cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[Authentication] Call ABAP Integrated ITS from .Net application

Go to solution
guillaume-hrc
Active Contributor

on ‎09-04-2009 8:51 AM

0 Kudos

Hi,

Here is the scenario I am facing:

I have a .Net application to which I logged based on LDAP.

I would like to call - at the user's requests - a SAP screen by leveraging the ABAP Integrated ITS on ECC.

Since I have a Kerberos Ticket, I would like to use SPNego and a NW Java stack in order to "convert" this Kerberos ticket into a SAP Logon Ticket and access the ABAP stack.

My idea was to use the Logon Error Pages from ICF service webgui (Integrated ITS on ABAP stack) in order to redirect to the Java stack, get the SAP Logon Ticket, and then go back to authenticate on the ABAP.

Does this seem a relevant scenario to you, experts ?

I have been pointed to this resource : where the SAP .Net Connector is used to grab the SAP Logon Ticket.

string ticket = SAP.Connector.SAPConnection.GetSAPSSOTicket(connStr, 2);

Could you please help me putting all this together ?

In my opinion, either you do it from the .Net side or from the ABAP side:

- on the .Net side: should I test the existence of the SAP Logon Ticket and then - if necessary - use the above code to retrieve a SAP Logon Ticket while passing the Kerberos Ticket

- on the ABAP side: the redirection would be sufficient? How will I be able to go back from the Java stack once the SAP Logon Ticket is obtained ?

Thanks in advance for your help.

Best regards,

Guillaume

Edited by: Guillaume Garcia on Sep 4, 2009 9:54 AM

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎09-04-2009 9:27 AM
0 Kudos

Hi Guillame,

I wouldn't go for a solution that is based on the .NET connector since it is a deprecated solution (see SAP Note "SAP NCO Release and Support Strategy", SAP Note Number: 856863). In addition it requires to install run time components on the user's frontend.

Using the Logon Error Pages from ICF service webgui (Integrated ITS on ABAP stack) in order to redirect to the Java stack, get the SAP Logon Ticket, and then go back to authenticate on the ABAP is a solution if we are talking about a dual stack installation where both stacks are running on one server due to security aspects.

Did you also had a look at my virtual SAP TechEd session regarding autoenrollment of X.509 certificates ?

SIM208 SSO for SAP NetWeaver Leveraging X.509 Certificate Auto Enrollment in Microsoft Active Direct...

This way you could achieve SSO at the Integrated ITS on the ABAP stack out of the box since X.509 certificates are a supported authentication method.

Best regards,

André

Show replies
Show replies
Former Member
‎05-15-2010 1:51 AM
0 Kudos

Guillame,

Have you attempted the recommendation below? Andre, is the SIM208 session available in electronic format? We are struggling with implementing SSO through NWBC with a dual stack where both stacks are on same server. We are close and have maybe all the pieces but cannot put the puzzle together. Any help would be greatly appreciated. My contact information is below.

Thanks,

Mark

910-228-1697

Hi Guillame,

I wouldn't go for a solution that is based on the .NET connector since it is a deprecated solution (see SAP Note "SAP NCO Release and Support Strategy", SAP Note Number: 856863). In addition it requires to install run time components on the user's frontend.

Using the Logon Error Pages from ICF service webgui (Integrated ITS on ABAP stack) in order to redirect to the Java stack, get the SAP Logon Ticket, and then go back to authenticate on the ABAP is a solution if we are talking about a dual stack installation where both stacks are running on one server due to security aspects.

Did you also had a look at my virtual SAP TechEd session regarding autoenrollment of X.509 certificates ?

SIM208 SSO for SAP NetWeaver Leveraging X.509 Certificate Auto Enrollment in Microsoft Active Directory

This way you could achieve SSO at the Integrated ITS on the ABAP stack out of the box since X.509 certificates are a supported authentication method.

Best regards,

André

Former Member
‎05-15-2010 1:54 AM
0 Kudos

Guillame,

Have you attempted the recommendation below? Andre, is the SIM208 session available in electronic format? We are struggling with implementing SSO through NWBC with a dual stack where both stacks are on same server. We are close and have maybe all the pieces but cannot put the puzzle together. Any help would be greatly appreciated. My contact information is below.

Thanks,

Mark

910-228-1697

Hi Guillame,

I wouldn't go for a solution that is based on the .NET connector since it is a deprecated solution (see SAP Note "SAP NCO Release and Support Strategy", SAP Note Number: 856863). In addition it requires to install run time components on the user's frontend.

Using the Logon Error Pages from ICF service webgui (Integrated ITS on ABAP stack) in order to redirect to the Java stack, get the SAP Logon Ticket, and then go back to authenticate on the ABAP is a solution if we are talking about a dual stack installation where both stacks are running on one server due to security aspects.

Did you also had a look at my virtual SAP TechEd session regarding autoenrollment of X.509 certificates ?

SIM208 SSO for SAP NetWeaver Leveraging X.509 Certificate Auto Enrollment in Microsoft Active Directory

This way you could achieve SSO at the Integrated ITS on the ABAP stack out of the box since X.509 certificates are a supported authentication method.

Best regards,

André

Answers (0)

Ask a Question