Using SAP NetWeaver Portal as an Authentication Provider
You can enable SAP Gateway to trust your SAP NetWeaver Portal as the authentication provider; by using the authentication mechanism that has already been implemented in the portal environment.
To enable user authentication in SAP Gateway to use the authentication and single sign-on (SSO) in the portal, make sure that, you have met the following requirements:
The user names in the SAP Gateway system are identical to the user names in the portal environment.
Alternatively, User Mapping can be configured for the portal. For more information go to: https://help.sap.com/saphelp_nw70ehp1/helpdata/en/f8/3b514ca29011d5bdeb006094191908/frameset.htm.
Both the SAP Gateway system and the portal system belong to the same domain, DNS.
You can also use domain relaxing where the domains differ, only in a sub-domain name.
For more information see, SAP Logon Tickets at:https://help.sap.com/saphelp_nw04//helpdata/en/5e/473d4124b08739e10000000a1550b0/content.htm
SAP Gateway trusts the tokens issued by the portal.
For more information see, Configuring a Trust Relationship for SAP Assertion Tickets at:https://help.sap.com/SAPHELP_NW04S/helpdata/en/45/341a2176b74002e10000000a155369/content.htm
The following is an overview of the process for enabling an application to make a business call through the portal authentication:
Send an authentication request to the portal using one of the appropriate authentication options, such as, Kerberos, form-based, or basic authentication.
The portal URL should be explicitly maintained on the application side.
When successfully authenticated, the application receives MYSAPSSO2 cookie issued for the specific user.
The application should attach the token to the SAP Gateway service request.
If the portal and the SAP Gateway have trust relationships, SAP Gateway should accept the token.