You can enable SAP Gateway to trust your SAP Enterprise Portal as the
authentication provider by using the authentication mechanism that has already been
implemented in the portal environment.
Prerequisites
To enable user authentication in
SAP Gateway to use the authentication and
single sign-on (SSO) in the portal ensure that the following prerequisites have been
met:
- The user names in the SAP Gateway system are identical to the user
names in the portal environment. Alternatively, user mapping can be configured
for the portal. For more information, see User Mapping.
- Both the SAP Gateway system and the portal system must belong to the
same domain, DNS. You can also use domain relaxing where the domains differ only
in a sub-domain name. For more information, see SAP Logon Tickets.
Process
The following is an overview of the process for enabling an application to make a
business call through the portal authentication:
- Send an authentication request to the portal using one of the appropriate
authentication options such as Kerberos, form-based or basic authentication. The
portal URL should be explicitly maintained on the application side.
- When successfully authenticated, the application receives the
MYSAPSS02 cookie issued for the
specific user.
- The application should attach the token to the SAP Gateway service
request. If the portal and the SAP Gateway system have
trust relationships, SAP Gateway should accept
the token.