Issuing SAP Logon Tickets for Multiple Domains (SAP Library

Issuing SAP Logon Tickets for Multiple Domains

Use

Normally the Portal Server issues a single SAP logon ticket for the Internet domain of the Portal Server. For example, if the Portal Server is installed at p12345.mycompany.com, the logon ticket will only be valid for hosts in that domain, such as p54321.mycompany.com. Portal users can only access systems in that domain with Single Sign-On.

In some cases, you may need to provide Single Sign-On to component systems located in multiple domains, for example, if you have a HR system running in your company's headquarters in the domain mycompany.com, and a BW system running in the domain subsidiary.mycompany.ie. To cater for this special case, you can configure the Portal Server to issue logon tickets for multiple domains.

Prerequisites

To issue multiple logon tickets, you need at least one server in each domain running either

Java iView Runtime

a Web server with the Web server filter installed. At present, Web server filters are available for Microsoft Internet Information Server, Apache Web Server, and iPlanet Web Server.

Procedure

Open the usermanagement.properties file at <servlet_engine>\irj\WEB-Inf\plugins\portal\services\usermanagement\data.

Enter a comma-separated list of the hosts, protocols and ports of the servers running in separate domains as follows:

You do not need to enter the domain of the Portal Server.

We strongly recommend that you use the Secure Sockets Layer protocol (SSL) for all communication between Web browsers and servers to ensure a secure exchange of data.

Result

When the user is authenticated on the Portal Server, the client will be sent a SAP logon ticket for each of the domains of the hosts listed in the usermanagement.properties file.

When the user tries to access an application on one of these servers, the browser sends the logon tickets to the server, the server verifies the logon ticket for its domain, and the user is logged on using Single Sign-On.