cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO - From ABAP to Portal - Is this possible?

Former Member

on ‎03-23-2009 1:55 PM

0 Kudos

Hello,

I have a SAPGUI user that has authenticated to SAP ERP 6.0. The business request is to give that SAPGUI user a button that will launch a URL to EP 7.0, using SSO, so that they can seamlessly access the federated BI reports that are on the BI 7.0 Portal.

Is it possible to reverse configure SSO from ABAP to the Portal?

I have configured SSO from the Portal to ABAP backends. I have configured Trusted relationships between ABAP systems. I have read the supporting documentation on SSO, but I don't see a way to reverse the SSO relationship, to force the ABAP system to generate the logon ticket and pass it off to the portal.

If this is possible, has anyone done it, and how is it done?

Regards,

John

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

hofmann
Active Contributor
‎03-23-2009 5:54 PM
0 Kudos

Hi,

SSO from ABAP to Portal is not possible. The portal needs a MYSAPSSO2 cookie SAP Logon Ticket. Only NW AS Java can issue that ticket. Also, this is a browser ticket (cookie).

The alternatives you can try are:

1. NWBC. This new SAPGui can display Transcation screens like SAPGui, but also Portal content (roles, iViews, etc). Maybe this can solve your SSO problem.

2. If you're using MS Active Directory, enable Kerberos SSO on your Portal. This way, the user will still have to log on to the portal (no SSO between ABAP --> Portal), but this process will be transparent. The user won't see a logon screen.

br,

Tobias

Show replies
Show replies
Former Member
‎03-31-2009 8:18 PM
0 Kudos

Hello Tobias,

Thank you for your insight into this question. In parallel to posting this question on SDN, I also opened a message on OSS and have received a much different reply.

Question to OSS: I have been told that SSO from ABAP to the portal is not possible because the portal needs a MYSAPSSO2 cookie SAP Logon Ticket, which cannot be issued by the ABAP stack.

Response from OSS: J2EE engine can be configured to accept ticket from ABAP system. For more information, please refer to http://help.sap.com/erp2005_ehp_03/helpdata/EN/94/f2503ede925441e10000000a114084/content.htm

In a subsequent exchange, SAP also suggested looking at http://help.sap.com/saphelp_nw04s/helpdata/en/75/c80b424c6cc717e10000000a155106/frameset.htm.

I understand your point that ABAP cannot generate the MYSAPSSO2 cookie to authenticate to the portal. According to SAP, this is possible, but I don't see a way to make it happen.

If anyone else has further insight into this topic, I would appreciate it.

Regards,

John

hofmann
Active Contributor
‎03-31-2009 8:37 PM
0 Kudos

Hi,

I believer either I or the SAP OSS person did not understand your question correctly.

You have an user that is acessing the ECC via SAPGui for Windows / Java. Meaning: no web browser involved. When he acesses the BI, he opens his browser and navigates to the portal.

In this case, SSO between ABAP and portal won't work.

The SAP Help link provided by OSS states:

Configuring AS-Java to Accept and Verify Logon Tickets: [...] set up any AS-Java systems that are integrated into the portal to accept the portalu2019s logon tickets.

This is about accepting the Portal's logon ticket.

If the user is acessing the ECC via SAPGui for HTML, the browser is already open. The user is acessing the ECC via ICM (ITS). In this case, he the browser is already opened and you can add cookies (tickets) to the browser's cache. Using the link provided from OSS you can modify the portal login stack to accept a cookie stored in the users browser cache by WebAS ABAP.

But I believe that you'll have to create your own custom logon stack to achieve this.

br,

Tobias

Former Member
‎03-23-2009 2:20 PM
0 Kudos

Hi John

Please check the following links

http://help.sap.com/saphelp_nw04/helpdata/EN/5e/6c85c3edf942f39349a1e337434d29/content.htm

and

http://help.sap.com/saphelp_nw04s/helpdata/en/5e/6c85c3edf942f39349a1e337434d29/content.htm

i hope it helps

Regards

Chen

Show replies
Show replies
Former Member
‎03-23-2009 2:27 PM
0 Kudos

Hello Chen,

Thank you for responding. However, I am looking for the solution that will take me from the ABAP stack to the Portal.

Configuring SSO in the traditional direction from the Portal to the ABAP stack, as is referenced in your links above, is a straightforward process.

Regards,

John

Former Member
‎03-23-2009 2:36 PM
0 Kudos

Hi

Check this out, this might help you in developing your concept.

https://help.sap.com/saphelp_nwce10/helpdata/en/45/b687b4f3fc0039e10000000a11466f/content.htm

Regards

Rahul

Ask a Question