Using SAP Enterprise Portal as an Authentication Provider
You can enable SAP Gateway to trust your SAP Enterprise Portal as the authentication provider by using the authentication mechanism that has already been implemented in the portal environment.
Prerequisites
To enable user authentication in SAP Gateway to use the authentication and
single sign-on (SSO) in the portal ensure that the following prerequisites have been
met:
- The user names in the SAP Gateway system are identical to the user names in the portal environment. Alternatively, user mapping can be configured for the portal. For more information, see User Mapping.
- Both the SAP Gateway system and the portal system must belong to the same domain, DNS. You can also use domain relaxing where the domains differ only in a sub-domain name. For more information, see SAP Logon Tickets.
- SAP Gateway trusts the tokens issued by the portal. For more information, see Configuring a Trust Relationship for SAP Assertion Tickets.
Process
The following is an overview of the process for enabling an application to make a
business call through the portal authentication:
- Send an authentication request to the portal using one of the appropriate authentication options such as Kerberos, form-based or basic authentication. The portal URL should be explicitly maintained on the application side.
- When successfully authenticated, the application receives the MYSAPSS02 cookie issued for the specific user.
- The application should attach the token to the SAP Gateway service request. If the portal and the SAP Gateway system have trust relationships, SAP Gateway should accept the token.