04-07-2008 4:26 PM
Hello Forum members
I need recommendations / alternative solutions on the best way to implement SSO using Oracle Portal as the Front End via a BSP. We are using SAP4.7 and have no SAP Portal in place nor is it planned to move up this way currently.
SunOne LDAP will hold all the users approximately 60K, these users will click on the BSP within the Oracle Portal to gain access to the SAP system. The authentication is intended to be done on the Oracle Portal.
Does it matter if Logon Tickets are issued from the Oracle Portal? Or does it make sense to have SAP Logon Tickets from SAP Application? What are the security implications of such a decision to use Oracle Portal?
Any thoughts, recommendations, documentations welcomed
Sunil S Singh
04-07-2008 4:49 PM
How is the user authenticated at the (Oracle) Portal?
And do you also have a NetWeaver Java system in your landscape (because in that case you could deploy a custom JAAS login module to evaluate the SSO tokens of the Oracle Portal)?
04-07-2008 4:49 PM
How is the user authenticated at the (Oracle) Portal?
And do you also have a NetWeaver Java system in your landscape (because in that case you could deploy a custom JAAS login module to evaluate the SSO tokens of the Oracle Portal)?
04-07-2008 5:31 PM
Hi Wolfgang
Main objective is to accomplish through the leading systems ie. Sun One LDAP and Oracle Portal the ability:
- To use the SUN LDAP directory to intiate user id creation / deletion. It should be able to identify new/changed accounts and thus reflect such in the SAP system.
We do not have Netweaver in the landscape can you please let me know the benefits of such a scenario in a little bit more detail than just the deployment of a JAAS login e.g what effort is need to write a custom JAAS etc.
Thanks - Sunil
04-07-2008 6:24 PM
Sunil,
You will likely find that your Oracle portal can be used to store the ID in the HTTP header and then you can use an existing JAAS login module, and no need to have any custom code written to support your needs. I have seen this approach used a lot when a portal (SAP or non-SAP) is authenticating the user before they access SAP.
Thanks,
Tim
04-07-2008 7:29 PM