cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

web service single sign on with windows

Go to solution
Former Member

on ‎04-19-2005 3:33 PM

0 Kudos

Hi all,

We are working on a demo project in which we want to implement Service oriented architecture (SOA) with Single sign on (SSO). Chalange here is to use same login credentials which is used during Logon to the windows domain for accessing any web service in SOA.

We were able to configure WAS to use LDAP for UME. on this WAS we have created two web service that uses SAP Logon ticket so that once user Application gets SAP Logon ticket he can access any of the webservice using that ticket.

I am looking forward to the technology like NTLM,.net connector,Kerberos, SAP Logon tickets etc.

can any one provide input for this.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

martijndeboer
Advisor
Advisor
‎04-20-2005 11:03 AM
0 Kudos

Hi,

Besides SAP Logon tickets, one can use Kerberos for authentication on the J2EE server. This is only on the web service provider side - not for web service clients.

There are two options for doing this:

1) Use the IIS as a intermediate server with the iisproxy module (search for iisproxy in help.sap.com or see http://help.sap.com/saphelp_nw04/helpdata/en/7c/0db4a6ea7840f79b60d9ec92bdfc10/frameset.htm). The IIS is capable of doing kerberos authentication and forward the information to the J2EE engine.

2) There is a JAAS login module available as a custom solution. This allows direct authentication to the J2EE engine using kerberos authentication without an iisproxy module. Contact Michael Sambeth for that ( firstname.lastname@sap.com)

Using approach 1) I wrote a .Net client that authenticates at the IIS and forwards the authentication to the J2EE engine to obtain a SAP Logon Ticket.

The .Net code I used was:

using System;
using System.Web;
using System.IO;
using System.Net;
using System.Text;
		[STAThread]
		static void Main(string[] args) 
		{
			HttpWebRequest  myWebRequest=(HttpWebRequest)WebRequest.Create("http://iis:8080/myTest");
			myWebRequest.PreAuthenticate=true;

			// Set NTLM for authentication
			myWebRequest.Credentials=System.Net.CredentialCache.DefaultCredentials;
			//A user agent is needed
			myWebRequest.UserAgent = ".Net";
			// Assign the response object of 'WebRequest' to a 'WebResponse' variable.
			try
			{
				WebResponse myWebResponse=myWebRequest.GetResponse();
			
				byte[] data = new byte[myWebResponse.ContentLength];
				myWebResponse.GetResponseStream().Read(data,0,(int)myWebResponse.ContentLength);
				

				string concatenatedCookies = myWebResponse.Headers.Get("Set-Cookie");
							}
			catch(System.Net.WebException ex)
			{
				Console.WriteLine("Caught exception:"+ex);
			}
}

Best Regards,

Martijn

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎07-11-2007 10:33 PM
0 Kudos

Hi Martin,

I have a requirement where i have to do a single sign on into SAP portal from other web application.

for example User logs into the client website and in the clients website there is a link called benefits for employees. When a user clicks on that link i should log him into the portal with out any authetication showing him the ESS benefits page.

The users of the client web site are stored in a MS-SQL DB.We have asked them to create a MS active directory for them.

Can you give any inputs for this?

Thanks

Sushanth.

Show replies
Show replies
Ask a Question