Skip to Content

Interoperability of Web Services is key for the integration of 3rd party software products with SAP NetWeaver. Products that are based on Microsoft technology are widely used and therefore their integration is of great interest.

One special topic is Single Sign-On. Though SAP and Microsoft  work on the support of advanced Web services standards such as SAML for the next major releases Single Sign-On is also an issue for technology platforms that are currently existing and being used.

Because of this we provide a series of whitepapers that outlines the basic concept how Single Sign-On can be achieved using existing technologies and describe sample applications based on .NET, Win32 and Java that consume SAP Web services that are either based on the SAP NetWeaver Application Server and the SAP Exchange Infrastructure.

The basic concept is that  Single Sign-On of Windows based Web services clients to SAP NetWeaver Web services can be achieved using Windows Integrated Authentication and SAP Logon Tickets. Windows based Web Services Clients can acquire a SAP Logon Ticket from a SAP NetWeaver Portal that supports Windows Integrated Authentication using SAP’s SPNego Login Module. The SAP Logon Ticket can than be used by the Web Service Client for allowing SSO to SAP NetWeaver based Web Services. This concept is outlined in detail in the following whitepaper:

Single Sign-On of Windows-based Web Service Clients using SAP Logon Tickets

Developers of 3rd party applications leverage from sample applications based on

.NET: Sample Application: SSO with a .NET-based Web Service Client using SAP Logon Tickets

Win32: Sample Application: Call a Web Service with Single Sign On from a Windows Client Using a SAP Logon Ticket

Java (in preparation)

To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

  1. Lieven De Bock
    Hi Herr Fischer,

    we run the following code..:

    Imports System.Net
    Imports System

    Dim url As String = “http://hkbw3.pidpant.local:56100/irj/portal
    ‘ Create a ‘HttpWebRequest’ object with the specified url.

    Dim myHttpWebRequest As HttpWebRequest = CType(WebRequest.Create(url), httpWebRequest)
    myHttpWebRequest.Credentials = CredentialCache.DefaultCredentials
    myHttpWebRequest.CookieContainer = New CookieContainer()
    Dim response As HttpWebResponse = CType(myHttpWebRequest.GetResponse(), HttpWebResponse)
    response.Cookies = myHttpWebRequest.CookieContainer.GetCookies(myHttpWebRequest.RequestUri)
          
    ‘ Print the properties of each cookie.
    Dim cook As Cookie
    For Each cook In  response.Cookies
                Console.WriteLine(“Cookie:”)
                Console.WriteLine(“{0} = {1}”, cook.Name, cook.Value)
                Console.WriteLine(“Domain: {0}”, cook.Domain)
                Console.WriteLine(“Path: {0}”, cook.Path)
                Console.WriteLine(“Port: {0}”, cook.Port)
                Console.WriteLine(“Secure: {0}”, cook.Secure)
               
                Console.WriteLine(“When issued: {0}”, cook.TimeStamp)
                Console.WriteLine(“Expires: {0} (expired? {1})”, cook.Expires, cook.Expired)
                Console.WriteLine(“Don’t save: {0}”, cook.Discard)
                Console.WriteLine(“Comment: {0}”, cook.Comment)
                Console.WriteLine(“Uri for comments: {0}”, cook.CommentUri)
                Console.WriteLine(“Version: RFC {0}”, IIf(cook.Version = 1, “2109”, “2965”))
               
                ‘ Show the string representation of the cookie.
                Console.WriteLine(“String: {0}”, cook.ToString())
    Next cook

    At the line “Dim response As HttpWebResponse = CType(myHttpWebRequest.GetResponse(), HttpWebResponse)” the code fails, with an error ‘400’..

    Browsing to the portal, however works fine, SSO works well, and a user is loged on with the Kerberos authentication ..

    Looking into the logviewer we however see 2 entries..

    The Second is successful: The first fails

    Second entry >
    Date : 06/22/2009
    Time : 15:24:05:874
    Message : LOGIN.OK
    User: ldebock
    Authentication Stack: ticket

    Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
    1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          exception  false                 java.security.SignatureException: Certificate (Issuer=”CN=QP2″, S/N=1393841314) not found.
    2. com.sap.security.core.server.jaas.SPNegoLoginModule                     OPTIONAL    ok          true       true                 
    3. com.sap.security.core.server.jaas.CreateTicketLoginModule               SUFFICIENT  ok          true       true                 
    4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok                     true                 
    5. com.sap.security.core.server.jaas.CreateTicketLoginModule               REQUISITE   ok                     false                
    Central Checks                                                                                                true                 
    Severity : Info
    Category : /System/Security/Authentication
    Location : com.sap.engine.services.security.authentication.logincontext
    Application : sap.com/irj
    Thread : SAPEngine_Application_Thread[impl:3]_23
    Datasource : 1245658549199:E:usrsapDP1JC52j2eeclusterserver0logsystemsecurity.log
    Message ID : 00505689433600780000001E00000FA400046CEFC9D2828D
    Source Name : /System/Security/Authentication
    Argument Objs :
    Arguments :
    Dsr Component : n/a
    Dsr Transaction : f5bf25205f2f11deb9ef005056894336
    Dsr User :
    Indent : 0
    Level : 0
    Message Code :
    Message Type : 0
    Relatives : com.sap.engine.services.security.authentication.logincontext
    Resource Bundlename :
    Session : 589
    Source : /System/Security/Authentication
    ThreadObject : SAPEngine_Application_Thread[impl:3]_23
    Transaction :
    User : ldebock

    First Entry >

    Date : 06/22/2009
    Time : 15:24:05:327
    Message : LOGIN.FAILED
    User: N/A
    Authentication Stack: ticket

    Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
    1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          exception             true       java.security.SignatureException: Certificate (Issuer=”CN=QP2″, S/N=1393841314) not found.
    2. com.sap.security.core.server.jaas.SPNegoLoginModule                     OPTIONAL    ok          exception             true       Access Denied. No authorization header received.
    3. com.sap.security.core.server.jaas.CreateTicketLoginModule               SUFFICIENT  ok          false                 true      
    4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok          false                 false     
    5. com.sap.security.core.server.jaas.CreateTicketLoginModule               REQUISITE   ok          false                 true      
    Severity : Info
    Category : /System/Security/Authentication
    Location : com.sap.engine.services.security.authentication.logincontext
    Application : sap.com/irj
    Thread : SAPEngine_Application_Thread[impl:3]_27
    Datasource : 1245658549199:E:usrsapDP1JC52j2eeclusterserver0logsystemsecurity.log
    Message ID : 00505689433600620000002A00000FA400046CEFC9CA4715
    Source Name : /System/Security/Authentication
    Argument Objs :
    Arguments :
    Dsr Component : n/a
    Dsr Transaction : f56badf05f2f11de9745005056894336
    Dsr User :
    Indent : 0
    Level : 0
    Message Code :
    Message Type : 0
    Relatives : com.sap.engine.services.security.authentication.logincontext
    Resource Bundlename :
    Session : 0
    Source : /System/Security/Authentication
    ThreadObject : SAPEngine_Application_Thread[impl:3]_27
    Transaction :
    User : Guest

    When trying to acquire a ticket through VB-code, only one entry appears .. The faulty one..

    What needs to be done in the codeing ?
    Any advice ?

    (0) 

Leave a Reply