Show TOC

 Testing the Use of Logon TicketsLocate this document in the navigation structure


Because the AS Java always accepts its own tickets, you should use two separate servers to test the use of logon tickets. Configure one as the issuing server and a different one to accept the logon tickets from the first server.

  • You have set up a test application for creating logon tickets.

    If the AS Java is the ticket-issuing server, then you can use one of the example programs provided with the server, such as Hello. The application is deployed on the ticket-issuing AS Java and its login module stack is configured to authenticate the user and then create a logon ticket.

  • You have a test application for testing the use of logon tickets for successive logons to the AS Java. This application is also deployed on the corresponding AS Java and its login module stack configured to accept logon tickets.
  • Your Web browser is configured to prompt for session cookies.

    If you do not set your Web browser to prompt for cookies, then alternatively you can verify the use of logon tickets in the security log using the Log Viewer. The corresponding log is security.log under Cluster → Server → .\log → system.


Testing the Creation of Logon Tickets

  1. Call the test application for creating a logon ticket (such as Hello).
  2. Authenticate yourself as necessary, for example, using user ID and password.

    You receive several cookies.

  3. View the detailed information for each cookie that you receive.

    The logon ticket is a cookie with the name MYSAPSSO2.

    The message New SAP Logon Ticket for user <user_ID> has been created. in the security log indicates that the logon ticket has been created successfully for the user.

Testing the Use of Logon Tickets for Successive Access

Using the same Web browser as you used for the first test, access the test application for using logon tickets.

You should receive access to the application without having to authenticate yourself. If you are not allowed access, then Single Sign-On using logon tickets is not set up correctly.

The message Ticket verify of user <user_ID> successful. in the security log indicates that the logon ticket was used for authentication on the server.

Possible Reasons for Unsuccessful Single Sign-On

  • The application used for accepting logon tickets does not reside in the same DNS domain as the application that issued the logon ticket.
  • The login module stacks are not set up correctly.