Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

B2B - What is it and how do we use it?

I have seen this used on a live site and would like to know what it is and how it's intended to be used...and where to set it up.

I suspect there might be some ability to allow users to browse a B2B site catalog without logging in until they try to add to a cart,

which is when one site I've found then pops up the https://www.shopsite.c../b2b/b2b/ screen.

This has apparently been around for quite a while and is on our CRM4 server in the WEB-INF/config.xml

Hopefully there is someone out there the can shed some light on this!

<action path="/b2b/coreinit" type="com.sapmarkets.isa.isacore.action.IsaCoreInitAction">
	<forward name="success" path="/b2b/relogin/"/>
	<forward name="darklogin" path="/b2b/relogin/"/>
<action path="/b2b/relogin/setcookie" type="com.sapmarkets.isa.core.action.SetReloginCookieAction">
	<forward name="success" path="/b2b/"/>
	<forward name="darklogin" path="/b2b/"/>


Former Member
Former Member replied

Hello Mike,

The folowing "actions" are preludes to the real login in ISA (B2B)

  1. init - InitiAction

  2. coreinit - IsaCoreInitAction

  3. setcookie - SetReloginCookieAction

  4. preparelogin - PrepareLoginAction

  5. login - DetermineBrowserVersionAction

The forward darklogin is used in cases (2) or (3) based on certain

circumstance. Nothing special happens in darkLogin.

In Case (2), if the user ID and password are available in the request

context or passed in URL parameters (UserId and nolog_password or

password), then, ISA takes the darklogin checks. Any logon

credential given in the URL parameter willbe moved to request attributes

in this step.

Case (3) is usually the portal scenario - the login credentials are

available in loginCookie. The user ID is usually set to

"$MYSAPSSO2$" and the password is set to the long Logon Ticket.

This ticket is the authentication mechanism based on pre-established

trust configured between the Portal system and the CRM or R/3

backend system. This ticket when decrypted correctly, will contain the

Portal UserID and the SSO2 credentials - not any user password. The

original code of this class doesn't even have active code that sets the

forward to darklogin !

If you see the action paths you have identified, the darklogin merely

goes to the same path taken otherwise by the success forward. It

follows the normal flow until it reaches reallogin.

reallogin - LoginAction

In both the cases, they still go through the reallogin step. It is here the

ISA determines to either show the logon page (login.jsp) or skip the

login page. This is strictly based on the URL parameter or request

context attrbutes. And the site you are talking about - that shows a

popup - unless they have added any custom development that is not

available in the standard code.

darkLogin in B2C

Only B2C gives any special action path for darklogin. But don't

get excited, here too, nothing special happens. It is only executing the


<action path="/b2c/darklogin" name="loginForm" 
    <forward name="success" path="/b2c/"/>
    <forward name="failure" path="/b2c/"/>
<action path="/b2c/preparelogin" 
    <forward name="success" path="/b2c/"/>
    <forward name="failure" path="/b2c/"/>
    <forward name="darklogin" path="/b2c/"/>

So, conclusion: Nothing special happens in darkLogin.

Easwar Ram

0 View this answer in context

Helpful Answer

Not what you were looking for? View more on this topic or Ask a question