cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Portal SSO Web Dynpro ABAP

Go to solution
gerardoperez
Explorer

on ‎06-19-2014 9:43 PM

0 Kudos

Hello,

We have implemented a long time ago, Portal 7.0 SSO and AD and it works perfect.

Now, we implemented the first web dynpro abap, with most users, wda application works fine, but for some users to access the same window will appear loguin.

In SAP, we set the parameters:

login/create_sso2_ticket = 2

login / password_change_for_SSO = 0

If the user with the problem, uses another PC, it can access the application normally. We imagine it's some configuration of PC or Internet Explorer.

Anyone ever happened something similar?

We can help us solve this problem.

Regards,

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-19-2014 10:49 PM
0 Kudos

Logon Tickets require cookies to be enabled. Make sure the SAP systems are included in a Security Zone that allows cookies, e.g. Intranet or Trusted. Also make sure you are always accessing Web Dynpro applications using the fully qualified hostname, e.g. host.company.com not just host.

Show replies
Show replies
gerardoperez
Explorer
‎06-23-2014 8:05 PM
0 Kudos

Thanks Samuli,

We tried it with your comments and continue with the same error.

Can it be that the problem is related to the cookie MYSAPSSO2?

Regards,

Former Member
‎06-23-2014 9:18 PM
0 Kudos

Have you tried it the other way meaning on a PC where the problem occurs, does it occur for users who normally don't see the problem? This way you can narrow it down further. If the problem is indeed with the PC, you should ask your technical support to look into it, the configuration of the PCs must be incorrect. That said I would use Fiddler, HttpFox or HTTPwatch to record the HTTP requests and responses (incl. cookies) for both positive and negative tests. Also, although you mentioned that users having problems do not have problems on other computers, double check that the user type is set to Dialog otherwise logon tickets won't work. Also see SAP note 1257108 on analyzing SSO problems.

gerardoperez
Explorer
‎06-24-2014 6:06 PM
0 Kudos

Samuli,

Investigating the error, we see that when entering Portal a cookie is generated and when it enters the wda other cookie is generated?

Is this normal or should always use a single cookie?

Regards,

Former Member
‎06-24-2014 8:56 PM
0 Kudos

Portal issues a cookied called MYSAPSSO2, AS ABAP on the other hand issues a cookie called SAP_SESSIONID_<SID>_<CLIENT>. That is normal behavior, the latter is because of the AS ABAP HTTP Security Session Management. If those aren't the cookies your are seeing, share the details including what issued them, when, their names and first few characters of their values. With the instance profile parameter login/create_sso2_ticket having a value of 2, AS ABAP will also issue Logon Tickets but only for requests originating from it. I have a similar setup and it works.

gerardoperez
Explorer
‎06-30-2014 1:45 AM
0 Kudos

We solve the problem by adding an exception proxy.

Portal is accessed by a dns (http://name), the solution we found is to add the exception of proxy (http://name.com) and it works perfect.

Thank you very much,

Regards,

Answers (0)

Ask a Question