Webservice & SSO in SAP portal

Hi,
I have created a webservice with basic authentification in my ABAP SAP backend.
Now I like to use this webservice at my Java Web Dynpro application in SAP Portal. SSO (or is it SAP Logon-Ticket?) for the portal is set up correctly. I tested it with a SAP transaction iView that now doesn't need an addition logon.
In the Web Dynpro application I added the webservice as a model.
At project properties a also added tcsecwssec~service in the "Service references" tab.
If I manually add username/pw the webservice works fine.
._setUser("user");
._setPassword("pw123456");
But I like to use Single Sign On (SSO) for calling the webservice. How can I reach this?
I also searched the Forum but none of the tested workarounds worked for me.
Calling the webservices results in this exception:
Service call exception; nested exception is: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized.
Thanks a lot.
Henning

ok, I found the solution on my own.... it's easy :-D
I had to define a HTTP destination for my webservice in Visual Administrator:
(Services -> Destionations -> HTTP)
Then only add the destination in the custom controller:
setHTTPDestinationName("ZDEMO_SERVICE");
Henning

Similar Messages

  • SSO between SAP Portal 7.3 and Ruby on Rails

    Hello Everyone,
    We are planning to integrate SAP Portal 7.3 and a RoR application and I am wondering If someone can share some experience (If you have any of course) on how to establish SSO between SAP Portal and RoR.
    The SAP Portal will act as service provided and RoR as a consumer, we don't have LDAP, so the Portal UME is in ABAP and RoR uses an own UME database. We have SSO between our Portal and SAP Backend systems.
    In RoR customers will have access to their own information (Invoices, etc..) that will be provided by the backend system.
    URL transaction and iFrames is not an option for us.
    The second option is to call Web Services, directly or through the SAP Portal (we are using a central sr).
    I am a NetWeaver consultant who heard about RoR but have no experience in this field.
    All help and tips are greatly appreciated!.
    Regards,
    Ridouan

    We used Client certificates. Still working on the PoC.

  • Create SSO on SAP portal to ECC 6.0 EHP4 backend

    Hello,
    I want to create a SSO connection form my SAP Portal server to my ECC 6.0 EHP4 Backend system.
    My JAVA Portal is installed on the same system as the ECC 6.0 backend system.
    For the configuration I follow the steps as described in the document: http://www.sap-img.com/basis/configure-the-sso-single-sign-on-for-portal.htm.
    At point 5.3 I have to set the Backend System as "ACL" in the Portal. So Iu2019m still in the Visual administrator from point 5.2 but now I go to the path Server --> Services --> Security  Provider --> Ticket.
    Here I choose the authentication tab and want to add the com.sap.security.core.server.jass.EvaluateTicketLoginModule. Buth when I press the Add button I get a list of available login members. In this list there is no com.sap.security.core.server.jass.EvaluateTicketLoginModule login module available. Does someone know what Iu2019m doing wrong or how I could add the correct login module?
    I attach a screen shot from Visual administrator.
    Kind regards,
    Richard Meijn
    Edited by: Richard Meijn on Aug 10, 2011 8:20 AM

    Cahtal,
    Thanks for you quick reaction but it's not all clear for me. So could you explain it a little bit more detailed fo me.
    If I write something wrong please correct me. I understand the following
    So If I am on the "Authentication" tab I press the Add new button
    In the list which shows up I select the u201CEvaluateTicketLoginModuleu201D
    Here I change the name and option value to trustedsys01=<PORTAL_SID>, <PORTAL_CLIENT>
    Kind regards,
    Richard Meijn

  • Consume an existing WebService over an SAP Portal Application

    Hi all,
    I would like to consume an existing  Web service, which has been implemented under AXIS 4 1 and deployed to a tomcat 4.1 installation.
    I've developed an SAP Portal application with NWDS (Dynpage-Structure), which has to call this web service. For this, I've generated a standalone proxy client over WSDL of this WebServie under WebServiceWizard of NWDS and called it from my Portal Application, without success :(. But when i call it (proxy) from a standalone java client (Class with main-Method), it function.
    Can anybody help me, for calling this WebService
    Regards
    Ahmet Büyükyilmaz

