on 02-06-2008 1:04 AM
We use SSO for SAP GUI and SAP Webgui and it works fine for both. In the case of webgui we call first the service sapntauth.srvc which is then redirected to the service webgui.
Is there any possibility to pass the transaction as a query string when using SSO? This works perfectly fine without SSO, e.g. [http://<hostname>/scripts/wgate/webgui/!?transaction=MM03&client=002&~language=en]
But in combination with SSO the only way to call a transaction directly was by creating individual services for each transaction. Any hint on how to do better would be very welcome.
We use SAP ITS 6.20 Patch 23.
Regards,
Gerald
We did not find a solution to pass 2 parameters to the redirect service. As we are moving to Netweaver Portal, the question becomes obsolete
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Gerald,
what is sapntauth.srvc? May be you can use Javascript or Business HTML to parse the URL and
to assemble a redirection URL containing the ~transaction parameter?
regards
Tobias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We use SNC with NTLM authentication as single sign on method. sapntauth.srvc ist the relevant PAS service file (see [SAP Help|http://help.sap.com/saphelp_47x200/helpdata/en/fc/9d353a03e5494ce10000000a114084/frameset.htm]). This works perfectly fine. The user clicks on a link to the sapntauth.srvc and is then redirected to the webgui.srvc
The problem with this method: We have to write a xxx_auth.srvc and a transaction.srvc for each single transaction for which we like to offer a direct http link via Webgui.
I am looking for a method to pass the transaction in the query string and at the same using NTLM as authentication.
Thank you
Gerald
Tobias,
thank you for your dedication.
I found the [wiki of Klaus Layer|https://www.sdn.sap.com/irj/sdn/wiki?path=/pages/viewpage.action?pageId=22375] very useful and created some URLs according his guidance.
It works perfectly as long as we don't use single sign on. We use the service file SAPNTAUTH.SRVC as described in SAP note 361064. Instead of a redirect to service sapwp we redirect to the service webgui.
SAPNTAUTH.SRVC provides the logon ticket for the user and then redirects the user to the desired service (in this case webgui.srvc). We pass the parameter redirectQS to sapntauth.srvc via the url: [http://itsfrq/scripts/wgate/sapntauth/!?redirectQS=~transaction=*vl71 RG_VBELN-LOW=80000380]
This works fine yet, but we get an error message as soon we include a semicolon ";" in the url, e.g. [http://itsfrq/scripts/wgate/sapntauth/!?redirectQS=transaction=*vl71 RG_VBELN-LOW=80000380;RG_KSCHL-LOW=ZLD0;DYNP_OKCODE=SHOP]
The error message is: client does not exist in system.
Do you have any idea on that?
Kind Regards,
Gerald
SAPNTAUTH.SRVC
###############################################
@Copyright SAP AG 2002
Example Service File for the Pluggable Authentication Service (PAS)
#
Remark:The PAS Modul sapextauth must be included in ~xgateways in global.srvc
There are following types for PAS on ITS:
#
X509 --> ITS 4.6D (remark also note: 350776)
NTLM --> ITS 4.6D (remark also note: 361064)
NTPassword --> ITS 4.6D (remark also note: 497532)
LDAP --> ITS 6.10 (remark also note: 509237)
HTTP --> ITS 4.6D (see note: 493107 and 494984)
DLL --> ITS 4.6D (remark also note: 535538)
#
For detailed information see documentation (http://service.sap.com/security)
###############################################
~theme 99
###############################################
Module
~xgateway sapextauth
possible settings ->X509 , NTLM , NTPassword , LDAP , HTTP, DLL
~extauthtype NTLM
For NTLM and NTPassword: NT , for X509: DN, for LDAP: LD,
~extid_type NT
#
###############################################
settings for PAS service self
~client 002
~language de
#get a SSO2 Ticket
~mysapcomgetsso2cookie 1
#converts the login input to upper case. Might useful for LDAP and NTPassword
#if in doubt, set to 1 and maintain USREXTID mapping in caps.
~login_to_upcase 1
#
###############################################
after external authentication
Hostname which should redirected
~redirectHost itsfrq
path to another service
~redirectPath /scripts/wgate/webgui/!
#~redirectQS (Query String): ITS specific service parameters can be set there
~redirectHttps 0
~login_template login
if 1, user get only a ticket, if there is no
~dont_recreate_ticket 1
#
###############################################
~webgui_message_in_popup 0
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.