Skip to Content

This procedure shows step by step how to make your SAP EP to issue Logon Ticket for multiple domains.

By default SAP EP is configured to issue the SAP Logon Ticket for the same domain where portal is associated. For example SAP EP is in domain tcs.com thus the SAP Logon Ticket will be by default created and sent along with request from portal to target server of same domain tcs.com. Many a times it is required to sent the SAP Logon Ticket to server in another domain i.e. tcs.in. Follow the following steps to make Portal issue ticket for another domain tcs.in.

Prerequisite:

There need to be a web server in target domain (tcs.in in our example). The supported web servers are

Microsoft Internet InformationServer (IIS) 5.0 / 6.0 on Windows 2000

Apache Web Server 1.3 Windows 2000, Linux

iPlanet Web Server FastTrack / Enterprise Edition4.0 Windows 2000, Linux

How it works:

There need to be a hidden iView in SAP EP which sends request to a web server (MS IIS in our example) in target domain along with the SAP Logon Ticket as an argument. The target server has a component (asp/jsp/php) which receives this request from portal and creates another SAP Logon Ticket for this new domain. The new ticket is sent to users browser as a cookie. When the request from portal goes to any application of another domain, the newly issued SAP Logon Ticket for that domain is sent by Portal.

image

   

1. Prepare IIS server to accept and issue new Logon Ticket request


      a. Download “iis6_sso.dll” (for MS IIS 6.0) “iis_sso.dll” (for MS IIS 5.0) and wpsso_v3.dll from SAP Note 442401.

      b. Place these dlls in root folder of IIS (C:\Inetpub\wwwroot).

      c. Open IIS -> default web site -> properties -> ISAPI filters. Click on add button and browse to C:\Inetpub\wwwroot\iis6_sso.dll. Give a filter name (IIS6 in example) and save it. Restart the IIS server.

      d. Again open Open IIS -> default web site -> properties -> ISAPI filters. It should show IIS filter up and green.

      e. If you don’t see the green please refer to SAP Note 684106 for further required dlls.

image

      f.     On SAP edit the UME property ume.login.mdc.hosts to

ume.login.mdc.hosts=http:// myiisserver.tcs.in/sendSSO2Cookie.asp. See link  for further details on how to update UME properties.

   

4. Integrate this iView with SAP EP so that this is called at every time when user logs in

      a. Open the framework page which is used for your portal users. By default it is at content administration -> Portal content -> portal content -> Portal user -> Standard portal user -> Default framework page.

      b. Add your provider iView (SSO2Provider) to the page.

      c. Save the framework page

The above example is valid for using IIS as the web server to issue another ticket to portal. This document can be used as a reference for achieving the multi domain ticket issuing for other web servers as well.

Reference:

   1. help.sap.com

   2. How to guides

   3. Service market place notes

To report this post you need to login first.

6 Comments

You must be Logged on to comment or reply to a post.

  1. Sunil Kulkarni
    Hello Vishal,
                 Good Blog…
    I have came across an error.
    I am working on Microsoft-IIS/5.0.
    01] I copied the files iis_sso.dll & wpsso_v3.dll to c:/Inetpub/wwwroot directory.
    02] Also installed the DLL’s as per note 684106.(msvcp71.dll & msvcr71.dll at C:\WINNT\system32)
    The IIS filter is not turning Green..
    Do u have any idea what could be the reason?

    Regards
    Sunil Kulkarni

    (0) 
  2. Jinal Shah
    Hi

    What should be autorization on IIS web server? We tried Basic and Windows Authentication, but it keeps on asking us for username and password from SAP Portal whenever we logon in Portal. Do we need to do anything extra on IIS side to avoide uname/passsword pop-up?

    Thanks

    JS

    (0) 
  3. Chandani Shah
    Dear Vishal,

    Nice blog, just the perfect information.

    I am implementing SSO over cross domains.
    While doing so, SSO2Provider Iview has been added to Default Page Layout in Visible mode.

    Now while entering the portal, the control shifts between selected IView and back to home-page…the SSO2Provider Iview which is added to default framework page.

    This has made almost impossible for users to log into portal.

    I am trying to remove the iview from the default page, but in navigating to the page, the navigation to next screen takes roughly 5-7mins with 100% CPU utilization. I just reach the layout page in some 20mins.

    Is there an alternate way I can remove the iview from page / revert changes ?

    Request your guide me in this matter. Atleast point out a probable correction which I need to carry out.

    Ragerds,
    Chandani Shah

    (0) 
  4. ABH ABH
    sso.log
    Initialization done.IISPlugin checks Access.
    Can’t find MYSAPSSO2 ticket cookie for URI “/sendSSO2Cookie.aspogram ” on host “/sendSSO2Cookie.asp”.
    IISPlugin checks Access.
    Can’t find MYSAPSSO2 ticket cookie for URI “/sendSSO2Cookie.asp” on host “/sendSSO2Cookie.asp”.
    PSEPath: C:\Inetpub\wwwroot\verify.pse
    RealPath:
    URL: /sendSSO2Cookie.asp
    No redirect.
    (0) 

Leave a Reply