Skip to Content

There was a requirement in 2004-2005 for me to perform SSO from SAP J2EE to Non-SAP Java Application and there sure was an article to support the same which later disappeared.

But I had struggled a while before I could get that to work with base64 encode/decode issues etc…

I finally managed to fix all issues and was able to implement it.

I raised query on forum http://scn.sap.com/thread/19345 in 2005 to get some help but couldn’t get any help.

Later on, there were quite a number of queries and interest on the same which had me interested to write a blog but never made it until now…

Hopefully I remember the steps I did to crack it all…fingers crossed.

Here are the steps:

  1. Installing the Libraries :
    1. UNIX: Copy the libraries libsapsecu.so, libsapssoext.so in classpath or copy them to the path pointed by the environment variable LD_LIBRARY_PATH or in the lib folder of the application itself.
    2. WINDOWS: Use corresponding DLL files.
    3. The latest libraries can be downloaded from SAP Service Marketplace (http://service.sap.com)
  2. Installing the certificate :
    1. The certificate (.pse file) from the concerned Portal Server has to be copied to a location in the server where the Non-SAP Web Application is deployed, with proper read permissions.

     

  1. Using the code SSO2Ticket.class & ssosample_custom.jsp:
    1. The SSO2Ticket.class has to be placed in the Application where accessible by JSP.
    2. Modify the ssosample_custom.jsp to specify the path of the .pse file.
    3. Place the ssosample_custom.jsp or the code in it where necessary to pick the userID and thus allow the user access.
  2. Make sure both the servers are in the same domain.

Here’s the sample JSP that was in that article…which I modified for my use.

==================================================================================================================

<!–

/************************************************************************/
/*
*  (C) Copyright 2000 SAP AG Walldorf
*
* Author:  Kai Ullrich
*
* SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
* EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
* OF THIS SOFTWARE.
*/

This is a sample implementation that demonstrates the use of the mySAP.com
logon ticket in a Java Web application. This jsp file can be used as
reference implementation for your own jsp/servlet implementation.

–>

<html>
<head>
<title>mySAP.com logon ticket sample verifier</title>
<body>
<%@ page import=”com.mysap.sso.SSO2Ticket” %>
<!– Only Java 1.2 –>
<%@ page import=”java.security.*” %>
<%@ page import=”java.io.*” %>
<%@ page import=”java.lang.Math.*”%>
<%@ page import=”java.util.Date”%>

<%  Cookie[] all_Cookies = request.getCookies ();
     String   ticket      = “”;
    int      i           = 0;
    for (i=0; i<all_Cookies.length; i++) {
        //Get MYSAPSSO2 cookie from request context…
        if (“MYSAPSSO2”.equals (all_Cookies[i].getName ())) {
            ticket = all_Cookies[i].getValue ();
            break;
        }
    }
    //If no ticket present we output an error page
    if (“”.equals(ticket)) {
%>
<h1>Error</h1><p>No mySAP.com logon ticket found.
<p>Description: You get this Error because yo uare trying to access this page without using the fully qualified domain name in the URL.<br>
<p>Solution: Use the complete URL to access the page. <font color=blue>http://myportal.mydomain.com/</font>.
<%
    }
    else {
%>
<p>
<p>
<%      Object [] o;
        o=null;
        try {
            // Validate logon ticket.
          //  System.out.println (o.toString());
          //    out.write(ticket);
  String x =”/etc/verify_portal.pse”;
  o = SSO2Ticket.evalLogonTicket(ticket,x, null);
           
  //System.out.println (o.toString());
        } catch (Exception e) {
%>
   An error occured. The error message is <b><i><%= e.toString () %></b></i>
<%      } catch (Throwable te) { %>
   An error occured. The error message is <b><i><%= te.toString () %></b></i>
<%      }
        String user   = (String)o[0]; //First element is the SAP system user
        //String Sysid  = (String)o[1]; //Second element is the id of the issuing system
        //String Client = (String)o[2]; //Third element is the client of the issuing system
        //byte[] cert_;

        //The forth element is the certificate in byte
        //representation, to get its contents we need
        //to first convert it into a cert structure
        //X509Certificate cert=null;
        //if (o.length == 4) {
        //   cert_ = (byte[]) o[3];
        //    CertificateFactory cf = CertificateFactory.getInstance(“X.509”);
        //    cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(cert_));
        //}
        //else {
         //   cert = null;
        //} 
%>
UserID from Portal ==> <%=user%>

<% } %>
</body>
</html>
   

==================================================================================================================

Java class from the article for resolving the ticket:

==================================================================================================================

package com.mysap.sso;

/**
* This class provides wrapper functionality for SSO2Ticket (SAP Logon Ticket) in Java.
*
* @version 1.0 30.11.2000
*
*/

public class SSO2Ticket
{
    private static boolean initialized = false;
    public static String SECLIBRARY ;
    public static String SSO2TICKETLIBRARY = “sapssoext”;
   
    static {
        if (System.getProperty(“os.name”).startsWith(“Win”))  {
            SECLIBRARY = “sapsecu.dll”;
        } else {
            SECLIBRARY = “libsapsecu.so”;
        }
        try {
            System.loadLibrary(SSO2TICKETLIBRARY); 
            System.out.println(“Lib geladen.”);
            if ( init (SECLIBRARY) ) {
                System.out.println (“SSO2TICKET initialized successful !”);
                System.out.println (“version: “+getVersion());
            } else {
                System.out.println (“Implementation of JNI mysapsso2 not loaded. “);
            }
        } catch (Throwable e) {
            System.out.println (“Error during initialization of SSO2TICKET\n”);
        }
        System.out.println(“static beendet.\n”);
    }

