Tuesday, June 28

Single Sign On for Non-SAP Applications

Single sign on is possible for external applications also. By external applications, I mean non sap Application. So the scenario is that a user wants to logon to a non sap application from SAP EP without entering user ID and password. Is this possible? The answer is yes. This is possible by implementing SSO for external usage.
There are 2 ways to implement SSO for external usage.
The Dynamic link library SAPSSPEXT is a very intelligent library. It can extract user id and password from the logon ticket issued by SAP EP. So by using this library logon to external or non sap applications is possible. This library has 2 interfaces viz: JNI  Java  Interface and a COM(Windows) interface. It is available to be downloaded on the sap service marketplace.
Now suppose you have a non-sap applications which is web based and it supports authentication using a HTTP header variable, Web Server Filter method of single sign on is the best for you. This filter studies the logon ticket using a public-key certificate and tries to extract the name of the authenticated user from the logon ticket. This name is then written in the HTTP header variable. Thats it !
Only few web servers support this method of logon. Some of them are Apache Web Server, Microsoft Internet Information Server (IIS), Sun Java System Web Server.

No comments:

Post a Comment

You are welcome to express your views here...