Using Single Sign-On (SSO), users can authenticate themselves once and then log on to all of those systems that operate in the Single Sign-On environment without further intervention. This is based on the use of an HTTP cookie ( MYSAPSSO2 cookie or logon ticket) that stores the user's identity.
Once the user has been authenticated, and if the server is appropriately configured, a logon ticket that is typically valid for the complete domain is set. The server can also be configured to set the cookie to be returned only to the specific server. Now, on all subsequent HTTP requests, the browser sends the cookie with the HTTP request. The targeted server can use the information within the cookie as credentials to authenticate the user.
SAP NetWeaver Business Client (NWBC) is a shell that can start different content areas, based on different UI technologies, for example, SAP GUI or HTML. Each of these content types has its own communication channel to the underlying server and needs authentication information to access the server. To pass authentication information securely from the shell to the different content types, you must configure the server to use logon tickets (MYSAPSSO2 cookies) or assertion tickets. Logon tickets also enable NWBC to start applications against multiple systems and multiple clients.
The activation and correct configuration of logon tickets is a prerequisite for using NWBC with any server.
It is important for NWBC that all users must be dialog users, which can be configured in transaction User Maintenance ( SU01). This is a prerequisite for NWBC to enable the HTTP framework to issue a logon ticket and to enable NWBC to display transactions based on SAP GUI.
Testing Logon Tickets with a Browser
Log on to a test system with a browser. If logon tickets are configured incorrectly, the following error message appears, which means that there is still a configuration error:
SSO logon not possible; browser logon ticket cannot be accepted
To log on, choose Log On and enter your user name and password in the usual logon screen that appears.
Testing Logon Tickets with NWBC
Log on to a test system with NWBC. In the usual logon screen , enter your user name and password and choose Log On. If logon tickets are configured incorrectly, an error message appears indicating that you need to check your SSO2 configuration settings.
These restrictions show that in a scenario without a logon ticket one authentication is needed per system and per client. For more information about how to avoid manual logon steps, see 7.2 Use of Digital Certificates. You need to test a certificate-based logon against each system and client in the browser first. It works for NWBC only if it works in Microsoft Internet Explorer.
For more information, see SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/nw74. Under Security Information, open Security Guide and choose .