Show TOC Anfang des Inhaltsbereichs

Funktionsdokumentation Using Logon Tickets  Dokument im Navigationsbaum lokalisieren

Use

You can use logon tickets to integrate applications running on SAP and non-SAP systems in SSO environments with SSO based on cookie technology.

For this SSO scenario, you configure a system, such as an AS Java, in your landscape to issue digitally signed logon tickets. Users authenticate initially to this system to obtain a logon ticket. After being issued, the logon ticket is stored as a digitally signed cookie in the user’s Web browsers and enables the user to logon transparently to trusting systems in the SSO environment.

Integration

To ensure data integrity and non-repudiation, logon tickets are digitally signed by the issuing system. Therefore, to enable SSO, on the accepting system you must establish a trust relationship to the issuing system. SAP NetWeaver Application Server systems are shipped with the necessary functions and a Personal Storage Environment (PSE) to enable logon ticket verification.

The Trusted Systemsmanagement functions of the SAP NetWeaver Administrator enable you to manage the necessary trust relationships for integrating AS ABAP and AS Java systems in logon ticket-based SSO environments. You can use these functions to facilitate the remote configuration of trust relationships between SAP NetWeaver systems that are registered in System Landscape Directory (SLD) environments.

Hinweis

Logon tickets use cookie technology to save persistency information about the authenticated user on the client. Therefore, for additional security we recommend that you protect the Web client’s cookie cache and employ transport layer security mechanisms such as SSL.

Prerequisites

·        Users must have the same user ID in all of the systems they access using the logon ticket.

·        The Web clients of the application server users must be configured to accept cookies.

·        Systems that accept logon tickets access the issuing server's public-key certificate to verify the digital signature provided with the ticket. SAP NetWeaver application servers (AS ABAP and AS Java) receive a key pair and a self-signed public-key certificate during the installation process.

·        The clocks for the accepting systems are synchronized with the ticket-issuing system. If you do not synchronize the clocks, then the accepting system may receive a logon ticket with an invalid timestamp, which causes an error.

Features

Logon tickets enable you to integrate SAP NetWeaver and non-SAP systems in an SSO environment. To use SSO with logon tickets, you configure a system in your landscape to authenticate users and issue a logon ticket upon successful authentication. Subsequently, users can transparently access systems that accept logon tickets for SSO.

For more information about logon tickets depending on the underlying technology of SAP NetWeaver, see the following topics:

      Using Logon Tickets with AS ABAP

      Using Logon Tickets with AS Java

Activities

You use the Trusted Systems Single Sign-On with SAP Logon Tickets configuration functions in the SAP NetWeaver Administrator to configure logon ticket-based SSO in landscapes with systems supported by the AS ABAP or AS Java technology stacks of SAP NetWeaver.

For more information, see the following sections:

...

       1.      Configure SAP NetWeaver server system to authenticate users and issue logon tickets

                            a.      Configure AS ABAP for issuing logon tickets

                            b.      Configure AS Java for issuing logon tickets

       2.      Configure SAP NetWeaver server system to accept logon tickets

                            a.      Configure AS ABAP to accept logon tickets

                            b.      Configure AS Java to accept logon tickets

 

 

Ende des Inhaltsbereichs