cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

enable Single Sign on authentication in webdynpro

Former Member

on ‎04-13-2004 8:37 AM

0 Kudos

Hi,

How to enable Single Sign on authentication in webdynpro.

Example: When we open intranet.sap.com, then the browser will automatically detects SSO (if user already logged into SSO) and opens the page.

In the similar way to enable SSO for webdynpro.

For this do we need to dowload java cryptographic toolkit ? If so how to download ?

Regards

AnilKumar

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-17-2005 12:16 PM
0 Kudos

Hi Anil,

Were you able to use the SSO, as described below?? I want to implement similar functionality.

Regards,

Rahul

> Hi,

>

> How to enable Single Sign on authentication in

> webdynpro.

>

> Example: When we open intranet.sap.com, then the

> browser will automatically detects SSO (if user

> already logged into SSO) and opens the page.

> In the similar way to enable SSO for webdynpro.

>

> For this do we need to dowload java cryptographic

> toolkit ? If so how to download ?

>

>

> Regards

> AnilKumar

Show replies
Show replies
Former Member
‎04-14-2004 12:11 PM
0 Kudos

Hi AnilKumar,

I know that a colleague of mine works on a documentation which exactly describes your need. Unfortunately it is vacation time in Germany because of Eastern. I will come back to you as soon as I have more information.

Best regards,

Karin

Show replies
Show replies
Former Member
‎04-14-2004 8:26 PM
0 Kudos

Karin,

I also would be interested in what you find out.

Thanks

Former Member
‎05-06-2004 2:35 PM
0 Kudos

Hi All,

In a complex system landscape with several components, the only way of guaranteeing SSO between all the components is to use the SAP logon ticket.

When setting up SSO with logon tickets, you need to identify one system as the ticket issuer. After a user logs on to a system using a supported authentication mechanism, the system issues the user a SAP logon ticket. We recommend that you identify one system in your system landscape as the ticket-issuing system and configure all other systems to accept tickets from this system. For example, if you have a portal in your system landscape, you could define this system to be the ticket-issuing system and, as a result, users would have to access all applications and services through the portal to ensure Single Sign-On.

Once you have defined one system to be the ticket-issuing system, you can configure all other components in the system landscape to accept tickets from this system.

In order to get you the right information, I would need to know the system, which is the ticket issuer (Web AS ABAP, Web AS Java, EP) and the system, which is the ticket acceptor. Then I can give you some more information, how to configure the systems.

Best regards,

Karin

Former Member
‎05-06-2004 3:14 PM
0 Kudos

Hi Karin,

this is almost what i need.

My application consists of two parts (bsp and web dynpro), that are embedded in the portal (EP60SP3Patch1) as iViews.

So how do I enable SSO for them?

More of all, how can my webdynpro-application determine the username (String) of the currently logged portal user?(the portal user that is calling the wd-application in that iView)

hideyuki_amari
Explorer
‎05-11-2004 7:28 AM
0 Kudos

Hello Hristo,

To enable SSO for BSP and Web Dynpro, you have to configure these to accept SAP Logon Ticket from your portal(EP60SP3Patch1).

And also you have to set EP iView's user administration property to "access via SSO".

<i>*For Web Dynpro</i>

To enable SSO for Web Dynpro runs on another J2EE Engine of portal, import your portal ticket into Web Dynpro's J2EE Engine.

How to document is here.

<b>Configuring the J2EE Engine to Accept Logon Tickets</b>

http://help.sap.com/saphelp_nw04/helpdata/en/94/f2503ede925441e10000000a114084/frameset.htm

<i>*For BSP</i>

To enable SSO for BSP apps, import your portal ticket into WebAS ABAP using transaction STRUSTSSO2.

1. Export your portal's SAPLogonTicketKeypair-cert as "verity.der" from EP's System page. (Or use Visual Administrator and open keystorage service and choose ticketkeystore. Then export SAPLogonTicketKeypair-cert

2. Access BSP system and open STRUSTSSO2 and import your verity.der. And add this to ACL. When name and client input is requested by STRUSTSSO2, use SID(your portal SID) and client 000.

For more detail, see EP online help.

Is this helpful?

Former Member
‎05-12-2004 10:13 AM
0 Kudos

Hey Hideyuki,

thank you!

Its a step forward, but I should have explained it better (if was only half true), sorry.

Problem 1:

The WebDynpro runs on the same server. The BSP SSO works only for the first log in. When I log out, log in as someone without permissions, log out and then log in as the first user again: The SSO connection isnt build and I get the username/password prompt.

(I configured it like you said, with Portal System ID as found on "System Administration" > "System Configuration" > "Portal Licensing" ???)

Problem 2:

I have a WebDynpro application that access R/3 through JCo.

The WebDynpro shows user-id sensitive information which is gattered from R/3 through JCo's RFC.

Now, I would like to build a <b>direct</b> JCo connection using the user data (username, password) from the portal log-in. The portal log-in itself is/(should be) the same as the R/3 one.

It might be pretty straight forward, but i just cant figure it out.

I've tried something like:

WDClientUser.getCurrentUser().getSAPUser().getUserAccounts()[0].getLogonUid()

but when I log in, log out and then log in as a different user, I get for both user the same user-id (the id of the first logged-in user).

Is there somewhere a timeout for this?

appreciate your help!

Regards,

Hristo

hideyuki_amari
Explorer
‎05-13-2004 9:49 AM
0 Kudos

Hello Hristo,

<b>**for BSP and Problem 1 ***</b>

Do you know how to configure ABAP system to accept SSO ticket? If no, please refer the help below:

http://help.sap.com/saphelp_nw04/helpdata/en/62/831640b7b6dd5fe10000000a155106/frameset.htm

This describes how to configure BW Web Application to accept SSO ticket from EP. It's almost same way to configure BSP for SSO.

I assume that you didn't configure ABAP system's profile parameter. Please set login/accept_sso2_ticket=1 in your profile(for example DEFAULT.PFL).

<b>#IMPORTANT#</b>

You should use same user-id for EP logon of backend ABAP system. Otherwise, you have to map EP-userid and ABAP-userid.

<b>**** Problem 2 ****</b>

Do you mean you want to use EP-user authentication to logon ABAP system via JCo(JRFC model)?

If so, you have to set JRFC model's logon-method as "SSO Ticket" with Web Dynpro Explorer.

But be careful, I think it's better to set userid/password to METAMODEL connection.

You know Web Dynpro uses 2 type of connection, for example WD_METAMODEL and WD_APPLICATION_DATA.

I mean, WD_METAMODEL should be set userid/password(not using SSO Ticket).

You can set "SSO Ticket" to WD_APPLICATION_DATA.

But if you set "SSO Ticket" to WD_METAMODEL, you cannot connect backend system.

Does it make sense?

I don't have enough time to write detail right now.

So if it doesn't make sense, feel free to ask me.

Regards,

Hideyuki

Ask a Question