cancel
Showing results for 
Search instead for 
Did you mean: 

PI authentication with Logon Tickets

Former Member
0 Kudos

Hi,

I am investigating the different security options available in the following synchronous scenario:

non-SAP system -> PI 7.1 -> ECC 6.0

Has anyone implemented Logon Tickets to authenticate into PI (as opposed to basic http authentication with userid/password) in a similar scenario where the sender was not an SAP system?

If so, some questions:

- what performance overhead did you experience? was it a significant overhead?

- which system in your landscape issued the logon tickets? Was it your PI system?

Any help would be appreciated as I'm new to the option of Logon tickets but I think it is exactly what we need because SSL is not necessarily required and password is not required to access PI but please correct me if I am wrong.

Regards,

JM

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi,

what performance overhead did you experience? was it a significant overhead? - There is no significant overhead on using Logon Tickets.

which system in your landscape issued the logon tickets? Was it your PI system? - If you use Logon Tickets, then PI system will issue a Logon Ticket for a Non-SAP - PI - ERP scenario.

I'm new to the option of Logon tickets but I think it is exactly what we need because SSL is not necessarily required and password is not required to access PI - See for accessing PI, you will need a proper User with its password to access the Service exposed by PI to the non-SAP application. Then using Logon ticket, you can send the same user to SAP ERP system.

Regards,

Rajeev Gupta

Answers (1)

Answers (1)

JoelTrinidade
Active Contributor
0 Kudos

Hi JM,

A shot in the dark !! What i gather is that you are hinting at Principal Propagation in SAP NetWeaver Process Integration.

Rgds

joel

Former Member
0 Kudos

Hi,

No it isn't necessarily about principal propagation. Whilst we need to be able to propagate the user to ECC 6.0 for some scenarios, it isn't necessary for all scenarios. We are just trying to come up with a consistent authentication mechanism in PI that would suit a variety of scenarios - e.g Application to Application or User-Driven-Application to Application.

Regards,

JM