Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Pass user and password portal parameters through an URL

Former Member
0 Kudos
300

Hi,

We want to access an EP Portal through an URL, passing user and password parameters from a very old client system. That's run ok. Now we want to encrypt these parameters. We don't know how do this. From source system looks very difficult. We can't use SSO because source system users and EP users are on different DBs and can't connect these.

Any idea?

Thanks a lot.

5 REPLIES 5

tim_alsop
Active Contributor
0 Kudos
72

Ivan,

In order to help you, I need to know more about your "very old client system" ? What is this client system based on ? Is it a SAP product ?

Clearly, you will need to pass something instead of clear text useridpassword, e.g. encrypted useridpassword, or something which is recognised by both systems when a user has authenticated, and is not going to cause any issues if intercepted on network.

Thanks,

Tim

Former Member
0 Kudos
72

Hi Tim.

Source system isn't a SAP system, is a very old host system, I think is based on cobol language.

Thanks!

0 Kudos
72

Ivan,

ok, so you need to find out what is possible in the source system. There is no point in looking at this problem just from SAP perspective. If you have the capability to change source system and make it pass something else instead of clear text password, then you can also make SAP system accept the same to authenticate the user, eg. by writing a custom login module, using http header login module, or using a standards based login module such as SAML.

Also, you need to consider the network security between your systems - otherwise somebody might capture the traffic between source and SAP system and replay it in order to logon as that user themselves.

Thanks,

Tim

Former Member
0 Kudos
72

Hi.

It's solved. We've defined an URL iview and used application parameter with value:

iViewID = <IView.ID> & UserName = <User.displayname>

Thanks.

Regards.

0 Kudos
72

Although you should take care that any user should not be able to call any iView simply by knowing which parameter value to add for other users.

They might all see each other's data!

Just a side note...

Julius