Microsoft Internet Information
Server 
Use
This procedure describes how to add a filter to an application running with Microsoft Internet Information Server (IIS). This filter has two functions:
· Enable the application to support Single Sign-On with SAP logon tickets from the Enterprise Portal
· Provide logon tickets for multiple domains. For more information, see Issuing SAP Logon Tickets for Multiple Domains.
Procedure
...
1. Install iis_sso.dll as the global ISAPI filter wp in the Web server.
For details on where to find iis_sso.dll, see SAP Note 0442401.
2. Create a text file called verify.properties in the same directory of the Web server as iis_sso.dll.
3. Copy verify.pse from the Portal Server to the Web server.
This is only necessary if the Web server of the non-SAP application is installed on a different machine to the Portal Server.
You can find verify.pse at <servlet_engine>\irj\WEB-Inf\plugins\portal\services\usermanagement\data.
4. In the file verify.properties, set the following parameters:
|
Set the parameter |
To the value |
Comment |
|
log_file |
<path> |
Specify the full path of a log file |
|
log_level |
0, 1, 2 or 3 |
These are the log
levels. |
|
remote_user_alias |
<value of the http variable to be added> |
Name of the header variable in which the filter writes the authenticated user. Make sure not to use a <SPACE> in the name |
|
application |
sap or portal |
Specifies whether the filter is to extract the SAP user ID or the portal user ID from the SAP logon ticket |
|
pse_file |
<path> |
Specify the full path of the verify.pse file, which contains the digital certificate of the Portal Server. |
5. Restart the Web server.
Result
Any HTTP request to the Web server that includes a logon ticket will be filtered by the shared library.