cancel
Showing results for 
Search instead for 
Did you mean: 

WS and SAP Logon Ticket

Former Member
0 Kudos

Hello,

I have a scenario WS would connect via EJB (RFC call) to SAP R/3. For Authentication UME is going to be used, SAP R/3 is going to be the data source. I did have a look at "Protecting Access to the Web Dynpro Application Using UME Permissions " but I had few doubts:

1. In this tutorial, SAP Logon Ticket is being used - in that ONLY the User Id is being checked for authentication. I understand from the description that ONLY UserID is sent and there is concept of cookies and all. Does this mean, that the password is not checked at all? Would it be possible to program that the user can ask for password?

2. The Web Service with SAP Logon Ticket if called form MS Application like Visual .NET then what are the requirements for that?

3. Is UME Configuration required on the EP? Since the tutorial did say about using UME console to assign users, roles etc or it is not required if the authentication is form the WD application.

4. How is synchronization handled with UME?

I look forward to the suggestions/comments from you. Can anybody also point to some other tutorial for making a WS which makes an EJB RFC call. I am a novice in UME so looking for help form experts.

Many thanks,

Dharmi

View Entire Topic
Former Member
0 Kudos

Hi Dharmi,

Whatever little I know abt these, I'm putting it down for you:

1) SAP Logon Ticket is used to authenticate users across different systems. For eg: let us have two systems - system A and syatem B. The user logs into the system A using his <b>login name and password</b> and runs an application which requires some connection to system B. Now system B would require another authentication. In the normal case, the user would be required to enter his user name & password for system B each time any data is retrieved from it. To avoid this scenario, SSO techniques like user mapping & SAP Logon Ticket are used. In the case of SAP Logon Ticket, the source & the destination systems should be capable of handling Tickets. Tickets would be issued for each required user and the same will be stored in the UME of system A. When the user logs in to system A and then try to access system B, the Logon Ticket for the corresponding user would be picked up by system A and sent it to system B. System B checks the Ticket & if the user is found authenticated , lets him proceed.

Former Member
0 Kudos

Hello Nibu,

Thanks for the insight.Can you also please point to some reference material as well?

Many thanks,

Dharmi

Yashpal
Active Contributor
0 Kudos
Former Member
0 Kudos

Hello Yashpal,

The section in this document is the same one i read and, had certain doubts that i mentioned above:

Can you please try answering that? Thanks much.

Best regards,

Dharmi

Former Member
0 Kudos

Hi,

<b>1. In this tutorial, SAP Logon Ticket is being used </b>- Yes .Passwords wont be checked. Because issue of logontickets is done within a trusted domain.. In the sense that, your uname and password will already be verified(say in a portal logon or in a windows logon) and after that when you are inside the system you are trusted and password is not verified again.

If you want it to prompt for a password use it without logon tickets.

<b>

2. The Web Service with SAP Logon Ticket if called form MS Application like Visual .NET then what are the requirements for that?</b>

I doubt if this is possible . SAP logon ticket applies within SAP systems only. In other cases we have to resort to other options like x.509 certificates.

Seems like we have login forms for this purpose.. chk it out.. !

http://help.sap.com/saphelp_nw04/helpdata/en/99/ca7af0793cc24c889b082b7230daaa/frameset.htm

<b>3. Is UME Configuration required on the EP? Since the tutorial did say about using UME console to assign users, roles etc or it is not required if the authentication is form the WD application.</b>

In any one place.. if you are using portal authentication in portal is sufficient.. The WD application should use a system which has authentication type as SAP logon ticket.

<b>4. How is synchronization handled with UME?</b>

in the sense.. if a user is deleted in the backend.. etc.,in this case the user is rejected and it prompts for username and password.

Hope it helps.

Regards

Bharathwaj

Link added for SAP Login Forms : Bharathwaj

Former Member
0 Kudos

Hello Bharathwaj,

Thanks for putting it point to point. I do have some more doubts now, I have 2 scenarios where in one user is authenticated with the username and password (WD communicating via WS to SAP R/3 ) and the second scenario where only username is passed (is the Interactive Voice Response VC++ client using the same WS (as that of WD) to communicate with R/3):

1. If I would like to prompt for passwords then is it still the concept of UME but then without Logon tickets?

2. How do I handle the second scenario?

3. If Portal is not being used, then is there any specific configuration required on the WAS <b>for UME</b>?

4.Can you also please help me with the reference material / points on how an EJB can make a RFC call? and How I can make that EJB as web service?

I hope you could help me with the quick response.

Best regards,

Dharmi

Message was edited by: Dharmi Tanna -


added for UME and point 4---

Former Member
0 Kudos

<b>1. If I would like to prompt for passwords then is it still the concept of UME but then without Logon tickets?</b>

Yes. In case of username and password you have to handle it in your WS differently.

2. How do I handle the second scenario?

IVR.. Try the link i gave in my previous post or x.509 cert.Not sure how it works with applciations like this.. !

3. If Portal is not being used, then is there any specific configuration required on the WAS for UME?

Portal also uses the same WAS UME.

4.Can you also please help me with the reference material / points on how an EJB can make a RFC call? and How I can make that EJB as web service?

In brief - SAP has given JCA for this purpose. You can try this too.

http://help.sap.com/saphelp_nw04/helpdata/en/40/003c41325fa831e10000000a1550b0/frameset.htm

For creating a web service, expand the ejb-jar.xml.. right click on the bean and select "New " -> WebService. the wizard will do the rest.. !

Best regards,

Dharmi

Former Member
0 Kudos

Hello Bharathwaj,

Thanks much.

Dharmi