on 02-24-2009 4:55 AM
Hi,
I am investigating the different security options available in the following synchronous scenario:
non-SAP system -> PI 7.1 -> ECC 6.0
Has anyone implemented Logon Tickets to authenticate into PI (as opposed to basic http authentication with userid/password) in a similar scenario where the sender was not an SAP system?
If so, some questions:
- what performance overhead did you experience? was it a significant overhead?
- which system in your landscape issued the logon tickets? Was it your PI system?
Any help would be appreciated as I'm new to the option of Logon tickets but I think it is exactly what we need because SSL is not necessarily required and password is not required to access PI but please correct me if I am wrong.
Regards,
JM
Hi,
what performance overhead did you experience? was it a significant overhead? - There is no significant overhead on using Logon Tickets.
which system in your landscape issued the logon tickets? Was it your PI system? - If you use Logon Tickets, then PI system will issue a Logon Ticket for a Non-SAP - PI - ERP scenario.
I'm new to the option of Logon tickets but I think it is exactly what we need because SSL is not necessarily required and password is not required to access PI - See for accessing PI, you will need a proper User with its password to access the Service exposed by PI to the non-SAP application. Then using Logon ticket, you can send the same user to SAP ERP system.
Regards,
Rajeev Gupta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi JM,
A shot in the dark !! What i gather is that you are hinting at Principal Propagation in SAP NetWeaver Process Integration.
Rgds
joel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
No it isn't necessarily about principal propagation. Whilst we need to be able to propagate the user to ECC 6.0 for some scenarios, it isn't necessary for all scenarios. We are just trying to come up with a consistent authentication mechanism in PI that would suit a variety of scenarios - e.g Application to Application or User-Driven-Application to Application.
Regards,
JM
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.