cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP logon ticket creation without EP/XI

Former Member

on ‎04-28-2010 1:58 PM

0 Kudos

We are trying to perform SSO from a MOSS 2007 app into a backend SAP system directly. I have seen the posts commenting "there is no DLL that creates a SAP logon ticket for you. You need an SAP NW Application Server as an ticket issuing system" but for the most part they seem to indicate using the EP as the ticket issuing system.

My question can be generically asked as - if someone is not using the EP or using XI and wishes to call a web service on a backend SAP system directly (let's just say ECC 6.0) how/where can we create a SAP logon ticket for SSO?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎04-28-2010 5:33 PM
0 Kudos

Hello,

If by SSO, you mean no user/password, one possibility would be to use a X.509 client certificate to authenticate "directly" when calling the web service.

As a consequence, the use of HTTPS would be mandatory.

Regards,

Olivier

Show replies
Show replies
Former Member
‎04-28-2010 6:42 PM
0 Kudos

My apologies, I have left one part out. In our case for SSO we would want to be authenticate against our Active Directory and then somehow create the SAP logon ticket for the web service call on the backend SAP system without prompting for credentials.

This works well with the EP in the mix but I am wondering how it works when EP or XI are not on the landscape, for example MOSS to an ECC web service using AD (same username different passwords AD->ECC). What are some of the options for that scenario?

Former Member
‎04-29-2010 9:04 AM
0 Kudos

Hi again,

I may be wrong but I think that what you want to do is not possible.

You need a JAVA stack for ADS/Kerberos SSO then create a saplogon ticket and use this ticket to athenticate when calling the ABAP web service.

This works great for an ABAP Webdynpro or BSP application because theweb browser knows how to handle the HTTP redirect from the JAVA stack. I am not aware that a web service client is able to handle redirects (but I did not try it...)

If you don't want to use a JAVA stack, I don't know any solution...

Regards,

Olivier

Former Member
‎07-28-2010 3:03 AM
0 Kudos

I'm pretty sure that there is an option which does allow you to use an LDAP service to authenticate users for an ABAP stack. I've only ever played with the AD/Java Portal configuration and then SSO/ticket login to the ABAP back end so I can't offer specific "how to" insights.

I can recommend the SDN Collaboration Workspace for a differently written perspective - https://cw.sdn.sap.com/cw/docs/DOC-105943

Ask a Question