cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Leveraging NetWeaver for SSO

Go to solution
Former Member

on ‎03-16-2006 10:22 PM

0 Kudos

My company has 3 seperate SAP environments (2 running SAP 4.7 and 1 running NetWeaver). The NetWeaver environment has been configured to use Kerberos for Single Sign On and all 3 environments have been configured to accept SAP Logon Tickets from each other. Now what I want to be able to do is provide a way for developers to "ping" off of the NetWeaver environment and get the SAP Logon Ticket. For example:

I want to allow SSO to one of my 4.7 environments from a .Net application I have written. Since I don't have a way to get the SAP Logon Ticket from the 4.7 environment, I want to make a call to NetWeaver, have it verify via Kerberos who I am, and send me back a SAP Logon Ticket that I can then use on the 4.7 environments.

What should I setup in NetWeaver to allow this: Create an Iview that could be called from the .Net connector? Create a script on the WAS? I'm looking for simple yet effective here.

Thanks,

JJ

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

reiner_hille-doering
Active Contributor
‎03-17-2006 9:14 AM
0 Kudos

If you use the .NET Connector you can use any of the ABAP systems to get a logon ticket via SAPConnection.GetSAPSSOTicket(). You need to authenticate with one of the supported SNC technologies that also include Kerberos. Using a trusted SNC connection and an external User ID is also an option.

The other possibility is to use the Portal to create a Logon Ticket from another authentication. An arbitrary page should work. Here is a possible order of steps:

- Impersonate to the user you want to logon.

- Create a HttpWebRequest to the portal page.

- Execute the request.

- Take the Logon Ticket from the MYSAPSSO2 cookie.

Show replies
Show replies
Former Member
‎03-18-2006 12:27 AM
0 Kudos

Thanks for the information, Reiner. I've been doing some additional work with this today and am struggling with finding all of the parts and pieces I need to pull this off using SNC (the SNC parameters that needed to be populated in the Destination object in order to create the connection, finding the gsskrb5.dll, etc.). Nevertheless, I am close to getting this to work with the GetSAPSSOTicket() and will post my results next week.

Former Member
‎03-23-2006 12:15 AM
0 Kudos

After further investigation, we have only have the Java Stack and EP installed for our NetWeaver environment. Is there anyway for me to leverage the Java stack directly from the .Net connector to do a Kerberos login and get back an SAP Logon ticket? Should I be able to use the same SNC parameters (SNCPartnerName, SNCLib, etc.)?

reiner_hille-doering
Active Contributor
‎03-23-2006 9:35 AM
0 Kudos

As I wrote you can

- either get the ticket with NCo from an ABAP system. This doesn't need to be the portal (and can't be, because it is Java), it could also be one of the R/3s.

- or get the ticket from the portal via a HttpRequest.

Former Member
‎03-05-2007 2:31 PM
0 Kudos

I'm trying to do a WebRequest in C# to a BSP page, When I first hit it it asks for credentials then stores them, is this the same technique as used by portal, can I use Netweaver BSP/WebServices pages with a request to get a logon ticket or does it have to be "Portal" .

Is there a reason why the same credentials code as in "SSO with .NET .....SAP...Tickets" does not return the BSP page I requested.

Im trying to embed a simple BSP page into Sharepoint WebPart. Later I will get access to a portal and try iViews into Sharepoint (but securely, unlike some demos) Appreciate some thoughts on the disctinction between Netweaver and portal reagarding these logon tickets.

Former Member
‎03-07-2007 9:34 AM
0 Kudos

Please ignore my ramblngs, I think that my last post demonstrates a complete mis-understanding of Netweaver and SSO.

Having read and re-read André Fischers posts on single sign-on I understand a lot more about a lot of things Netweaver.

If your interested I managed to embed a BSP page into sharepoint which was my goal, but badly expressed. A simple WebClient, Credential Cache and adding the header User-Agent got everything working. After reading André's posts, it made me realise what I was trying to acheive was a bad idea anyway.

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎03-07-2007 1:00 PM
0 Kudos

It is nice to hear that I could help you.

Best regards,

André

Former Member
‎01-28-2008 5:18 AM
0 Kudos

Hi john,

We are planning to integrate Sharepoint portal under sap enterprise portal can you provide me all the steps if you have implemnted this

best regards

sam

Answers (0)

Ask a Question