cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO from webSEAL to EP

Former Member

on ‎10-31-2005 4:28 PM

0 Kudos

Hello Experts,

We have implemented SSO from WebSEAL to EP(<u><b>THEY ARE BOTH ON DIFFERENT DOMAIN</b></u>) . I have gone through the whitepaper https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ad84a55a-0601-0010-749b-854...

We have been having problems with the implementation. I hope someone can help.

The following junctions have been created for EP & SRM

https://xyz.com/sapep_junction/irj/portal

https://xyz.com/sapebp_junction/sap/bc/gui/sap/its/

The SSO is working fine. When I logon to external portal(non sap portal) and click on the link for the junction to sap portal I am able to get in without logging in again. The Problem is Once I try to navigate to a different page I get the error the requested resource not found. We have discovered the the MYSAPSSO2, JSESSIONID cookies were created by portal and sent back to the browser (webseal server) but webseal was not sending it back to the end-users browsers. IBM says that the cookies will not be sent back if the domain doesn’t start with a . (Example .domain.com). I have noticed that the domain doesn’t start with a . for the MYSAPSSO2 cookie ( it is domain.com).

Is there a way to change the domain for the MYSAPSSO2 cookie ? .

If yes, Is it advisable to do so ?.

Is there a work around ?.

I am trying to access some IAC’s like BBPSTART and BSP’s in the SRM system.

Any help would be appreciated.

Thanks,

SS

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎11-04-2005 2:35 AM
0 Kudos

Michael,

Thanks a lot for the reply. I will definately try this out. We were able to solve this problem by calling portal with url containing the same domain name as of webseal server. that way portal creates a cookie with the webseal domain name. I had one more question (hope you can help).

I have created iViews for srm ebp(like bbpapproval,bbpiv03) based on path xyz.com/sapebp_junction/sap/bc/gui/sap/its/. I am able to open the iViews. But once an iView is fully loaded(open) when i click on an other iView in the detailed navigation "404 Not Found--The requested resource does not exist" error screen pops up. I am not able to navigate to an another screen nor am i able to see the detailed navigation after that.When i check the url for the iViews in detailed navigation somehow the junction sapep_junction or sapebp_junction is been removed.

Can somebody please help.

Thanks

SS

Show replies
Show replies
Former Member
‎10-10-2006 5:19 AM
0 Kudos

SS,

Were you ever able to resolve your issue with navigation problems and 404 errors following the initial display of an iView within the Portal that references a different WebSEAL junction? I am experiencing the same problem in my own environment. We have been able to analyze this scenario to the point where we now understand what it is that WebSEAL is doing in this situation however we have yet to figure out a resolution to the problem.

The problem seems to be related to the handling of server-relative URLs within script code on the pages rendered back to the client. WebSEAL has only two methods that we have found to resolve these URLs: the Junction Mapping Table (JMT) and the IV_JCT junction cookie. We've played with both of these with limited success. The problem really comes in when dealing with the SSO situation you described and having the Portal behind one junction and the backend system referenced by an iView behind a different junction. I'd really like to see how you and others may have addressed this issue. This is something I need to resolve asap.

Thanks,

David

MichaelSambeth
Advisor
Advisor
‎11-03-2005 10:01 PM
0 Kudos

Hi!

You may alter the domain setting of the MYSAPSSO2 cookie as outlined below (relaxing paramter):

http://help.sap.com/saphelp_nw04/helpdata/en/5e/473d4124b08739e10000000a1550b0/frameset.htm

Regards

Michael

Show replies
Show replies
Ask a Question