- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- SAP AS JAVA Cross domain SSO
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SAP AS JAVA Cross domain SSO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2011 11:19 AM
Hello Experts,
On the one side I have a website (A) with the ability to authenticate users which also allows them to do some password self service in the event of forgotten passwords and such. On the other side I have a SAP CRM Java Web Shop deployment where I want to reuse websites (A) authentication processes in the SAP CRM Java Web Shop so that if a user authenticates against website (A) they are trusted by SAP CRM Java Web Shop and authenticated.
What I donu2019t know is how to do this for websites in different domains and hosted by physically different parties.
Is it possible to link the external authentication process to the SAP AS JAVA system via a SSO configuration supported by SAP.
Your help will be greatly appreciated.
Regards
Willem
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2011 11:44 AM
Hi,
Here are 2 possible ideas as workaround :
If the last part of the 2 domains is the same, you can use Domain Relaxing ( ume.logon.security.relax_domain.level in Visual Admin). For exemple; 1rst FQDN is websiteA.townA.company.com and 2nd FQDN is crm.townB.company.com, you would have to use ume.logon.security.relax_domain.level = 2)
You can install a Reverse Proxy (SAP Web Dispatcher for exemple ) for one system in the domain of the other system.
So URL wise, the 2 systems will be in the same domain and the SAP Logon Ticket cookie will work for SSO.
Regards,
Olivier
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2011 11:44 AM
Hi,
Here are 2 possible ideas as workaround :
If the last part of the 2 domains is the same, you can use Domain Relaxing ( ume.logon.security.relax_domain.level in Visual Admin). For exemple; 1rst FQDN is websiteA.townA.company.com and 2nd FQDN is crm.townB.company.com, you would have to use ume.logon.security.relax_domain.level = 2)
You can install a Reverse Proxy (SAP Web Dispatcher for exemple ) for one system in the domain of the other system.
So URL wise, the 2 systems will be in the same domain and the SAP Logon Ticket cookie will work for SSO.
Regards,
Olivier
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2011 3:45 PM
Hi,
You may want to check the option of using SAML 2.0 authentication in case both parties support it. With SAML 2.0 you do not need systems to be in the same domain.
AS Java supports SAML 2.0 from 7.20.
[Single Sign-On with SAML 2.0 wiki page|http://wiki.sdn.sap.com/wiki/display/Security/SingleSign-OnwithSAML2.0]
Regards,
Desislava
Edited by: Desislava Petkova on Aug 29, 2011 4:45 PM
- SAP Managed Tags:
- Security
