Hello,

i am developing a java webservice which successfully accepts calls via SAP SSO ticket to authenticate the caller using the login information of the SAP portal. So currently it works to access the webservice without a seperate login.

The webservice is based on the BO java sdk and connects with a hardcoded user/password-combination with a secEnterpriseSession to the BO-server. The goal is now to replace the hardcoded user data with some kind of SSO functionality.

The BO-server infoview correctly accepts login data from the SAP Portal (secSAPR3) (the same a user authenticates with at the webservice).

Now i dont have a clue about solving this "problem" at the most smart way. The user is authenticated at the webservice with the same login data that the webservice should use to call into the BO-server.

Can i somehow take the received token and just use it for the BO-portal? Or do i have to create a 2nd token somwhow to authenticate the webservice against the BO-server?