01-25-2012 10:04 AM
Hi
Does someone experiences with Single Sign-On between SAP Netweaver Portal and the Learning Management System of Cornerstone On Demand?
The options are:
- SAML: but at this moment we don't have SAML provider. Is it easy to use this with Netweaver 7.01 SP6 ?
- standard SSO : encrypted string between SAP portal and LMS: client sends encrypted string with userid...based on encryption algorithm.: Has someone developed this (java code) for SSO to an other system?
But can they use Sap Login Tickets?
Best regards
Luc
02-27-2012 7:32 PM
Hi Luc,
Is the requirement about SAML 1.1 or SAML 2.0? For SAML 2.0 you may use NW AS Java 7.2/7.3 as an identity provider to issue SAML 2.0 assertions to the LMS system. For that purpose you just need to configure the NW AS Java 7.2/7.3 system to trust the SAP Logon Tickets issued by your NW 7.01. Let me know if you need further details and I can upload some slides about the setup on SAPMats.
Regards,
Dimitar
02-27-2012 10:19 PM
Hi,
I just recently implemented SSO between SAP system and on demand solution from 3rd party provider. We didn't have any guy with Java skills so we implemented HTTP handler in SICF that generates web page with redirection to the 3rd party system. ABAP does not have a good support for various encryption algorithms so we used javascript interpreter available in ABAP AS. Portal just points to ICF service on ECC system that redirects to on demand solution. Implementation took one day. Obviously, in this case all users had to have account in ECC system.
Cheers
02-28-2012 5:10 AM
Hi Martin,
What is the SSO token that the 3rd party site accepts and which system in your case issues it? Are you able to issue SAML 1.1/2.0 assertions with a Javascript?
Regards,
Dimitar
02-28-2012 7:26 AM
Hi Dimitar,
3rd party provider required POST request to their site and one of the POST parameters was name plus time stamp encrypted with 3DES with secret key. There is no implementation of 3DES in ABAP that I know so I used javascript implementation. Of course the javascript was executed on server side.
Cheers