Solved: SSO from non-SAP (Webspher AS) to SAP (EP)

Former Member · ‎06-30-2009

Hi,

We need to connect in SSO an WebSphere Application Server with SAP EP.

In practice our users will log on Corporate Portal, go to a section in which there will be a link to SAP EP (in particular access to the functionality ESS and MSS).

How do I implement a SSO for my scenario?

All the documentation I found is from SAP EP to a non-SAP application and not vice versa.

Best Regards.

Diego.

Former Member · ‎10-21-2009

Hi Diego,

We have a requirement wherein we need to have E recruitmtent applications in IBM Websphere Portal.I have gone through few documents and i am not clear how to move forward.Could anyone suggest some best way to achieve this.

We are in ECC 6.0 EHP4.All the E recruitment applications are Webdynpro ABAP based.

Thanks,

Anil

tim_alsop · ‎06-30-2009

Diego,

One approach (not the most secure if network security is not considered when implementing) is to make your WebSphere AS store the ID of user who has authenticated in a HTTP header variable, and then configure the ticket stack on Portal server to authenticate user using the HTTP header variable login module. You can also use SAML if WebSphere is able to create a SAML token.

Thanks,

Tim

Former Member · ‎06-30-2009

Hi Tim,

can you describe the steps to implement the HTTP header variable in WebSphere AS?

Regards,

Diego.

tim_alsop · ‎06-30-2009

Diego,

I am afraid I am not familiar enough with WebSphere to know the details. You can ask IBM or search SDN for keywords which mention HTTP header and/or WebSphere - I know for a fact that this kind of setup is common, so there should be information on Internet which describes how to make WebSphere and SAP work this way.

Sorry I cannot be more helpful/specific. I hope i have been a small help to you ?

Thanks,

TIm

Former Member · ‎07-02-2009

Hi,

we are analyzing the SAML, but I would like to know if it is usable even with Browser / POST Profile.

Regards,

Diego.

WolfgangJanzen · ‎07-03-2009

>


> Hi,
> We need to connect in SSO an WebSphere Application Server with SAP EP.
> In practice our users will log on Corporate Portal, go to a section in which there will be a link to SAP EP (in particular access to the functionality ESS and MSS).
> How do I implement a SSO for my scenario?
> All the documentation I found is from SAP EP to a non-SAP application and not vice versa.
> 
> Best Regards.
> 
> Diego.

Question: which kind of authentication mechanism is used when the users will log on Corporate Portal ?

It might be a smart idea to use the same authentication mechanism also for SAP EP.

Well, if not only SSO (Single Sign-On) but also SLO (Single Log-Off) is demanded, then you should focus on SAML 2.0 - provided that all parties do support it. NetWeaver will support SAML 2.0 with a future release, so this is only an outlook for you by now.

Former Member · ‎07-03-2009

Another possibility would be to use X.509 certificates. AFAIK Websphere supports this and I am sure Netweaver supports this as well. Technically, you won't have single sign on (as the authentication will run each time a new server is used) but the end effect for the user is the same (no more passwords).

Former Member · ‎07-08-2009

Hi,

we not use the X.509 certificates when it is unthinkable for most of 5000 users.

we can't use SAML as SAP uses only the Browser / Artifact profile (and not the Browser / Post Profile) which requires the use of a product IBM (Federal IM) with additional license fees and significant.

The hypothesis we are considering is the use of TAM (Webseal) or via the use of a custom module deploy on 'WebSphere AS.

We are currently assessing all impacts.

Regards.

Former Member · ‎10-21-2009

Hi Diego,

We have a requirement wherein we need to have E recruitmtent applications in IBM Websphere Portal.I have gone through few documents and i am not clear how to move forward.Could anyone suggest some best way to achieve this.

We are in ECC 6.0 EHP4.All the E recruitment applications are Webdynpro ABAP based.

Thanks,

Anil

WolfgangJanzen · ‎10-29-2009

Anil seems to describe a different scenario than Diego:

Diego: WebSphere Application Server + SAP EP

Anil: IBM Websphere Portal + ECC 6.0 EHP4 (E-recruitment)

Former Member · ‎10-30-2009

Anu Suggestions please

Former Member · ‎11-20-2009

Hi,

I'm sorry but your scenario is different from mine and I have no suggestions to give you.

For my problem we are trying with a custom application JAVA.

WolfgangJanzen · ‎11-20-2009

>


> For my problem we are trying with a custom application JAVA.

If I have understood correctly, you will use a custom "TAM (Webseal)" JAAS login module with SAP EP.

Well, that should work.

WolfgangJanzen · ‎11-20-2009

>


> We have a requirement wherein we need to have E recruitmtent applications in IBM Websphere Portal.I have gone through few documents and i am not clear how to move forward.Could anyone suggest some best way to achieve this.
> 
> We are in ECC 6.0 EHP4.All the E recruitment applications are Webdynpro ABAP based.

In the future SAML 2.0 would offer a solution to you, but I'm afraid to tell you that in the moment there's no solution available - unless you use an additional SAP EP (like in Diego's approach) to implement a "TAM" JAAS login module and to issue a SAP logon ticket in exchange and then trigger a http redirect to the WB ABAP application. But that's an ugly hack - not a "solution".