Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SSO between NetWeaver Portals with FPN - consuming WebDynpro Applications.

Former Member
0 Kudos

Hi,

We are not beeing able to configure Single Sign-On between our NetWeaver portals, and we are in need of some help to figure out what we are missing.

Our goal

We need to configure single user authentication between a NetWeaver Portal 7.0 and the WebDynpro applications executing in a CE 7.2. In other words, if the user is already logged in the Portal, his authentication on the CE/WebDynpro will be handled by configuration.

Scenario

We have a Portal 7.0 and CE 7.2. Both portals are already configured in a FPN within the same domain. The FPN is working well, and we are able to acess WebDynpro provided by the producer, if we are logged into both portals. But if we are only logged on the Portal 7.0, the consumed WebDynpro from the producer fails with the following error:

Failed to load the object: pcd:consumer_content/com.sap.portal.fpnGuestUserIview with user Guest 
[EXCEPTION]
com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): consumer_content/com.sap.portal.fpnGuestUserIview)

Configuration

After we configured the FPN between the portals, we followed SAP documentation to configure SSO:

1. We exchanged the portal 7.0 certificate with success to the 7.2 environment (We tested it on the option "Check against issuing system" within the "Trusted Systems" service)

[http://help.sap.com/saphelp_nw70/helpdata/en/43/2235260b413fe1e10000000a11466f/content.htm]

2. We also made the configurations in the stack to accept logon tickets

[http://help.sap.com/saphelp_nw70/helpdata/en/aa/bf503e1dac5b46e10000000a114084/content.htm]

All our applications have the "ticket" configuration to authenticate, which is also a subject of the link above.

After that configuration the single sign-on did not work. As we are doing a review on the documentation, we would like to ask some help if anyone have already configured single sign-on between netweaver portals. We are going to keep this thread updated if we make any kind of progress, and also ask me if I missed some information in the post.

Any help will be very appreciated!

3 REPLIES 3

Former Member
0 Kudos

We found out that the MYSAPSSO2 cookie is beeing generated after the login into the Portal, but when we try to open a WebDynpro copied from a producer, it is not beeing send in the request message that is received by the producer.

We also checked the following procedure:

[http://help.sap.com/saphelp_nw70/helpdata/en/89/6eb8e7af2f11d5993700508b6b8b11/content.htm]

The application still not authenticating, falling on the same exception reported on the opening post.

Former Member
0 Kudos

We found out the problem. The configuration was correct but we wasnt calling the machines from the same domain, and it seems that tickets are not send to destinations that are not in the domain of the origin (issuing) system.

0 Kudos

Hi,

FYI, that's a security feature of your browser. For example you don't want expose a cookie from one domain to another (e.g. Google to Yahoo).

Cheers