Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to create SSO2 tickets on non-SAP systems?

Former Member
0 Kudos

We would like to create our own "Assertion Tickets" and certificates on non SAP systems.

Our goal is to connect from BEA WLS System to SAP via JCo.

- JCo accepts SSO2 Tickets.

- The users are already logged in on our BEA platform.

- The usernames on BEA and SAP are identical.

Now we like to create an "Assertion Ticket" which we can provide via JCo to SAP Backend.

Is there a possibility to use the SAP Java Security API to do that?

Thanks & Kind Regards

Urs Hürlimann

5 REPLIES 5

Former Member
0 Kudos

Is this the answer to my question?

This raises two further questions:

1.

Why should our BEA WLS System trust the SAP Logon Tickets, IF SAP does not trust the BEA WLS Authentication?

2.

Is there a way to create some kind of third party tickets that are accepted by SAP backends?

Thanks

Urs Hürlimann

0 Kudos

Hi Urs,

in answer to item #1: this is not a matter of trust. The spec for creating SSO2 tickets is simply not available. As a consequence, there is no library for non-SAP systems available that can create SSO2 tickets.

In answer to item #2: the strategy most widely used is to place a Java based SAP system in front of ABAP based systems (e.g. NetWeaver Web Aplication Server Java or Enterprise Portal). These types of systems accept a broader range of authentication tokens out-of-the box and are more extensible by creating custom JAAS login modules. Additionally, such a system in turn is able to create SSO2 tickets for the - then authenticated -users which can then hop off to a ABAP based backend system.

Regards,

Birger

Former Member
0 Kudos

great platform.

0 Kudos

Hi,

SAP uses JAAS. I.e. it is possible to write your login module to determine to authenticate users. This seems to be the right solution for your problem.

The SAP login ticket has been reverse engineered. It is not hard to write some code that generates tickets. However, the problem is here that SAP is free to change the exact format of the ticket. It it does, you'll have to reverse engineer the ticket again.

0 Kudos

Hi Sietze,

would you mind sharing a link to the results of the reverse engineering efforts - Google does not come up with anything.

Regards, Sebastian