    Hi Ahmet,
    open a browser on your portal server (or try telnet) to check if you can access your axis server. Seems like you have some firewall or routing probs.
    Just enter your web service uri in address bar of the browser to see if you can get a connection. If you do not have a browser, try:
    'telnet <axis-server-name> 80'
    from command line. Does anybody listen?
    Is your web service designed to be used by anybody? Or do you have some kind of authorization issues?
    HTH,
    Carsten

  • SSO to J2EE application from SAP Portal

    Hi
    I am trying to do SSO from SAP Portal to a J2EE engine which runs on SAP Web AS.
    Here are my queries
    1. When I deploy a J2EE application on Web AS , I dont get any login screen. How can I make sure that if a user wants to access this J2EE application he should get a login screen and provide his login credentials first, only then would he be able to access the J2EE application.
    2.When I am done with Part 1. If a user tries to access this J2EE application from the Portal (asuming the user Id's in Portal and J2EE application are same and both are in the same domain) , I should not get any login screen and should be able to view the J2EE application.
    3.I want to use SAP Logon tickets generated by the Portal to enable SSO.
    I have done all the necessary configurations in the J2EE server.
    1. Imported the Portal's verify.der certificate.
    2. Adjusted the login modules stack for the application accordingly.
    Can anyone please help me out with this or throw some light.
    Please help.
    Thanks in advance,
    Vivek
    PS - Points will be definitely rewarded

    Hi Vivek,
    Let me give you the solution for both questions differently.
    <b>Ques 1. When I deploy a J2EE application on Web AS , I dont get any login screen. How can I make sure that if a user wants to access this J2EE application he should get a login screen and provide his login credentials first, only then would he be able to access the J2EE application.</b>
    <b>Ans:</b> For doing this in the code of your J2EE application you have to write a if statement which will check if the user ID is coming from the backend or not. If yes then you display that logon page else you just pass that username which is coming from backend and displ;ay the page accordingly.
    <b>Ques 2.When I am done with Part 1. If a user tries to access this J2EE application from the Portal (asuming the user Id's in Portal and J2EE application are same and both are in the same domain) , I should not get any login screen and should be able to view the J2EE application.</b>
    <b>Ans:</b> Yes, this is what I am explaining you. Even I had also made same kind of J2EE application in which if the user is coming from the backend then he/she will look the J2EE screen else if the username is not coming then he will se the Login screen. Exactly same as what are looking for.
    <b>3.I want to use SAP Logon tickets generated by the Portal to enable SSO.</b>
    <b>Ans:</b> I have used User Mapping instead of SAP Logon ticket. Well that is also the option for SSO but personally I think User Mapping is easy and better way for implementing SSO.
    I dont know whether this will help you or not. Please let me know. I can definately help if you want to implement SSO using User Maping.
    Regards
    Pravesh
    PS: Please dont forget to reward points.

  • SSO from Microsoft wabsite to SAP Portal

    Hi
    My client wants SSO from .net based Microsoft website to SAP Portals. Requirement is that when customer enters the website e.g. www.mysite.com , he will be automatically gain access (SSO) to  SAP Portal .
    How it can be done ?
    Please help
    Thanks in advance

    Hi Ananda,
    This link answers your query.
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/interoperability/dotnet/_web%20services%20and%20a2a%20interoperability%20center/sample%20application%3a%20sso%20with%20a%20.net-based%20web%20service%20client%20using%20sap%20logon%20tickets.pdf
    Reward points if handy!
    Regards,
    Sandeep Tudumu

