You are assigned to a project spread onto hunderds of systems, clients and applications. And hunderds of consultants are involved. If you are responsible for technical infrastructure of this project, what would you do for enabling system access?

Of course portal is the right solution for managing access to such a complicated landscape. All you need is implementing the portal. But, you are already in the implementation phase, no end user in place yet. Your users are consultants and key users, so role based access is not the solution you are looking for.

Imagine an application, runs in the portal, generates URL's for logon to all kind of systems and frontend types. Generating SAPGUI shortcuts, and URL's in the application wil be sufficient.

For SAPGUI shortcut, you have to generate an http response with content type of "application/x-sapshortcut". Content of the response should look like:

<br />Name=<SID><br />Client=<Client><br />GuiParm=<AccessPath><br />[User]<br />Name=<UserName><br />at="MYSAPSSO2=<MYSAPSSO2CookieContent>"<br />Language=<Language><br />[Function]<br />Command=<StartTransaction (e.g. SMEN)><br />Type=Transaction<br />[Configuration]<br />Workplace=true<br />[Options]<br />Reuse=0

Remember to replace items <..>

with their real values. AccessPath in the GuiParm should look like SAP Router String (as an example, for direct application server connection; /H/<Hostname or IP address>/S/<Port (e.g. 3200)>) 

For URL's, you need to send request with MYSAPSSO2 cookie.

Remeber that MYSAPSSO2 cookie is a client side cookie. You may prefer to get MYSAPSSO2 string as a URL parameter into your application.

Needless to say, you have to follow steps in [SAP Online Help | http://help.sap.com/saphelp_nw70ehp1/helpdata/en/8d/903d41b77ba52fe10000000a155106/frameset.htm] for SSO configuration. 

In another weblog I will give some hints for coding this idea as a BSP application.

Enjoy SAP.