on 06-25-2008 10:51 AM
Hello experts,
A user working with sapgui presses a button on one of the sapgui screens which triggers a locally developed web dynpro application. We wish that the user logon to this application without username or password. I have not been able to find any documentation on how to achieve this.
System is configured for SSO.
Thanks
Boaz
SSO between different SAP servers and third party Servers, not between Client and Server.
You are running a WDA application from a Client it will definitely ask User ID and Password.
you can set the Logon credentials for the WDA application in SICF, if you don't want the login page.
Abhi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
>
> SSO between different SAP servers and third party Servers, not between Client and Server.
> You are running a WDA application from a Client it will definitely ask User ID and Password.
> Abhi
That is totally incorrect. That is the second time today that you have provided incorrect information with some certainty. You are a frequent contributor to the forum, but that only makes your incorrect information all the more dangerous. Please be cautious.
Now to the answer:
SSO in general is designed for Client and Server as well as Server to Server. There is also a special SSO mode that is available for the SAPGUI. This is how you can launch a Web Dynrpo or BSP application from SE80 without being prompted for authentication.
This is all done via the class cl_gui_html_viewer.There is a method called ENABLE_SAPSSO. This is a special ticket that is only useful within the context of the SAPGUI HTML Container. However there is also a method of the gui html viewer to open in a new window as well.
DATA: url TYPE string, urlc(2048) TYPE c.
*Build URL - however you want to do it
urlc = url. " type conversion STRING to C
DATA: viewer TYPE REF TO cl_gui_html_viewer.
DATA: empty_container TYPE REF TO cl_gui_container.
CREATE OBJECT viewer EXPORTING parent = empty_container.
CALL METHOD viewer->enable_sapsso
EXPORTING enabled = 'X'
EXCEPTIONS OTHERS = 1.
CALL METHOD viewer->DETACH_URL_IN_BROWSER
EXPORTING url = urlc.
cl_gui_cfw=>flush( ).
Hello thomas.jung,
I know this thread is quite old but I'm struggling with the requirement of execute an SICF service from ABAP without losing the connected session.
I'm already trying with the solution you proposed:
CREATE OBJECT lo_gui_html_viewer
EXPORTING
parent = lo_gui_container
EXCEPTIONS
OTHERS = 0.
CALL METHOD lo_gui_html_viewer->enable_sapsso
EXPORTING
enabled = 'X'
EXCEPTIONS
OTHERS = 0.
CALL METHOD lo_gui_html_viewer->detach_url_in_browser
EXPORTING
url = lv_url
EXCEPTIONS
OTHERS = 0.
cl_gui_cfw=>flush( ).
But at the end the browser opens trying to reach this kind of URL:
http://<server>:<port>/sap/public/myssocntl?sap-client=<client>;
And I get an 500 Internal Server Error
Any idea of what can be wrong in my code / system?
The URL that I want to execute is to request OAuth 2.0 token for a profile (/sap/bc/sec/oauth2/client/grant/authorization/?profile=<myprofile>).
Thank you!
Best regards,
Marco Silva
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well I wanted to make sure the code sample still works as its more than a decade old. I recreated the test program on my S/4 1809 system (7.53):
REPORT zbrowser_launch_test.
DATA: empty_container TYPE REF TO cl_gui_container.
DATA(viewer) = NEW cl_gui_html_viewer( parent = empty_container ).
viewer->enable_sapsso( enabled = abap_true ).
viewer->detach_url_in_browser( url = `http://hanapm.local.com:8000/sap/bc/webdynpro/sap/demo_value_help?sap-client=000` ).
cl_gui_cfw=>flush( ).
And it worked perfectly fine:
So the code and concept still work, so I'd have to guess that there is something with the system configuration of your system. However its impossible to say what as I know nothing about your system. We system above is pretty vanilla S/4 with very little post install configuration. I've not even configured HTTPS.
thomas.jung, thank you so much for your time and expertise! It helped me to understand what was going wrong!
Here is my guess: when we enable SAP SSO, the system first gets the token from /sap/public/myssocntl and then tries to reach our endpoint.
My problem: the protocol for myssocntl is HTTP and for my endpoint is HTTPS. I was passing my endpoint with HTTPS, so he tries to reach myssocntl with this protocol and fails.
My tested solution: I call the endpoint with the protocol of myssocntl. If the final endpoint node in SICF is well-defined, the system will automatically adapt the call to the right protocol.
Thank you again! You rock.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thomas,
Thank you very much for giving the solution.
Regards
Boaz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I have another question on the same lines.
So it is quite simple to call a Web Dynpro Application from ABAP program. But how do I pass the data to this WD Application?
I have few attributes in WD Component Controller Context. How do pass values to these attributes from ABAP program?
Thanks
Sagar
You can always use URL parameters - they in turn get translated into input parameters for the window start plug. However there are limitations to how much data you can pass via URL parameter. So if I have more than a key or two to pass, I like to serialize the data to XML and then write it into a server cookie (basically just storing it in a temporary database table - but if you aren't familiar with the classes - since they were created for BSP - that do this let me know and I can post a sample) and then just pass the key to the server cookie via the URL parameter. The start plug can then pickup the key from the URL parameter and deserialize the server cookie - adding into its own context.
In a similiar thread, in this forum Thomas Jung, from SAP, wrote. I quote:
The best you can do with standalone ABAP SSO is prompt the user once for authentication and then then generate a ticket off of that.
The only exception is if you are launching your WDA standalone from the SAPGUI. The SAPGUI can generate an SSO ticket off of the SAP logon (SY-UNAME) for use only with the local system. This is how you can run WD applications from SE80 and not be prompted for authentication.
Can someone explain to me how to use this exception?
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.