Topic
  • 3 replies
  • Latest Post - ‏2007-07-09T12:02:32Z by Dennis_te_Lintelo
SystemAdmin
SystemAdmin
34 Posts

Pinned topic SAP Builders and SSO with Websphere Portal

‏2007-07-04T13:50:00Z |
Hi guys,
I'm trying to use SAP builders to develop a portlet application that access SAP backend system. It seems to me that the only way to access the SAP system is by providing username and password. You can choice to access a credential vault or retrieve these values from other backend systems.
So, even if you're able to retrieve a cookie or token that contains SAP identity information (SAP logon ticket? is a portlet able to retrieve this cookie?), you cannot use it in your WPF project.
Do you know any other methods to access SAP system with WPF?
Thanks in advance.

Updated on 2007-07-09T12:02:32Z at 2007-07-09T12:02:32Z by Dennis_te_Lintelo
  • Dennis_te_Lintelo
    Dennis_te_Lintelo
    2 Posts

    Re: SAP Builders and SSO with Websphere Portal

    ‏2007-07-05T06:25:18Z  
    Well it is possible to retrieve cookies in a JSR168 portlet using the this code: request.getProperty("cookie"). This will give you a String object with all cookies including the SAP Logon ticket.

    In order to use the Logon ticket in the SAP builders specify "$MY$APSSO2$" as userid and use the Logon ticket value as the password. The "$MYSAPSSO2$" value in the userid field will trigger SAP to retrieve the actual userid and password from the password field.

    Keep in mind that the userid used in the builders is actually just a "technical" userid. It is only used to make the connection to SAP in order to use the BAPIs. This means that when using the Logon ticket, the userid in the ticket also needs to have access to the BAPIs. I would say to just stick to one userid to access the BAPIs.

    For more information on how to set up SSO with SAP and Portal have look at this article from Peter Tuton (IBM).
    http://www.ibm.com/developerworks/tivoli/library/t-ssosapnwas/index.html

    Have fun!
    Dennis
  • SystemAdmin
    SystemAdmin
    34 Posts

    Re: SAP Builders and SSO with Websphere Portal

    ‏2007-07-06T18:19:20Z  
    Well it is possible to retrieve cookies in a JSR168 portlet using the this code: request.getProperty("cookie"). This will give you a String object with all cookies including the SAP Logon ticket.

    In order to use the Logon ticket in the SAP builders specify "$MY$APSSO2$" as userid and use the Logon ticket value as the password. The "$MYSAPSSO2$" value in the userid field will trigger SAP to retrieve the actual userid and password from the password field.

    Keep in mind that the userid used in the builders is actually just a "technical" userid. It is only used to make the connection to SAP in order to use the BAPIs. This means that when using the Logon ticket, the userid in the ticket also needs to have access to the BAPIs. I would say to just stick to one userid to access the BAPIs.

    For more information on how to set up SSO with SAP and Portal have look at this article from Peter Tuton (IBM).
    http://www.ibm.com/developerworks/tivoli/library/t-ssosapnwas/index.html

    Have fun!
    Dennis
    Hi Dennis,
    first of all thanks a lot for your answers.
    The possibility to use SAP logon ticket to access SAP R3 from my portlet is very interesting. I'm wondering about cookie visibility.Let me explain ...
    My portlet will run on Websphere Portal. The SAP logon ticket will be generated by a SAP server after user authentication. Even if the same Webseal instance protects both Websphere Portal and SAP server (EP or application server) and the user reaches the Websphere Portal page that contains my portlet after SAP logon ticket generation, will my portlet be able to "see" the cookie? Are there any constraints on the infrastructure and configuration to let my portlet to extract the sap cookie from the request?
  • Dennis_te_Lintelo
    Dennis_te_Lintelo
    2 Posts

    Re: SAP Builders and SSO with Websphere Portal

    ‏2007-07-09T12:02:32Z  
    Hi Dennis,
    first of all thanks a lot for your answers.
    The possibility to use SAP logon ticket to access SAP R3 from my portlet is very interesting. I'm wondering about cookie visibility.Let me explain ...
    My portlet will run on Websphere Portal. The SAP logon ticket will be generated by a SAP server after user authentication. Even if the same Webseal instance protects both Websphere Portal and SAP server (EP or application server) and the user reaches the Websphere Portal page that contains my portlet after SAP logon ticket generation, will my portlet be able to "see" the cookie? Are there any constraints on the infrastructure and configuration to let my portlet to extract the sap cookie from the request?
    To my understanding it should be no problem to get the cookie from the request. Make sure you read the article from Peter Tuton carefully to setup the environment.