Apache Web Server 

Use

This procedure describes how to add a filter to an application running with Apache Web Server. This filter has two functions:

·       Enable the application to support Single Sign-On with SAP logon tickets from the Enterprise Portal

·       Provide logon tickets for multiple domains. For more information, see Issuing SAP Logon Tickets for Multiple Domains.

 

Procedure

The library used for Apache Web Server is called mod_sapsso.dll. For details on where to find mod_sapsso.dll, see SAP Note 0442401.

...

      1.      Copy the library mod_sapsso.dll to a suitable location on the Web server and create a file calledverify.properties.

      2.      Copy verify.pse from the Portal Server to the Web server.

This is only necessary if the Web server of the non-SAP application is installed on a different machine to the Portal Server.

You can find verify.pse at <servlet_engine>\irj\WEB-Inf\plugins\portal\services\usermanagement\data.

      3.      Add the following directives to http.conf, which is the configuration file for the Apache Web Server:

In the LoadModule section:

LoadModule ModuleAccessCookie <path to lib>/mod_sapsso.<dll|so>

In the AddModule section:

AddModule mod_sapsso.cpp

and as directive for initialization:

SAPSSOInitialize "<path>/verify.properties"

      4.      Add the following directive to httpd.conf, which configures the checking of the ticket per directory:

<Directory "/<path to check>">

AccessDirectory

</Directory>

 

AddHandler "/irj/servlet/prt/portal/prtroot/InitialLogonSupport.default" SendTeachCookie

      5.      In the file verify.properties, set the following parameters:

Set the parameter

To the value

Comment

log_file

<path>

Specify the full path of a log file

log_level

0, 1, 2 or 3

These are the log levels.
0 - no logs written to the file
1 - Only errors are written to the file
2 - Errors and warnings are written to the file
3 - All information is written to the file

remote_user_alias

<value of the http variable to be added>

Name of the header variable in which the filter writes the authenticated user. Make sure not to use a <SPACE> in the name

application

sap or portal

Specifies whether the filter is to extract the SAP user ID or the portal user ID from the SAP logon ticket

pse_file

<path>

Specify the full path of the verify.pse file, which contains the digital certificate of the Portal Server.

      6.      Restart the Web server.

 

Result

Any HTTP request to the Web server that includes a logon ticket will be filtered by the shared library.