cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help in understanding the HttpAuthenticationLogin Module

Go to solution
amey_baisane
Participant

on ‎07-11-2012 7:49 AM

0 Kudos

Hi All,

I need to use the HttpAuthenticationLogin module in my application.

But I dont have sufficient information on this topic.

I am stuck at the creation of Http Url for authentication.

1. How to create a URL

2. How this URL does a authentication part on ECC system

3. How it reply back to the SCC or application.

4. As a SUP developer do I need to do anything on SCC (I have some information about how to set up the security configuration)

And If anyone please explain a basic flow of this authentication process that how it works.

Thanks in Advance.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-11-2012 8:25 AM
0 Kudos

Hi,

    Answer to your question 4 goes as follow:

 

In SCC create a new security configuration for example: "HTTPAuth" and then select the created "HTTPAuth" go to "Authentication" Tab and click new to add provider.Give the below settings

1.      Set the cache timeout value in seconds. The default is 3600.

2.      Click Save.

3.      Select the created SSO2Cookie security configuration navigate to Authentication tab

4.      Select the Authentication provider as “com.sybase.security.http.HTTPAuthenticationLoginModule”

5.      Select the property “SSO Cookie Name” and enter the value as “MYSAPSSO2”

         (Here "MYSAPSSO2" is the cookie given by token issuing system)

6.      Select the property “URL” and enter the gateway url

7.      Select the property “Clear Password” and select “false”

Once the above steps are done, we can create a application-id using the "HTTPAuth" security configuration .On how to use the Application-ID please go through the link http://scn.sap.com/docs/DOC-23532

Thanks,

Srikanth M

Show replies
Show replies
rohith_deraje
Advisor
Advisor
‎07-11-2012 8:59 AM
0 Kudos

In addition Srikant, this is how SSO authetication(automatic onboarding) works

1. A ticket issuing server(TIS)  exists in the landscape to validate the users and issue cookie( MYSAPSSO2 for SAP ABAP systems)

2. Gateway system Or other servers configured to accept the cookies issued by this TIS.

3. In your security configuration, provide TIS URL(Step6 in Srikant's reply)

During registration, "Username, Sec.Config, and PW" will be sent from application.  the user/password is validated against the TIS URL provided in the sec.configuration and cookie recieved is stored in server. When you request for data, server uses this cookie and logs in to gateway.

Regards

Rohith

amey_baisane
Participant
‎07-11-2012 12:58 PM
0 Kudos

Hi Srikant and Rohith,

Thanks for your immediate reply!!!!

I have few questions on your post,

1.SSO Cookie Name: this is provided by TIS as you mention,

   So in my case TIS will be my SAP system? I am using only  ECC cs system as backend and BAPI/RFC are expose from the system which I used in SUP to create MBOs

2.Any help in how this token get generate.

3. How gateway URL is generate or if you can brief me how this URL is look like?

Thanks For Your Help!!!

-Amey

Message was edited by: Amey Baisane

Former Member
‎07-11-2012 4:05 PM
0 Kudos

Hi,

  If you are using MBO approach of application development, you need not have gateway URL.

Thanks,

Srikanth M

amey_baisane
Participant
‎07-12-2012 7:09 AM
0 Kudos

Hi,

Yes, I am developing application using MBO development approach (developing MBOs from BAPI/RFC).

As per your comment, if I don't need the gateway URL then what will be the URL parameter in this case.

please suggest.

Thanks,

-Amey

amey_baisane
Participant
‎07-17-2012 11:24 AM
0 Kudos

Hi All,

Still I am not able to figure this out that how I am going to use the HttpAuthenticationLoginModule.

I will explain my scenario here,

1. I have one SAP ECC 6.0 system I am using the CS module  as backend.

2. I have SUP 2.1 install on windows server 2008

In SAP ECC system Have one table which contains the user name and password for the users.

SAP system is exposing the BAPI/RFC's

I have connected the SAP system from Syabase work space.

