Re: SSO for ABAP/Java Stacks in Unix Environment
No, SAP SSO product is not free. Neither are the other products which can provide SPNEGO functionality on ABAP stack. You only get SPNEGO on Java for free (from SAP).
View ArticleRe: SSO using ADS in Solman
Thanks all for your help. Notes mentioned in the link given by Siddesh helped to resolve my issue. 1467488 and 352295 . Thanks again. RegardsHM
View ArticleRe: Can't get SSL Authentication to work
Hello Roman, Will that be required when SAP makes a call to web service provider ? I thought, the root certificate chain within SAP PSE will be needed to validate incoming certificates. Regards,Siddhesh
View ArticleSAP Logon Ticket and System Failover
We have a JAVA AS with two Java instances. Also it uses Logon Ticket as authentication method. The SSO sever is IBM Tivoli which will does the user authentication. My understanding is that the Java AS...
View ArticleRe: Can't get SSL Authentication to work
There are two issues that are not visible from the artificially truncated(!!) error details that you quoted initially. (1) you originally had configured your client to use "SSL client Anonymous"...
View ArticleClik here to view.
SPnego ABAP for CRM ICWEB BSP problem after selecting business role
Gurus, We have a trial license for NW SSO 2.0 SP05 We have these versions of SAP: ECC 6.0 EHP6 ABAP AS w NW7.31 SP07CRM 7.0 EHP2 ABAP AS w NW7.31 SP07Pure JAVA AS w NW7.02 SP16 All 3 are AIX 6.1 with...
View ArticleRe: Can't get SSL Authentication to work
Well, we have sent our certificate to the service provider and they have added it to their list of trusted certificates. Isn't that what it needs?
View ArticleLogon Ticket MYSAPSSO2 Validation and session hijacking
My understanding is the accepting SAP Java AS will retrieve cookie information from MYSAPSSO2 and using the certificate from issuing system to authenticate the session. My question is, is JSESSIONID...
View ArticleRe: SAP Logon Ticket and System Failover
An additional note: We should understand that first how the failover works. The cookie does not store any information about the target host, about the client, etc. They hold information about the...
View ArticleRe: SAP Logon Ticket and System Failover
Thanks for the updates but one think I don't quite get here: Logon ticket (MYSAPSSO2 cookie) is used for SSO across several systems, if it contains session information, how the session id can be...
View ArticleRe: SAP Logon Ticket and System Failover
The MYSAPSSO2 cookie contains SAP User ID and SAP Client. It does not contains Session ID. The Session ID is stored in a different cookie.
View ArticleRe: SAP Logon Ticket and System Failover
Thanks for the information. If that's the case, then if I inject a valid MYSAPSSO2 cookie to a totally different session, it will be authenticated automatically, right?So there is a possibility of...
View ArticleRe: Can't get SSL Authentication to work
Hello Martin, thanks for your reply. As response to your 2 points: ad 0) Why truncated? I have c&p'd the whole error message block from the ICM log file here originally. After it has been...
View ArticleClik here to view.
Re: SAP Logon Ticket and System Failover
We cannot discuss what is possible and what isn't in this topic But the best way to keep your system protected against such attacks is to keep it up to date.Please check out this note for example:...
View ArticleRe: Can't get SSL Authentication to work
Matthias, I don't for one moment believe that Martin's "ps" was directed at you. I think it was a general statement pertaining to the variety of responses (mine included no doubt) to your problem. I...
View ArticleRe: Can't get SSL Authentication to work
Hello Matthias, Thank you for that. You have gone on to the next step of validation yourself so that's great. So we see the provider server is able to and willing to talk as long as you provide the...
View ArticleRe: Can't get SSL Authentication to work
Hey Martin,Out of curiosity, how have you determined from the trace excerpt that Matthias initially posted that he was using the SAPSSLA and not SAPSSLC ? Cheers, Amerjit
View ArticleRe: SSO configuration from BOE to HANA
Forgot to mention, The issue was resolved.Certificate Signing Request during SSL setup itself wasn't created properly.
View ArticleRe: Logon Ticket MYSAPSSO2 Validation and session hijacking
Hello Gang, I think the MYSAPSSO2 is used to identify the user and the JSESSIONID is used to decrypt the encrypted communication and hence used to identify the session. if someone gets their hands on...
View Article