Hi,

SAP <b>Logon Tickets</b> are used in SAP Enterprise Portal to authenticate users to applications. In simple terms, the SAP Logon tickets represent users credentials. The process of logging on into SAP, the SAP portal server issues a SAP Logon ticket to the user. The logon ticket is stored as a cookie on a session by session basis in the browser. So how do SAP Logon tickets help in the overall authentication process in SAP. Use of SAP Logon tickets enables users to have access to multiple applications and services. Once the logon is complete, no other additional logons are required from the user.

SAP Logon tickets provide a very strong level of security for SAP systems since the logon tickets are digitally signed by the portal server and have digital signatures for authenticity and integrity. It should be noted that SAP logon tickets do not contain any passwords. Normally, the SAP Logon ticket contains:

- User ID

- Period of Validity of the Ticket

- Issuing system

- Digital Signature

- Scheme of Authentication

Regards,

viji

Hi Vamsi,

SAP Logon Tickets are the flexible central authentication token used in the SAP world

and can be used for SSO to all SAP products in the back end. 3rd party applications can

also leverage SAP Logon Tickets for SSO. For this SAP provides a Web Server Filter

that can be used for an authentication by means of a http header variable and a

Dynamic Link Library for Verifying SSO Tickets in 3rd party software which can be used

to provide native support for SAP Logon Tickets in applications written in C or JAVA.

A seamless solution that allows SAP Logon Tickets to be used for SSO to Microsoft

based backend systems could not be developed by SAP until Microsoft provided new

features to its implementation of the Kerberos protocol. Based on the new feature called

protocol transition using constrained delegation SAP developed the SSO22KerbMap

Module. This new ISAPI Filter requests a constrained Kerberos ticket for users identified

by valid SAP Logon Ticket that can be used for SSO to Microsoft web based

applications in the back end.

Reward if useful!

Hi,

1. Logged in portal user name should have authorization to R/3 system otherwise do user mapping for the portal user with authorized R/3 user name.

2. Login to Content Administrator using Administrator rights.

http://localhost:50000/webdynpro/welcome/Welcome.jsp

3. Navigate to corresponding application and click on JCO connection tab.

4. Click on first interface Model Data (Application data).

Select the ticket option.

5. Click on Metadata interface.

Give the Service username and password of R/3 system.

Service user name of the Destination R/3 system: Administrator has to create these users.

Make sure service user has authorizations to corresponding system.

Regards