Meta> tag to route traffic to my application upon successful SSO login. This works fine if request comes directly to APEX page....
    So my question is how do I protect php pages from being directly accessed and still be able to get sso user login information (like username) coming from APEX page?
    Do I still need to set up mod_sso.so in osso.conf for my Apache Server or should I just register my php web application as partner application with SSO server without going through APEX?
    Any advice on this is greatly appreciate.
    Thanks,
    james

    Tony,
    Sorry for taking so long to respond as I got side tracked with other tasks.
    Thank you so much for the link. The provided link is very helpful.
    One difference in my situation is that I am using a generic Apache installation (version 2.2.11) and not Oracle Apache Server from OAS.
    So I copied mod_osso.so from OAS 10.1.3.1.0 installation to my generic Apache location. As I tried to startup Apache instance I got following error while loading mod_osso.so.
    ... Cannot load /apache-2.2.11/modules/mod_osso.so into server: /apache-2.2.11/modules/mod_osso.so: undefined symbol: ap_configtestonly
    I did some search and found that other folks are reporting success of using mod_osso.so on generic Apache (without saying which version of Apache). I wonder if mod_osso.so can only work with older version of Apache?
    Do you have insights on this by any chance?
    Thanks again,
    James

  • Bex Web Application Designer launched from desktop NOT SSO (single sign-on)

    NW 2004s
    BI 7.0
    The SSO from the Portal to BI/BW is working correctly, The SSO from BI/BW to the POrtal is working correctly.
    The problem is from the desktop, launching Bex Web Application DEsigner, it prompts to Logon to the BI system, then when you execute the selection it prompts you to log on to the Portal. I would expect the Portal logon to be SSO. Is there an SSO option for the Bex WAD I need ?
    Is there a  Bex tool or desktop configuration that I need to implement?
    Thanks in advance for any help
    Sarah

    Hello Sarah,
    Please refer this SSO SAP Pages
    http://help.sap.com/saphelp_nw04s/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm
    For Portals
    http://help.sap.com/saphelp_nw04s/helpdata/en/89/6eb8deaf2f11d5993700508b6b8b11/content.htm
    You can also refer this forum
    /thread/342517 [original link is broken]
    Hope it helps
    Thanks
    Chandran
    Edited by: Chandran Ganesan on Feb 6, 2008 8:26 PM

  • SSO to Web App using Application Integrator - not working (SP15)

    Hi,
    I have created a web app system and generic app integrator iview for my web application (and set up user mapping etc.), following the Application Integrator how-to guide but it does not log me into my web application. I have got the Yahoo example working, and if I use a HTTP System & URL iview for my web application, that also works. Can anyone tell me what the problem could be, or where I should start looking?
    If I use a http sniffer, I can see the correct URL and parameters in the following:
    function requestTargetURL() {
          var theURL = "<b>HTTPS://(myserver)/log-in.htm?op=(####)&pwd=(####)</b>";
          var dsmObj;
          if (hasNestedFrameStructure()) {
            location.replace(theURL);
            dsmObj = parent.EPCM.DSM;
          } else {
            document.body.scroll = "no"; // for IE only
            var theIframe = document.getElementById("iframe_GETRedirect_592312569");
            theIframe.style.visibility = "visible";
            theIframe.src = theURL;
            dsmObj = EPCM.DSM;
            document.title = 'JDS';
        function onloadhandler(){
          setTimeout("requestTargetURL()",1);
    but something else must be happening for it not to work. Can anyone give me any pointers?
    Many thanks
    Jane

    Bit of a weird one: I've found a way to make it work but I'm not sure exactly how... the problem was that the portal was opening my web app URL in an iFrame (which can be seen from the code above). I tested this by just creating a html page with the URL + parameters in an iframe, and it wouldn't log me in (and took over the whole browser). So I guess the problem is with my web app rather than the portal.
    However... I then discovered that if I add my web app address to the Local Intranet security zone in my browser (IE6) settings (before it was in the Trusted Sites zone), it no longer minded being in an iFrame, my test html page worked and so does the portal iview. I cannot find which security setting is causing this - I've tried changing the Trusted Sites to match the Intranet zone settings exactly, but it still doesn't work if my web app address is Trusted opposed to Intranet.
    If anyone has any idea what is causing this behaviour, I'd be very grateful - obviously it isn't a portal issue but I'd still like to find out the cause in case it comes up again in the future.
    Many thanks,
    Jane

  • Register non web application on SSO

    how can i register non web application ? I have installed app server , oid and was able to sync with active directory. I need to integrate and have a single sign on for all my application . What will be the next step ?

    Thanks Kiran for your prompt response. I dont have any web based application. I have some of the applications where backends are oracle and sybase. How can a provide a single sign on for the application. Once the user enters his user name or password. If he has the prvilege the use multiple apps he dont have to enter username and password for each application. I had syn with windows AD. I have oracle db on unix. I believe i have to sync with EM users for all oracle db. what about sybase ?? how can i have the single sign on . I have OID, IAS installed on a single windows server.
    Yesterda when i restarted the server i got the following error. when i checked the opmnctl status
    ias-component | process-type | pid | status
    ------------------------------------------------+---------
    DSA | DSA | N/A | Down
    LogLoader | logloaderd | N/A | Down
    dcm-daemon | dcm-daemon | N/A | Down
    OC4J | OC4J_SECURITY | N/A | Down
    HTTP_Server | HTTP_Server | 2088 | Alive
    OID | OID | N/A | Down
    earlier oc4j_security and OID was alive now only http_server is alive
    when i tried to start the process i get the following errors
    E:\OraHome_1\opmn\bin>opmnctl startall
    opmnctl: starting opmn and all managed processes...
    ================================================================================
    opmn id=CV2K3TESTAPP02:6200
    1 of 3 processes started.
    ias-instance id=iasrep.cv2k3testapp02.corp.cvpsnet.net
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    ias-component/process-type/process-set:
    OC4J/OC4J_SECURITY/default_island
    Error
    --> Process (pid=0)
    oid dependency failed
    OID
    failed to start a managed process because a dependency check failed
    Log:
    none
    ias-component/process-type/process-set:
    OID/OID/OID
    Error
    --> Process (pid=0)
    database dependency failed
    iasrep
    failed to start a managed process because a dependency check failed
    Log:
    I would appreciate if anyone could help me

  • Java web application and SSO in Portal

    I have successfuly deployed an EAR file(Servlet/JSP) to my OC4J. In my deployment descriptor, I have added security-constraints tag to implement authenticaion using LDAP. In the process of deploying, I have also specified the LDAP associated to my OC4J as my user manager. This in effect adds up a jazn auth method=sso in orion-application.xml after deployment.
    My application, when accessed independently as http://hostname:port/app/index.jsp, is working fine. Login page pops up when the user hasn't logged in yet and redirects to index.jsp when authenticated.
    however, when I added this exact link to oracle portal so that everytime a user logs into the portal, he/she will be automatically logged-in to my application, it turns out that it isn't recognizing the logged user and keeps flashing an page cannot be accessed error.
    Any idea what to do with this?

    have you tried a javascript forum?

Maybe you are looking for