cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO ticket

Former Member

on ‎02-08-2010 6:55 AM

0 Kudos

Hi,

I would like to know , till how much time SSO ticket generated in STRUSTSSO2 is valid? I tried to search in sdn but did not get this information.

I know for Web AS Java (eg portal scenario) ticket generated is valid for 8 hrs (by default) and it is possible to change this value.

How is it for ticket generated in R/3 ? Can we set custom value for its validity (say 2 Hrs)?

Regards,

Apurva

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

hofmann
Active Contributor
‎02-08-2010 12:47 PM
0 Kudos

Hi,

the ticket you import into SSOTRUST2 is the server ticket. This ticket is issued by a PKI to a server and is basically a server SSL certificate. This ticket is used to identifify the server. The lifetime of this ticket is defined by the PKI and can range several years.

The portal ticket you're referring to is the logon ticket. This ticket is issued to a user and is different from the server ticket. The logon ticket gets issued from the Java server and can therefore be verified by the other systems where the server certificate is imported (trust).

br,

Tobias

Show replies
Show replies
Former Member
‎02-08-2010 12:57 PM
0 Kudos

Hi Tobias,

Thanks for your reply.

I am setting up connection between BW ABAP and EP Java system. I have exchanged certificates between systems.

So, in this scenario logon tickets will be exchanged between systems for authentication. I know that logon ticket generated EP(Java) is by default valid for 8 hours. I wanted to know logon ticket generated by BW(ABAP) is valid for how much time ?

Regards,

Apurva

hofmann
Active Contributor
‎02-08-2010 1:40 PM
0 Kudos

Hi Apurva,

after you created a trust between the 2 systems, your BI systems trust the portal. This means, that the portal user can access the BI system from the portal as long as the logon ticket from the portal is valid. After the portal logon ticket is invalidaded, the user cannot access anymore the BI system.

As the BI system accepts the portal logon ticket and won't issue a proprietary one, you control the BI logon ticket via the portal logon ticket. Therefor, to enforce a logon time of, let's say, 2 hours, you'll have to configure the portal logon ticket to a life time of 2 hours.

br,

Tobias

Former Member
‎02-08-2010 1:46 PM
0 Kudos

Hi,

Displaying BW content in EP (JAVA calling ABAP) is working fine.

However, we are facing SSO problem on other side , i.e, while accessing portal content from BW (i,e ABAP calling JAVA).

Hence, I wanted to check lifetime of logon ticket generated by BW.

Regards,

Apurva

hofmann
Active Contributor
‎02-08-2010 5:04 PM
0 Kudos

Hi Apurva,

in a portal <-> BEx/BI setup normally you only have 1 ticket issuing system, and that is normally the portal. You can configure your J2EE server to accept or issue a logon ticket. If the logon ticket of the BI Java isn't accepted from your portal, you can try to configure the portal to accept the BI logon ticket: http://help.sap.com/saphelp_nw04s/Helpdata/EN/94/f2503ede925441e10000000a114084/content.htm

If you are talking about ABAP acessing Java and the SSO isn't working: try to configure the ABAP system to issue a logon ticket (not sure if this will work): http://help.sap.com/saphelp_nw04s/Helpdata/EN/61/42897de269cf44b35f9395978cc9cb/content.htm

br,

Tobias

Ask a Question