Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

need to create SSO2 ticket via java

Go to solution
holger_stumm2
Active Contributor

on ‎2006 Apr 03 4:23 PM

0 Likes
305

I need to write an iview, that issues a new SS02-ticket before the different SAP system (SRM, ITS) are called.

Is there a how-to or something else, which describes the programmatic creation of an SSO2 ticket?

Background: The customer has a variety of SAP system, and in every system, the user has a different SAP ID.

I tried SSO2 with reference system and user mapping, but obviously EP requires a 1:1 relation. (Portal User A maps to user B in all SAP systems via reference system).

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

holger_stumm2
Active Contributor
‎2006 Apr 04 9:30 AM
0 Likes

I am using a SAP test tool (SSOSupport) , where I can see all data in the SSO-ticket. We have two cases checked:

User ID with HR = SRM, everything is ok, (SSO2 is set correctly) and HR <> SRM, then the SSO ticket is ok, but has the wrong user name.

With the ALIAS-Test, the connection test returns the same result: Connection OK, ticket ok, but username not ok.

Maybe I have it all wrong: I have tested URL-iview and IAC-iview, but both returned the same result.

What I don't understand: Where is the connection made between calling up a specific SAP connection and the corresponding SSO2 user mapping?

Show replies
Show replies
achim_hauck2
Active Contributor
‎2006 Apr 04 9:49 AM
0 Likes

the procedure should go like this:

your iview has a property something like "Logical System" or "ITS system" (depends on your iview type) that has an alias as value.

this alias is assigned to a system in your landscape directory.

when the iview is called, there's a check, if the system has got a user mapping for that specific user. if yes, it is used.

now, you have to evaluate, which type of iview your SRM-iview is, get the system alias for that iview, look for the system in the landscape and make a connection test.

kr, achim

Answers (2)

Answers (2)

holger_stumm2
Active Contributor
‎2006 Apr 04 8:33 AM
0 Likes

The regular SSO-setup works fine. Portal user is mapped to reference system user (HR-Username).

If the SRM-username is equal to the HR-username, everything is fine as well. SSO works.

But what if the SRM-user has a different name?

Can you elaborate on the User Mapping question? Somebody from SAP mentioned to me, that some customer are doing remapping, but not, where to do it.

Where would I re-map the SAPSSO2 user to the SAP SRM-user? Is it in the SRM target system with something like STRUSTSSO2? or SU01? .

Thanks

Holger

Show replies
Show replies
achim_hauck2
Active Contributor
‎2006 Apr 04 8:41 AM
0 Likes

Holger,

in the portal, go to "system administration / system configuration / system landscpae" and edit the "User Management" properties of your SRM system like this:

User Mapping Type: "admin, user" (whether the mapping should be done by the admin, by the user or both of them)

after that you have the option to map your user for the SRM system at "user Administration / User mapping"

kr, achim

holger_stumm2
Active Contributor
‎2006 Apr 04 8:54 AM
0 Likes

Yes, I already did that.

But the SSO-Ticket is always for the HR-username (Reference System) , and when I call the SRM-System, even with the mapping, the SSO-tickets alway is the same, issued for the reference system user.

The user is denied, because the SRM-username is not the same as in the HR-system

achim_hauck2
Active Contributor
‎2006 Apr 04 9:05 AM
0 Likes

that sounds like a misconfiguration. the mapped user should be written in the ticket (http://help.sap.com/saphelp_nw2004s/helpdata/de/fe/d22a41b108f523e10000000a155106/frameset.htm)

are you sure, it's the wrong useridin the ticket? did you try whether the whole SRM-SSO is configured correct by using a portal user thats userid is the sam as in the SRM?

kr, achim

achim_hauck2
Active Contributor
‎2006 Apr 04 7:24 AM
0 Likes

Holger,

it's not true, that you need a 1:1: relationship. you can do usermapping for each system in your landscpae indepedent (but it would be a hell to maintain it...)

what is your proposed solution? issuing a logon-ticket just before the user accesses a specific system with a derived username? sounds complicated

kr, achim

Show replies
Show replies
Ask a Question