   
    /**
     * Initialization
     *
     * @param seclib location of ssf-implemenation
     *
     * @return true/false whether initailisation was ok
     */
    private static native synchronized boolean init(String seclib);

    /**
     * Returns internal version.
     *
     * @return version
     */
    public static native synchronized String getVersion();
   
    /**
     * eval ticket
     *
     * @param ticket        the ticket
     * @param pab           location of pab
     * @param pab_password  password for access the pab
     *
     * @return [0] = (String)user, [1] = (String)sysid, [2] = (String)client , [3] = (byte[])certificate
     * 
     */
   
    public static native synchronized Object [] evalLogonTicket(
                                                                String ticket,
                                                                String pab,
                                                                String pab_password)
        throws Exception;
   

    /**
     * creates ticket.
     *
     *
     * @return the ticket
     * 
     */
       
    public static void main(String[] args) throws Exception
    {
        System.out.println(“start SSO2TICKET main”);
       
        System.out.println(“————– test version ————–“);
        String version =SSO2Ticket.getVersion();
        System.out.println(version);
       
       
        String ticket =
                       “AjExMDABAAZtZWllcnQCAAMwMDADAANTWVMEAAwyMDAwMDUxOTA5MzQFAAQAAAA8/wOzMIIDrwYJKoZ”+
                       “IhvcNAQcCoIIDoDCCA5wCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAnAwggJsMIICKqADAgE”+
                       “CAgECMAkGByqGSM44BAMwUjELMAkGA1UEBhMCREUxHDAaBgNVBAoTE215U0FQLmNvbSBXb3JrcGxhY2U”+
                       “xJTAjBgNVBAMTHG15U0FQLmNvbSBXb3JrcGxhY2UgQ0EgKGRzYSkwHhcNMDAwMzAzMDkzMDI4WhcNMDE”+
                       “wMzAzMDkzMDI4WjBMMQswCQYDVQQGEwJERTEcMBoGA1UEChMTbXlTQVAuY29tIFdvcmtwbGFjZTERMA8″+
                       “GA1UECxMIU0FQIFRlc3QxDDAKBgNVBAMTA0JJTzCB8DCBqAYHKoZIzjgEATCBnAJBAIUhUK/80ln3Iaz”+
                       “CLY30CBmqHZD4579VymFF3ESL/fKmVnXRPrHKxCr75L7!Is6tGx8rqz4jSwE6FpQ5SRhkIQcCFQD!9gv”+
                       “4ReBb/OQ9!GrfqKvK!VAJ1QJAHduN/Kzefal4ue30e93f24P!V/3jNG8KBtESPlu7GyV/bgLvq6XAN2n”+
                       “/h9nxE15gYb/qopAoebFHk1rtE0J1pQNDAAJAf8Xhf/D3CJVP7AKQD3e0Pm62Izy83bg20hCNrtbxEDG”+
                       “Ziy2nz3A9CRuVWk8T!DUVMTAROhg4VMFwxU0zHWYgG6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8″+
                       “EBAMCBsAwHQYDVR0OBBYEFNkcORgS3JOTD4zF68vlEntB/5ZkMB8GA1UdIwQYMBaAFJ!C34R25VEzmgj”+
                       “RN73NXQYp/6jRMAkGByqGSM44BAMDMQAwLgIVAMw9sjb5nVtKJbWkRRJ6IDWifvaIAhUAg7cvLs9HQg5″+
                       “oalQwTTY8IEBKC/wxggEHMIIBAwIBATBXMFIxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNteVNBUC5jb20″+
                       “gV29ya3BsYWNlMSUwIwYDVQQDExxteVNBUC5jb20gV29ya3BsYWNlIENBIChkc2EpAgECMAkGBSsOAwI”+
                       “aBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMDA1MTkwOTM0Mzh”+
                       “aMCMGCSqGSIb3DQEJBDEWBBRMpKh0Y/v8Ou57K7PN4G1ViXXIuTAJBgcqhkjOOAQDBDAwLgIVAPaINUO”+
                       “OnKNyt!/Milxv!8PLtY1mAhUA3wvDjDbsI7yzx8xYAC1zJQIe5n0=”;
       

        try {
            Object o[] = evalLogonTicket(ticket, “SAPdefault”, null);
            System.out.println(“The User ID is:          ” + (String)o[0]);
            System.out.println(“Issuing System (Sysid) : ” + (String)o[1]);
            System.out.println(“Issuing System (Client): ” + (String)o[2]);
            if (o[3] != null) System.out.println(o[3]);
        } catch (Exception e) {
            System.out.println(e);
        } catch (Throwable te) {
              System.out.println(te);
        }
 
  //Here  

    }
}

==================================================================================================================

Good luck 😎

JP

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply