Hello all,

we have an EP 7.00 (SP 22) which can be accessed using the following (faked) fully qualified URL:

https://host.sd1.sd2.mycompany.de:[HTTPS-port]/irj/portal

When logging on to the portal with username and password, the portal issues a logon ticket. In the browser, I can see the MYSAPSSO2 cookie and it is for the following domain:

.sd1.sd2.mycompany.de

From the portal, we call some BI report applications, which run on WebFocus. The WebFocus server is in the following domain:

.sd3.sd4.mycompany.de

Single sign-on does not work. It only works, if we modify the domain of the MYSAPSSO2 cookie (this we achieved with a firefox-addon) and "cut off" the two subdomains .sd3.sd4

My question: is it possible, to configure the portal in such a way, that the MYSAPSSO2 cookie is issued for domain

.mycompany.de ?

I have read some hints on domain relaxing. But I am not sure, if setting the parameter ume.logon.security.relax_domain.level would help us. If I understood it correctly, we would need to set the value to 3.

Best regards,

Philipp Hinnah