Skip to Content

SSO to IIS from Enterprise Portal using SAPSSOEXT


  SSO to IIS using API

*Click on “download Link ” to download all the required files. **Download Link* 

h3. Section1: The following steps are required for cross domain SSO. If your portal and IIS web server are in the same domain then please read Section2.

  1. Edit the sendSSO2Cookie.asp change the following line to your domain   (remember domain string should have at least two “.” for the cookie to be set).

             In .asp code: domain = “”

    2.   Move the sendSSO2Cookie.asp to IIS server.

    3.  Logon on to SAP portal server ( physical server ) and edit the UME  property*  ume.login.mdc.hosts*. Follow the following steps to change this property.         protocol://host[:port][path]


    h3. Section2: Configuration/Development to read the cookie and sign on to IIS Server. This is a required step.

        1. You need to copy the following two files to system32 directory and add it     to*  PATH* variable.

    h5.   Windows: sapsecu.dll and sapssoext.dll

      2. Register the sapssoext.dll by using regsvr32 command.

    h5.     regsvr32 sapssoext.dll

      3. Download Verify.pse from the portal server and put it in a directory.

      4. Use the code ssosample.asp to modify your login page to read the cookie/decrypt the cookie. 

    h5.  Make sure you change the following line in your asp code to refer to the directory where verify.pse is stored.

      RetArray = MyObj.EvalLogonTicket (Cookie, “SAPdefault”, vbNull)

        Change “SAPdefault” to “c:\Verify.pse”

     *Click on “download Link ” to download all the required files.  **Download Link* </p>

    You must be Logged on to comment or reply to a post.
    • Good to see you blog after a long time. Hope we can expect very good blogs again from you.


    • Welcome back Prakash! Hey.. we have Kerberos which SAP is saying it supports starting sps 16 on EP6 and ntlm being unsupported (I heard it works anyways).

      Can you share your thoughts on when is it a better alternative to the method that SAP recommends?


      • I haven’t worked with Keberos but i have read the documentation. It seems easy to implement. SAPSSOEXT is another alternative and it’s easy to implement (if you know all the steps).