cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enterprise Portal to accept Logon Tickets other then SAP

Go to solution
Former Member

on ‎03-02-2005 12:47 PM

0 Kudos

I have a .NET application which creates a custom(NOT SAP)logon ticket to enable single sign on for other .NET app's. Now we are implementing SAP CRM system and would like to have a link to the Enterprise portal transactions (Like Integrated Internet Sales, ICSS etc) from our .NET app's. My question is - How can we enable EP to accept the .NET generated logon ticket? Any guidance, thoughts will be appreciated.

On the other hand, when a .NET application is called from EP, then by using the SAPSECU.dll files, we were able to read the SAP logon ticket. This works fine. The problem is when we try to call an EP CRM transaction.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

reiner_hille-doering
Active Contributor
‎03-08-2005 8:29 AM
0 Kudos

What you plan to do it a matter of trust, because in your case the portal would need to trust your external authentication authority. I'm not a portal expert and thus don't know if EP has pluggable logon providers that would allow you to establish this kind of trust. However, what you can allways to, it to create a logon information that the portal will accept:

- Take your private logon ticket and create a valid MYSAPSSO2 ticket from it. You can use any RFC-based technology for it, e.g. SAP .NET Connector. Of cause you need to somehow make sure that the SAP server will accept your private logon ticket. This can be achieved by a trusted SNC connection between SAP .NET Connector and SAP Server and a user-defined "External User ID" mapping.

- Use your private logon ticket to do a (Kerberos or NTLM) Windows Authentication, even without a password. You might need to use techniques like "KerbS4ULogon" using WindowsIdentity class or LsaLogonUser function, that are also used in SAP "SSO to Kerberos mapping filter". Once you are logged on to Windows, you can also logon to Portal using the IISProxy ISAPI module.

- Use your private logon ticket to assign valid X.509 certificate to the request.

Show replies
Show replies
Former Member
‎03-08-2005 6:51 PM
0 Kudos

Thank you Reiner. I'll try to implement the suggestions.

gregorw
Active Contributor
‎02-22-2007 8:45 PM
0 Kudos

Hello Suresh,

you can have a look on my Blog: <a href="/people/gregor.wolf3/blog/2006/09/30/single-sign-on-with-external-id-implemented-in-ruby">Single Sign On with External ID implemented in Ruby</a> how to get a SSO Ticket from SAP with an External ID.

Regards

Gregor

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎02-22-2007 9:51 PM
0 Kudos

Hello Suresh,

another option might be using the mechanism I described in my blog

<a href="/people/andre.fischer/blog/2006/11/05/single-sign-on-of-windows-based-web-service-clients-using-sap-logon-tickets Sign-On of Windows-based Web Service Clients using SAP Logon Tickets</a>.

If you don't want to use Windows Integrated Authentication you can use other login methods as Reiner has described.

One that is part of the standard would be a http header based authentication.

Best regards,

Andre

Answers (0)

Ask a Question