03-29-2010 5:11 PM
Dear Experts,
At our client we are planning to implement an SSO solution for accessing a particular BSP page.
I found some information about the possibility to u201Credirectu201D the BSP page for authentication to a Java stack using the JAAS there. As we are already successfully using authentication via Header variable I would like to know if it is possible to include the header variable from the HTTP request for the BSP page in the redirect call?
So that process would look like this:
- User authenticates against the companies LDAP
- User is then forwarded to the BSP page (including the header variable in the HTTP request)
- BSP page redirects the request (including the header variable) to the Java system for receiving the SAP LogonTicket (via the HeaderVariableLoginModule)
- Request is returned to BSP page with proper SAP LogonTicket
Does anyone have experience with this setup? Is this doable? If not, what would be a good approach for this situation?
Appreciate any comments!
Thanks a lot,
Jan
03-29-2010 8:33 PM
That sounds like a long and error prone route to take. Imagine troubleshooting someone else's invention along the same lines?
What does this BSP do? Is end-user authentication needed?
> If not, what would be a good approach for this situation?
A ICF web service call created from an ABAP FM would be an alternative.
Cheers,
Julius
03-29-2010 8:37 PM
Jan,
Any authentication method supported by the Java stack can be used with a BSP application, if you use redirection. The BSP app in SICF would be configured to redirect when no SSO2 ticket is recevied. This would cause the redirection. After the Javs stack has authenticated the user and issued an SSO2 ticket, you can redirect back to the ABAP stack, to the original URL, where the BSP applicaiton resides - this time the redirect will not occur because the SSO2 ticket will be sent by browser.
The above approach is widely used and easy.
Thanks,
Tim
03-30-2010 10:27 AM
Thanks for the responses.
The business case behind this is to call an "Approval" BSP via mobile devices. So this requires end-user athentication as the objects to approve are user-related. Otherwise we would have used a "technical user" for this BSP.
Tim,
Do you happen to know for sure that the Header variable, which is included in the initial HTTP request, will also be forwarded in the redirect mechanism?
Thanks,
Jan
03-30-2010 6:14 PM
>
> Tim,
> Do you happen to know for sure that the Header variable, which is included in the initial HTTP request, will also be forwarded in the redirect mechanism?
yes, it is.
>
> Thanks,
> Jan