  • My experience of SSO between SAP Portal6.0 and non-Sap Application

    Firstly I announce that I am not a Sap developer or a Sap Consultant.  I am a Cognos Consultant. I need do SSO between Sap Portal and Cognos Portal in my project, So I have to make SSO between two portals.
    I  tested  SSO between the two products on IIS5 of Windows XP and IIS6 of Windows 2003 and passed.
    Step 1:  Copy sapsecin.exe and sapsecu.dll on any directory where you want, such as “C:PortalSecurity”
    Then add this  directory  to your Environment variable PATH. You can find the two files on sapserv<x> under general/misc/security/SAPSECU/<platform>;
    Step 2: Copy your Filter ISAPI Files IIS_SSO.dll or IIS6_SSO.dll in any directory where you want, such as “C:PortalFilter”. You can find this two files on SAP note 442401.
    Step 3:  Get you ‘verify.pse’  which is located in
    <irj>
    ootWEB-INFpluginsportalservicesusermanagementdata  and put it on the same directory with your ISAPI Files ,such as C:PortalFilter
    (According Sap Support articles , IIS_SSO.dll should be used on IIS 5 and IIS6_SSO should be used on IIS 6,but I can not load IIS_SSO.dll on IIS 5 of Windows XP, I use IIS6_SSO.dll );
    Step 4:  Create a new file named ‘verify.properties’ , the content of this file see the appendix A;
    Step 5:  Load the IIS6_SSO.dll on your IIS. On IIS5, Select  Website Properties—ISAPI Filter—Add IIS6_SSO.dll and name it ‘wp’ . On IIS6,do as such and Create a Web Extensions  named  ‘wp’ and allocate file IIS6_SSO.dll. Finally restart the www service.
    I
    If you can load the filter successfully, you will see the  filter color is  green.
    On IIS6,Maybe you find that you can’t load your ISAPI file IIS6_SSO.dll, Its state is unloaded and its color is red. I am confused by this question long time. I finally found you must install some R3 dll files on your system! The .dll files which I mentioned can be found in SAP note 684106, put it in a same directory with your security files, such as C:PortalSecurity and restart your web server.
    (The steps above I reference Chris beck ‘s topic)
    Step 6: I write an  ASP file named ‘headerdumper.asp’ on my website and create a i-view to show my asp file in SAP Portal. If you succeed, you can see the http header variable<your logon name> in ASP page. If you application can receive http header variables, then Congratulations! You have apply SSO successfully.
    If your log file show ‘Can't find MYSAPSSO2 ticket cookie for URI "" on host "", don’t worry about it. I am confused by this question long time though.  I found the key cause the errors are cross domain or different DNS suffix.
    I tested 3 scenarios :
    1 if your Sap Portal URL is http://sap-server:50000/irj/protal ,and your asp file is located in http://sap-server:80/headerdumper.asp, You can’t access this asp page from i-view . I am sorry that I have no idea about this.
    2 if your Sap Portal URL is http://sap-server:50000/irj/protal ,and your asp file is located in http://your-server:80/headerdumper.asp, Your log will show ‘Can't find MYSAPSSO2 ticket cookie for URI "" on host "". because they have  no domain name, which is seemed that they meant different  domain.
    3 you must deploy your asp file and sap portal like below ,So you can apply SSO correctly:
    you must access SAP Portal like : http://sap-server.domain.com:50000/irj/portal
    you must access your asp file like http://yourserver.domain.com:80/headerdumper.asp
    then add your asp file as  i-view to your SAP Portal which URL is like  above , you can get Http header variable correctly.
    I am not an native English speaker, I hope you can understand what I said.
    Appendix A The Content of Verfy.properties
    remote_user_alias=REMOTE_USER
    pse_file=C:PortalFilterverify.pse
    application=portal
    log_file=C:PortalFilterverfy.log
    log_level=3
    cache_size= 1000
    Appendix B The Code of headerdumper.asp

    I'd recommend to cross-post your inquiry to the Security

  • Issues accessing keystore of SAP Portal

    we need to configure an SSO from SAP portal and a third party website by passing encrypted userid as url parameters.
    To configure the SSO I have received the public key of the third party and able to access it from server location. Now I have to access priavte key of the SAP Portal certificate and sign the UserId and pass it as url parameter. I have gone through many blogs and written code as below which is giving Invalid Keystore Format error.
    My question is
    1. What should be passed to FileInputStream?
    As of now we are passing the .cer file which is stored as part of project.
    Below code is throwing error at ks.load() method.
    String fielPath1 = request.getPublicResourcePath()+"/SAPLogonTicketKeypair-cert1.cer";
    FileInputStream ksfis = new FileInputStream(fielPath1);
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(null, sPass.toCharArray());
    BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
    ks.load(ksbufin, sPass.toCharArray());
    PrivateKey priv = (PrivateKey) ks.getKey(alias, kPass.toCharArray());
    Error is:
    Invalid keystore formatsun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)java.security.KeyStore.load(KeyStore.java:1185)am_sso_apc.doContent(am_sso_apc.java:132)com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:213)
    Please let me know how to pass the filepath to extract the priavte key .
    Regards,
    Satish

