cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Webseal - SAP EP - SSO Issue

Former Member

on ‎01-20-2012 9:37 PM

0 Kudos

We are using Web seal to SSO into SAP Portal. We have SAP - Employee Self Service rolled out to 60K employees in 70 countries.

Our architeture is

Custom Application (Java) -> WebSeal -> SAP Portal

User logs inot Custom App with his user ID and Password and he is taken to SAP Portal via Webseal

Occasionally we face an issue what When user Logs in, he sees details of a another user. They dont share machine, they dont share department, infact they are not even in the same state.

Some of the logs we analysed, both of them has been using application at the same time.

We suspect that some of the session is getting mixed up which is resulting in user X seeing data for User Y.

We have removed all sessions / cookies on log off.

Have anyone faced similar issue with webseal and SAP Portal? Any pointers?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-20-2012 10:57 PM
0 Kudos

Check this document section 3.4

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/ad84a55a-0601-0010-749b-85476a903...

Configure UWL to pass the sso cookies to a webseal web application.

Configure the link from EP to a webseal URL that is junctioned to a J2ee application running on the EP system. That URL must be defined as a "trigger URI" in the webseal configuration. You may have to pass the SSO ticket to the j2ee application as a URL query parameter [unnecessary if it shows up as a cookie, which depends on configuration, as I recall), as well as the URL that you want to finally end up at. Passing the SSO ticket is easily done if you generate the link with AppIntegrator.

j2ee application looks at the SSO ticket (from the cookie or query parameter), and determines if it is valid. If so, it returns the credentials and final URI (gotten from a query parameter) to webseal in headers. The default header for the userid would be am-fim-eai-user-id, and the URI to redirect the user to would be returned in the am-eai-redir-url header.

- webseal receives the am-fim-eai-user-id and am-eai-redir-url headers, logs the person into webseal using the userid found in the am-fim-eai-user-id header, then redirects the user's browser to the URI that was found in the am-eai-redir-url header.

Regards,

Arjun

Show replies
Show replies
Ask a Question