I am using the BAPI/RFC's  for MBO development.

From front end I am developing the application on the windows laptop.

Now I want to authenticate the user with SAP and SUP.

For SAP I am passing the "runtime parameter" from MBO while calling the BAPI/RFC's

Now for SUP I am planning to use the HttpAuthenticationLoginModuel.

But to use this I need some parameter on which I am not so much cleared.

Like,

I need one url,

So My question is,

1. From where I will get this url

I belive my SAP ABAP  team will provide me this url, But they also dont have clear idea,

So someone could tel me how this URL look like, how this URL is develop at back end?

I have found some similar post which talks about the HttpAuthenticationLoginModule.

link:- http://scn.sap.com/message/13242792

I got some helpfull reply from Srikanth and Rohith Deraje, but still have some open questions.

Please help me to accomplish this task.

Thanks in advance,

-Amey

Former Member
‎07-18-2012 3:42 AM
0 Kudos

Hi Amey,

     HttpAuthenticationLoginModule can be used for two types or authentication.

1. HTTP authentication using simple http end point.

       If you have any http url that takes user name & password and returns the https status (200 ok or error), you can configure this URL and use it as http authentication. If you want to use this as your authentication mechanism, i would say every ABAP (SAP) system will have one http url (standard ICM service called 'ping' ) that authenticates user details of that system. To find out this URL, go the SICM transaction of your SAP system and search for service name 'PING'. Take the url of this service and do a simple authentication test with the user details in the browser. If this works, you can use this URL in your security configuration. If you choose this, you don't have to use any other parameters to set in the security configuration like mentioned above.

2. SSO2Cookie authentication.

      If the organization that uses mobile application is already using SSO2Cookie mechanism, then there will be a cookie provider system for given user name and password. If you want to use SSO2Cookie for your application too, you can configure the URL of cookie provider in the security configuration.For this authentication type, you would have to use all the other parameters along with URL in the security configuration which is already mentioned above.

Best Regards,

Manne.

amey_baisane
Participant
‎07-18-2012 1:46 PM
0 Kudos

Dear Manne,

Thanks for your reply!!

I have check with my SAP ABAP team, they also find this kind of URL.

I am planning to use the first approach. I will try this and let you the result.

Thanks for your help.

-Amey

amey_baisane
Participant
‎07-26-2012 10:38 AM
0 Kudos

Dear Manne,

Finally it works!!!

Thanks for all your help and support.

Now I am planning to write a complete blog on this

Thanks,

-Amey

Vlad
Advisor
Advisor
‎07-26-2012 3:32 PM
0 Kudos

Hello Amey,

If you write the blog, would you please give us a direct link to it in this thread?

Kind regards,

Vlad

former_member189576
Explorer
‎11-08-2012 10:24 PM
0 Kudos

Can you tell me how you configured the JCO Connection Pool profile in the SCC domain?

I've cleared the Logon User and Password, but now I get an exception in the SCC log complaining that "Parameter user id is missing..."

By the way, I do not have mysapsso2 cookie configured anywhere as Manne's reply suggests this isn't necessary.  I do have the ping url configured in my security config, and my MBO package is configured to use my security config.  I'm able to login to the ping url via the browser fine.

Answers (1)

Answers (1)

Former Member
‎11-09-2012 8:25 PM
0 Kudos

Hello,

I was wondering if anyone tried using the online documentation at any point? We have SSO for SAP documented in Security using this path (starting in 2.1):

Security » Server Security » Enabling Authentication and RBAC for User Logins >> 

Single Sign-on for SAP

However, it seems like this might be a candidate for revision going forward in a future release. Has anyone used the SSO docs and commented with Sybase's Doc Comment Exchange tool on topics that may be revision candidates. When and if you do post a blog, I'd be curious to see it to see how it might inform changes on the docs side.

Cheers

Annette

Show replies
Show replies
Ask a Question