Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User wants Single Sign On (SSO) between Bar Code reader and SAP

Former Member

‎11-08-2011 3:25 PM

0 Kudos

Here is the environment and players:

>The handheld Barcode reader device - MC9090G

>OS: Windows Mobile 6.1

>Naurtech CETERM

>SAP 6.0

The login process and business functions:

the basic procedure of logging in -

1. login to barcode reader using PEAP authentication ,

2. then login to SAP,

3. then use a Parts transaction LM01 to do bar code reading

Notice items 1 and 2 - a login happens to the user twice. The user would like to do a Single Sign On to get into SAP from the Barcode Reader. What is the technology to do that?

Thank you,

Jeff

7 REPLIES 7

Former Member

‎11-08-2011 6:37 PM

0 Kudos

The question you need to be asking yourself first is whether the part of the process running in SAP is something which can be automated or redefined as a (web)service, or, whether you must authenticate the person as themselves in SAP directly (same person as the one holding the scanner)?

Second question is whether the PC terminal which the SAPGui transaction is running on is a generic terminal user or is the person logged onto their own PC terminal as themselves?

Cheers,

Julius

Former Member
In response to Former Member

‎11-08-2011 7:10 PM

0 Kudos

Hi Julius,

and thanks for responding. I have read your reply, but I do not understand your two questions. In order that I am certain you understand our situation, I will try to explain.

The only people (person) involved is one, and there is only a single device involved, the barcode reader. The transaction I mentioned appears on the barcode reader. If there is a way for this person to logon using the barcode reader to SAP, that is the goal, which will eliminate a double logon on the barcode reader.

Thank you so much again for replying, and I hope this clarifies the question I asked. I am sorry if I failed to comprehend your reply correctly.

Thank you,

Jeff

P.S. I have been reading the white paper

[White Paper on SSO|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b0d219f9-5c47-2a10-dc87-bdbb438d3be1?QuickLink=index&overridelayout=true]

also for some direction concerning this.

Former Member
In response to Former Member

‎11-08-2011 10:19 PM

0 Kudos

Ok, but does the bar code reader have a pc termnal (SAPGui?) or does it have its own display?

Is it calling a webservice in SAP or does it have a UI for an (external?) ITS?

You need to provide more infos, also about which credentials PEAP uses and might be abke to be reused.

Best case you can use SAML. Worste case you use header variables (see the document you have already found for these approaches).

Cheers,

Julius

Former Member
In response to Former Member

‎11-10-2011 12:09 PM

0 Kudos

Julius,

Greetings!

We use a user's AD credentials to log into the wireless network using PEAP. Only problem is the SAP and AD logins may not be identical.

We use CE-Term which is a Web Browser/Emulator that connects directly to SAP via an HTTP link. The link provides fields where the user can enter their ID and Password.

Thank you,

Jeff

Former Member
In response to Former Member

‎11-11-2011 7:09 AM

0 Kudos

Without SAML it will probably turn ugly if the user must login as themself in SAP to execute the url (BSP??).

An option: Use a portal url with header variables to extract the user same (you must first fix the unique user name problem) and issue a SAP Login Ticket for ECC to execute the real URL.

A better option would be to look in the SAP EcoHub for SSO solutions and ask some of the solution partners whether they support CE-term and scanners with limited display and user interaction possibilities.

If you are already using AD credentials for the scanner to authenticate in the WLAN then keep an eye out for Tim Alsop's posts as his adapter reuses Kerberos based credentials for SSO. But whether that supports BSP's from scanners I am not sure - have not seen it mentioned before.

Cheers,

Julius

mvoros
Active Contributor
In response to Former Member

‎11-11-2011 8:18 AM

0 Kudos

I assume that it uses ITS Mobile. It generates HTML pages optimezed for mobile devices for dynpro screens. This solution is common in warehouses. Of course, from authentication point of view there is no difference between ITS Mobile and BSP. The problem is that browsers on these devices are not very good so i am not sure if it can do things like Kerberos.

Cheers

tim_alsop
Active Contributor
In response to Former Member

‎11-11-2011 8:19 AM

0 Kudos 
Without SAML it will probably turn ugly if the user must login as themself in SAP to execute the url (BSP??).
> 
> If you are already using AD credentials for the scanner to authenticate in the WLAN then keep an eye out for Tim Alsop's posts as his adapter reuses Kerberos based credentials for SSO. But whether that supports BSP's from scanners I am not sure - have not seen it mentioned before.

Our Adapter product would allow any browser (on blackberry, windows mobile, android, laptop, mac, windows pc etc.) to logon to SAP BSP and get asked for AD account and password. The user won't have to remember multiple passwords since their PEAP logon and SAP logon will use same.