    Sorry to say: but that's a bad advise.
    The usertype impacts not only the ability / requirement to change passwords (see <a href="http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=622464">SAP Note 622464</a>).
    A better advise might be <a href="http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=869218">SAP Note 869218</a>: if users need to have the option to logon to the ABAP backend systems by using UID/PWD but do not want to be prompted to change those backend passwords when accessing the backend systems through the Portal, then that note can provide some solution.
    Of course: not using UID/PWD but some (other) sort of SSO would be the better approach. However, somethimes that is not possible (e.g. when it would be required to purchase an SNC partner product, according to <a href="http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=66687">SAP Note 66687</a>).
    Wolfgang

  • SSO from Microsoft to SAP portal

    Hi guys,
    I am stacked in something regarding SSO, the problem here is that I have to create and ASP.net application able to create the SAPLogOnTicket and bypass the SAP portal logon screen and everytime I am using may application I have not to log in again in the SAP Portal.
    Anyone who have an answer or a working example, please let me know.
    Thanks in advance,
    Armando

    Hi Armando,
    if your application is extranet application (you access it from internet) then you need to use citrix to    log in to the portal without asking for username and password.
    if the application is accessible from the intranet then you need to identify the application in the portal landscape system. for more information on this subject you can read the following useful help:
      [Click Here|http://help.sap.com/saphelp_nw2004s/helpdata/en/ec/0fe43d19734b5ae10000000a11405a/frameset.htm]
    Regards,

  • SSO from BW to non-SAP portal

    Hi, gurus,
    I need to connect our BW to an non-sap portal which is developed by JAVA. However, I have no ideas about how to realize SSO between BW and the portal. Is there any one has similar situation? Could you share your experience?
    Thanks!
    Peng

    Hi, gurus,
    I need to connect our BW to an non-sap portal which is developed by JAVA. However, I have no ideas about how to realize SSO between BW and the portal. Is there any one has similar situation? Could you share your experience?
    Thanks!
    Peng

  • SSO from Non-SAP portal to EP

    Hi.
    We need SSO from Non-SAP portal to EP.
    The Non-SAP Portal has publish Form-based authentification.
    I mean userid&password set to URL.
    Then the EP can generate SAP Logon ticket to backend system?
    regards,

    How to Enable Single Sign-on with Non-SAP Web Application                    
    I have very good material coollected for the same implement this.
    http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm                                             
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a7b5ba90-0201-0010-4dbc-8f999dcd2798                                                                                
    Cheers!!                                             
    SJ.

  • R/3 Secure Store and Forward, while using SAP portal for SSO

    Hello,
    We are using SAP Portal UME for authentication, then SAP SSO tickets to log into the SAP R/3 system.  Initially we decided that the end users would have a "disabled password" so that they must use the portal authentication mechanism to get into R/3 and therefore could not log in straight to R/3 system via SAP GUI.
    All was working fine until during integration testing when someone tried to use the electronic signature function on a QM t-code (QA11) that prompted for an e-sig.  Since local passwords have been disabled, the user could not execute the e-sig. 
    We do not want to activate local R/3 passwords for the users.  Can anyone give some advice or a best practice regarding how to set up electronic sigs in R/3 while using an external authentication source? FYI, we are also trying to avoid using the LDAP connector from R/3 to our LDAP.
    Please comment for any clarity needed or comments,
    Thanks in advance,
    Ryan

    Good point - but I'm afraid of not knowning an instant answer.
    Well, theoretically one could make use of the fact that an NWAS ABAP can act as http client (submitting http requests to the NWAS Java to validate logon data); but that's just a rough idea.
    Regards, Wolfgang

  • Can we achieve SSO in the SAP Portal without a third party tool

    Can we achieve SSO in the SAP Portal without a third party such as Netegrity?

    Kirk,
    Sorry I misunderstood what you were trying to setup. 
    If you want to connect the Portal to a Non-SAP Application then I believe that you would need to use a third party tool like Netegrity Siteminder.
    We have a portal that is protected by Siteminder and then we have a .NET application that is also protected by Siteminder and SSO is setup between the two since Siteminder is used.
    Hope that helps,
    Keith

