cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Creating MYSAPSSO2 credential outside of WebAS?

Former Member

on ‎05-25-2004 4:32 PM

0 Kudos

Is it possible to generate a MYSAPSSO2 credential outside of WebAS?

We're developing a number of .Net connector objects that leverage MYSAPSSO2 for single sign-on. These objects don't live within WebAS. I'd like to find a way to give users the MYSAPSSO2 cookie without making them first log into an EP portal, WebAS service, etc. Can this be done?

--Craig

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎05-25-2004 8:24 PM
0 Kudos

I just thought of an alternative that might work as well.

Within our Intranet, we make use of Netegrity's SiteMinder product. Every web user has a SiteMinder cookie similar to SAP's SSO cookie.

I wonder if it'd be possible to leverage this SiteMinder cookie for SAP .Net authentication? That is, maybe I could customize the WebAS backend to intercept the SiteMinder cookie (passed through the .Net connector), validate it and resume the "normal" SAP authentication process (possibly resulting in a MYSAPSSO2 cookie being created as well).

--Craig

Show replies
Show replies
Former Member
‎05-27-2004 8:49 AM
0 Kudos

You could easily create a JAAS login module for the portal (not sure if this is what you want) which reads the cookie and then validates it.

See the well documented example code https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sapportals.km.docs/documents/a1-8-4/prtl3...

All you need to do which is not provided by this code, is to add the validation and extraction of username of the siteminder cookie

Former Member
‎05-27-2004 6:20 PM
0 Kudos

Unfortunately, that approach doesn't apply to me.

These .Net Connector-based applications aren't running within the portal. They're on a vanilla IIS server within our Intranet.

Because the backend for the applications is a 6.20 WebAS server, JAAS is not yet an option for me. (Based upon what I've read, JAAS isn't a general WebAS option until 6.40). I have done some investigation into SNC, but that doesn't seem a likely approach either.

I'm still interested in other ideas/alternatives I may be overlooking!

--Craig

Former Member
‎11-09-2005 11:10 PM
0 Kudos

Hi Craig,

Did you find a way of doing this? If so, can you share it with us?

I have struggled with same issue. The problem is that SAP Logon tickets can only (officially) be created by SAP technology, i.e. Portal, ITS (with backend systems) and Web AS.

And I don't know if someone from SAP will advance a solution for this, since it will allow you now to deploy web applications without having to use their web technology.

Unless someone from SAP corrects me.

Now a hypothetical alternative is that:

You configure the SAP technology (be it Web AS or Portal or ITS whichever you have license for) with integrated windows authentication and therefore if users are already logon to their Windows, they will get an SAP Logon ticket generated and then the trick is to use some kind of redirect mechanism to hide the fact that a portal or ITS or WAS is used and let the SAP Logon ticket be redirected to your .Net Connector based applications. Remember to configure your SAP system to trust the SAP technology that generates the Logon ticket.

Regards,

Ask a Question