cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

xMII Integration and SSO

Former Member

on ‎11-12-2007 8:47 AM

0 Kudos

Hi,

I plan to test this a bit more but in the interim.......

We currently use SSO (single sign on) within SAP EP (enterprise portal) and connected to LDAP (active directory) which works fine for standard iViews. But in an integration perspective, when a 3rd party application connects via SOAP (eg: WebDynPro or SQL Reporting Services) I'm not sure if SSO will work?

There would need to be some way for xMII to interrogate the incoming request for SSO ticket & user name, and authenticate then authorise accordingly.

If the client application (eg: WebDynPro) could pass the SSO ticket, is it possible to use SSO? I recall a variable called MySSO2 or something like that?

However, if we could set such a variable, does it apply only to a call via the Runner? And hence are XacuteLoginName and XacuteLoginPassword then not required?

Thanks

Kevin.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

jcgood25
Active Contributor
‎11-12-2007 9:43 AM
0 Kudos

Kevin,

The SSO property you are looking for is called "SAPSSO2Ticket" and you'll see this in the JCO Start Session and JCO Interface action blocks, as well as a few others (you can search the help for this string). If your XacuteConnector data server has AutoBinding enabled then simply naming a string transaction input property the same as the session parameter name ("/Lighthammer/PropertyAccessServlet?Mode=List" is a good way to see the named entities in the session) it makes it almost a no brainer to get this into a give TRX and linked to the action block, however, therein lies the problem - calling Runner directly via URL will still require XacuteLoginName/XacuteLoginPassword, unless you use the InputParameter=Value approach to getting the ticket into the request. Using the Xacute query route the session to input auto binding into your TRX is done for you automatically, but with direct Runner calls you need to handle more programmatically.

Regards,

Jeremy

Show replies
Show replies
Former Member
‎11-14-2007 8:48 PM
0 Kudos

Thanks Jeremy,

I don't need auto-binding since I actually don't need to "link" the session variable to anything in the transaction. For example, I just have a standard SQL query at the end of the day (OK, via a transaction perhaps but it's not required to link the value for SSO ticket). On other words, I want to use SSO "from" a SAP system not "to" a SAP system.

So, to use SSO in this sense, we have;

Option 1: Xacute Query via URL + SAPSSO2Ticket=<myTicket>

or

Option 2: Runner via URL + ????

I'm a bit confused on the Runner option, since the ticket contains some encrypted form of the user name doesn't it (no password), and the xMII server is loaded with a valid SSO certificate that can "decrypt" then extract the user name from that ticket (hence providing authentication). So would we still need XacuteLoginName/XacuteLoginPassword in the URL when using Runner?

Regards

Kevin.

jcgood25
Active Contributor
‎11-15-2007 1:24 PM
0 Kudos

Assuming you have the verify.der file imported into a certificate in LHSecurity from Enterprise Portal or other SAP origination, since LHSecurity will do the extraction from the ticket to find the user name and auto-log your request into xMII you shouldn't need to append credentials. This should work with either Runner or Illuminator calls, but I would recommend using the standard query template route, leveraging the XacuteConnector, which would also benefit you from the AutoBinding aspect if you needed to use session variables inside your BLS TRX, like IllumLoginName, etc.

Regards,

Jeremy

Ask a Question