Solved: Single sign on to BSP application (BEx 3.5) withou...

Former Member · ‎05-18-2009

I have the following scenario. I am running SAP BW 3.5 web reports and I want to set up single sign on to those web reports without using portal. I am running on windows platform and have already configured the sapgui sso functionality. However I also want sso functionality for the bex web. Can anyone tell me if and how this has been done and point me to the right direction.

Former Member · ‎05-18-2009

Hi,

If you have activated the Java stack on you BW 3.5 system, it is possible using the spnego method.

Please refer to help.sap.com to know precisely how to set the configuration.

Regards,

Olivier

Former Member · ‎05-18-2009

Hi,

If you have activated the Java stack on you BW 3.5 system, it is possible using the spnego method.

Please refer to help.sap.com to know precisely how to set the configuration.

Regards,

Olivier

Former Member · ‎06-15-2009

Does anyone know if there's SPNEGO equivalent that can be implemented on the ABAP stack for BSP apps?

Thanks,

Kiran

Former Member · ‎06-15-2009

There are only tricks and 3rd party products.

The ABAP login module stack is not configurable like the Java stack.

Cheers,

Julius

Former Member · ‎05-03-2010

Hi Julius,

Do you know whether it is possible run 3.5 queries via SSO without the portal with the User Authentication and Single Sign-On improvements in EHP2?

regards,

John Marelich

Former Member · ‎05-03-2010

The only safe supported way of doing this is using a PKI. The unsafe way involves SAP Login Tickets which can also be issued by an ABAP stack. I would not call either way third party or trick.

tim_alsop · ‎05-03-2010

You DO NOT need a PKI to solve this need. Instead, you can use the Java stack, configure the BW service in SICF transaction to redirect to the Java stack, where SPNEGO (e.g. Negotiate protocol) is used to authenticate the user, then redirect back to the app on ABAP stack along with the SSO2 ticket issued by Java stack. This is standard, secure and very common method of solving this problem and it DOES NOT require the overhead of a PKI.

Thanks,

Tim

Former Member · ‎05-03-2010

Hi Tim,

the original poster specified that he didn't want to use the portal and I assumed that that included the java stack. Most here will agree that one can use Login Tickets for that, but I wouldn't call them secure...

btw. how are you?

Regards,

Sietze

tim_alsop · ‎05-03-2010

>


> Hi Tim,
> 
> the original poster specified that he didn't want to use the portal and I assumed that that included the java stack. Most here will agree that one can use Login Tickets for that, but I wouldn't call them secure...
If you are going to make claims that SSO2 tickets are NOT SECURE, then please make sure that you give examples and facts to explain why SSO2 tickets are not secure. Anyway, this is going off topic, since it is not related to the question asked by the customer in this thread.
> 
> btw. how are you?
I am very well thanks. 
> 
> Regards,
> Sietze

WolfgangJanzen · ‎05-16-2010

Well, in the future there will be a 3rd way: using SAML 2.0 and an Identity Provider (IdP) which is capable of supporting "Windows Integrated Authentication" (e.g. SAP IDM 7.2 or Microsoft ADFS 2.0) in conjunction with an NWAS ABAP 7.02 (or subsequent releases) which is acting as SAML Service Provider (SP).

Single sign on to BSP application (BEx 3.5) without portal