How to verify a logon ticket using SAPSSOEXT witho...

Former Member · ‎11-20-2015

Hi,

I am trying to use SAPSSOEXT to verify a logon ticket in a Microsoft .NET environment. I have downloaded and built the C# sample code and I am using it to examine a ticket which was generated by SAP Netweaver Portal.

The sample program requires a file containing the public key with which the ticket was encrypted. For example, this could be the verify.pse file from the issuing system. However, the issuing system in this case is Netweaver 7.5 which does not have a function for exporting verify.pse.

What can I use instead of verify.pse to provide the public key?

Thanks,

Richard

Former Member · ‎11-24-2015

I actually resolved this issue myself, so for anyone who is interested, here is the answer.

The public key can be provided as an X.509 certificate (go to NWA -> Configuration -> Certificates and Keys; select TicketKeyStore; export SAPLogonTicketKeypair-cert).

This certificate can then be imported on the target machine using Certificate Manager (run certmgr from the command prompt). Then export it from Certificate Manager as a DER encoded binary X.509 file.

This file can then be passed to SAPSSOEXT with the -crt parameter.

Richard

Former Member · ‎11-24-2015

Hi Richard,

this forum is about the SAP NW SSO product. I would suggest to move this thread to the security forum, as this is the place where questions on ABAP app servers security features are usually discussed.

With regards to your question, did you have a look at sapgenpse?

You can create a pse with this command and then import the key into that pse.

Kind regards,

Patrick

How to verify a logon ticket using SAPSSOEXT without verify.pse

Accepted Solutions (0)

Answers (2)

Answers (2)

catch/handle error upload() method in SAPUI5

Connect to ABAP environment using RFC

Re: SAP BUILD deployment to production

Re: systemVars in SAP BUILD apps

SAP Datasphere test tenant ?