  • SSO to SAP works but no OLAP Connection per SSO Auth

    Hi experts,
    we have setup an SSO for the Authentication of SAP BW and SAP BO and used the portal integration. We are using SAP BO 4.1 SP4 and SAP BW 7.4.
    We use the Login via Netweaver Portal go then to the SAP BO where the reports are stored.
    The SSO login works fine, but the OLAP connection to the SAP BW system does not fly. I have tried to create a connection via IDT. This works.
    After that I created a WebI report in the Applet and chose BEx Connection and retreived the error:
    error.openSapBwBrowsingSessionFailed
    Then i tried the WebI Rhich Client and recieved the message: Unknown Error in SL Service and Even do not recieve the list of possible Bex connections.
    We are using SNC for the user authentication in SAP BW.
    An now it is getting very unnormal:
    When i go the IDT tool and create the connection again and republish this to the repository and try to connect again via WebI Applet, i do not get the error message again.
    Can you please assist, as our Business user can not publish their OLAP connection.
    Regards,
    Markus

    The new Business Objects version (BI 4.0) comes with a new authentication
    technology to create a trust relationship between a non-SAP user and the SAP
    data source. How to determine the correct method to be used?
    When using legacy .unv universes (XI 3.1 technology) = SNC
    When using .unx environments (BI 4.0 new semantic layer) = STS
    when you try to connet BICS connection or IDT it is important to use the STS methodology.
    check the below link to have configurations.
    Follows a Wiki link with a "How to setup SSO against SAP  BW in SBO BI4.0 for LDAP users".  and follow the raunak kumar suggestion when you configire SNC and STS.
    http://wiki.sdn.sap.com/wiki/display/BOBJ/How+to+setup+SSO+against+SAP+BW+in+SBO+BI4.0+for+LDAP+users

  • SSO to SAP EP6 (for Employee Self Service) using WebSEAL

    Hi SDN friends,
    We are about to embark on a SSO implementation using IBM WebSEAL for SAP EP6 ESS (Employee Self Service) connecting through to an SAP R/3 4.7 server.  Since the ESS solution for 4.7 still uses ITS services, this means that we have ITS iViews in the EP6 portal.
    We have managed to look through the whitepaper 'IBM Tivoli Access Manager - Single Sign On for SAP NetWeaver - September 2005' described at https://www.sdn.sap.com/irj/sdn/developerareas/ibm
    We have the following queries, if anybody has a simple answer to these:
    -  Is it absolutely necessary to configure an SNC connection between ITS/EP6 and R/3 server to achieve SSO for the portal?
    -  Given that SAP EP6 references ITS IAC iviews, is it necessary for us to configure both ITS and EP6 for SSO, or can we simply configure EP6 for SSO?  If so, is it also necessary to configure both for SSL?
    -  Otherwise, how easy is it to set up SSO in this scenario without SSL (for demo purposes)?
    Any thoughts would be greatly appreciated.
    Cheers
    John Moy

    Hello John,
    regarding your questions:
    ad 1) no. SNC is only mandatory if you use X.509-based SSO to R/3. You can also use SAP logon ticket-based SSO from EP to R/3 or usermapping that do both not require SNC.
    ad 2) yes, you have to configure both EP and ITS at WebSeal.
    ad 3) you can always omit SSL. However for production use, it is recommended.
    Regards
    Michael

Maybe you are looking for

  • Error in loading RT for component IUICMDC after enhancement

    Hello experts, We have enhanced the component :IUICMDC for a few custom fields. After testing in dev client , same request after transporting into quality client it;s showing error in related to ICF service. While trying to open the component through

  • Still no edit button in Contacts

    I have tried reinstalling, to no avail... the edit options are greyed out as well... so no command key workaround... though my wife's contact app works correctly on her account... something with the install or a preference... just don't know where to

  • Updating dynamic data

    Hello there, I'm following a tutorial that shows how to create an update/edit form to edit selected records within the database. However, it is not working. I don't know what I'm missing. This is the form containing the records I want to update. Ever

  • Can't download Photoshop Elements 12 Trial Version

    I am trying to download the trial version of Photoshop Elements 12.  When I click on "Download" in the below dialog, I get the pop-up "Error 100 error message.  My Internet connection checks out O.K., and I have tried restarting Download Assistant, b

  • Winetricks problem ...

    I'm following the wineappdb tutorial to install Photoshop CS4 demo on linux, what could be the problem ? [entraide-net@Inspiron1501 ~]$ ./winetricks msxml6 gdiplus gecko vcrun2005 ie6 Using native,builtin override for following DLLs: msxml6 Executing