cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Passing of User authentication details to SAP MII Web service

Go to solution
former_member198445
Participant

on ‎03-13-2013 7:55 AM

0 Kudos

Hello there,

I have an SAP MII web service which I am sucessfully consuming in an SAP ABAP FM.

My question here is what is the best way to pass on the user credentials to the MII web service for authentication?

I do not want the user to key in his/her credentials and instead want to use a pre-defined user password combination.

One of the options here is storing these credentials in an SAP table and reading it from there as and when the service is invoked. But i am not too convinced with this approach as it seem quite nascent and insecure from the outlook.

Is there a better and secure way to achieve this?

SSO would be the ideal option but from what I have read on the forum and other places, it seems like it is not yet a possibility.

Any help on this is most welcome.

My MII version is 12.2.3 Build(179)

Regards,

Amith

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

salvatore_castro
Advisor
Advisor
‎03-13-2013 1:41 PM
0 Kudos

Amith,

Give this a try...from a web page when you call an MII Xacute Query template, be sure that Auto Bind is enabled in the Data Services -> Data Servers -> XacuteConnector, so that session properties can be automatically passed by name to the MII Transaction engine.  The SAP SSO2 ticket is among them, and if your transaction has an input property named MYSAPSSO2 of type string this cookie will be mapped to this property and can be linked to the web service Incoming links parameter called RequestProperties which is type map.

The expression should look something like this:

put(emptymap, "Cookie: ", "MYSAPSSO2=" & Transaction.MYSAPSSO2)

Sam

Show replies
Show replies
salvatore_castro
Advisor
Advisor
‎03-14-2013 6:42 PM
0 Kudos

Amith,

I was able to confirm that if you remove the "Credential Alias" parameter (leave it blank) then the cookies from the users session will be passed through to the web service and Post actions automatically (This is a fix included in 12.2 SP3).  So there is no need for the above work around as this is handled automatically behind the scenes for you.

Sam

former_member198445
Participant
‎03-24-2013 11:57 AM
0 Kudos

Thank You Salvatore.

I will try your approach and get back to this thread.

Regards, Amith

former_member198445
Participant
‎03-24-2013 12:36 PM
0 Kudos

Hi Sam,

You said " remove the "Credential Alias" parameter (leave it blank)"..

Where exactly would this apply? I am not using any JCo in my transactions...

Also, The MII web service, if I am not mistaken, would directly point to the transaction.

'http://<Host>:<port>/XMII/WSDLGen/<Path>/TrxName'.. How would having auto-bind help in the case where this WS is consumed from an ABAP program?

Regards,Amith

salvatore_castro
Advisor
Advisor
‎03-25-2013 1:58 PM
0 Kudos

Amith,

That was my mistake, I mis-read the original question as "How do I properly pass credentials from MII to an ABAP BAPI/RFC" and not "How best to consume an MII Transaction as a web servce from an ABAP system".  This was my mistake and I apologize for the confusion....onto your question now...

Since MII uses the NetWeaver UME engine you can use any of the progammatic authentication mechanisms supported by NetWeaver which are (there may be more😞

  1. Using the MYSAPSSO2 single sign-on ticket/cookie
  2. Using Basic Authentication (HTTP Request Header)
  3. Certificate Authentication
  4. Kerberos Authentication

In addition to this, MII has additional authentication mechanisms available to extend authentication beyond this and they are:

  1. In the Web Service Request XML there are parameters where you can specify the username and password
  2. In the URL of the Web Service call (HTTP Request Parameters) you can add in the following name/value pairs: &IllumLoginName=<user>&IllumLoginPassword=<password>

For an ABAP system I do not think that it is possible to generate the MYSAPSSO2 ticket as outlined in this thread (http://scn.sap.com/thread/1281246).  Since MII and Enterprise Portal are both using the NetWeaver UME for authentication the approach is the same for both products.


Sam

Answers (0)

Ask a Question