07-31-2008 2:36 PM
We would like to create our own "Assertion Tickets" and certificates on non SAP systems.
Our goal is to connect from BEA WLS System to SAP via JCo.
- JCo accepts SSO2 Tickets.
- The users are already logged in on our BEA platform.
- The usernames on BEA and SAP are identical.
Now we like to create an "Assertion Ticket" which we can provide via JCo to SAP Backend.
Is there a possibility to use the SAP Java Security API to do that?
Thanks & Kind Regards
Urs Hürlimann
07-31-2008 3:17 PM
Is this the answer to my question?
This raises two further questions:
1.
Why should our BEA WLS System trust the SAP Logon Tickets, IF SAP does not trust the BEA WLS Authentication?
2.
Is there a way to create some kind of third party tickets that are accepted by SAP backends?
Thanks
Urs Hürlimann
08-03-2008 1:47 PM
Hi Urs,
in answer to item #1: this is not a matter of trust. The spec for creating SSO2 tickets is simply not available. As a consequence, there is no library for non-SAP systems available that can create SSO2 tickets.
In answer to item #2: the strategy most widely used is to place a Java based SAP system in front of ABAP based systems (e.g. NetWeaver Web Aplication Server Java or Enterprise Portal). These types of systems accept a broader range of authentication tokens out-of-the box and are more extensible by creating custom JAAS login modules. Additionally, such a system in turn is able to create SSO2 tickets for the - then authenticated -users which can then hop off to a ABAP based backend system.
Regards,
Birger
08-04-2008 7:39 AM
08-04-2008 11:20 AM
Hi,
SAP uses JAAS. I.e. it is possible to write your login module to determine to authenticate users. This seems to be the right solution for your problem.
The SAP login ticket has been reverse engineered. It is not hard to write some code that generates tickets. However, the problem is here that SAP is free to change the exact format of the ticket. It it does, you'll have to reverse engineer the ticket again.
11-11-2009 1:35 PM
Hi Sietze,
would you mind sharing a link to the results of the reverse engineering efforts - Google does not come up with anything.
Regards, Sebastian