Logging On to SAP Web Application Server 

Uses

You can specify for every ICF service what logon procedure must be used to execute it. For information on how to do this using transaction SICF and what to look out for, see Anonymous Logon.

If a client is connected to SAP Web Application Server, and if this URL has a service (Creating an ICF Service), the system first checks whether Logon data mandatory (set under Anonymous Logon) or Client certificate with SSL (set under Security Requirements) is required. These logon types are mutually exclusive. Whichever one of them is closest to the root node on the path pointing to the desired service remains valid. (See below for example.)

• If Logon data mandatory is valid, the logon procedure uses the anonymous logon data set for this service. The attribute AUTHENTICATION_METHOD, which belongs to IF_HTTP_SERVER is set to AUTHMETHOD_SERVICE.
• If Client certificate with SSL is valid, this is used for the logon procedure. The attribute AUTHENTICATION_METHOD, which belongs to IF_HTTP_SERVER is set to AUTHMETHOD_ CERTIFICATE.

1. Logon using HTTP fields (HTTP header fields or form fields): The fields are: sap-language, sap-client, sap-user, sap-alias, and sap-password. (If sap-user is specified, sap-alias is then unimportant, see Basic Authentication.) The attribute AUTHENTICATION_METHOD, which belongs to IF_HTTP_SERVER is set to AUTHMETHOD_FIELD.
2. Logon using SSP ticket (MYSAPSSO2 cookie field). If no logon data is transferred as form fields or header fields, the system then tries to log on using an SSO ticket. For this to be possible, the cookie field MYSAPSSO2 must be set. The attribute AUTHENTICATION_METHOD, which belongs to IF_HTTP_SERVER is set to AUTHMETHOD_SSO.
3. Logon using Basic Authentication. If the request contains the header field for Basic Authentication, the user name is interpreted either as a standard SAP user (default) or as an Internet user (user name alias, see transaction SU01), depending on the settings made under Basic Authentication. The attribute AUTHENTICATION_METHOD, which belongs to IF_HTTP_SERVER is set to AUTHMETHOD_BASIC.
4. Logon using SAP logon. This is a normal logon procedure using client, user, password, and logon language. This method is used primarily between SAP Systems, and not so much for logon via a Web browser. A header field is also used to indicate that this logon method should be used. The attribute AUTHENTICATION_METHOD, which belongs to IF_HTTP_SERVER is set to AUTHMETHOD_SAP.
5. Logon using client certifiate (HTTPS and certificate). In this case, the system attempts to log on the user using a client certificate and SSL. Prerequisites for this are that the corresponding header field is set, the HTTPS connection is configured, and the client certificate is available. The attribute AUTHENTICATION_METHOD, which belongs to IF_HTTP_SERVER is set to AUTHMETHOD_CERTIFICATE.
6. Of none of these methods is possible because the request does not contain any information regarding logon procedure, the default logon procedure is used. Logon via service user account. If you have maintained the Anonymous Logon Data, the logon procedure uses this user name, client, and logon language. If you have not entered any data for an anonymous user, HTTP response 401 is sent back. If you are using a Web browser, this response is displayed in a popup. The user can then log on to the SAP System using HTTP Basic Authentication on this popup. The default client and logon language of the user in question are used. The attribute AUTHENTICATION_METHOD, which belongs to IF_HTTP_SERVER is set to AUTHMETHOD_SERVICE.

Determining the Logon Language describes how the logon language is determined.

An example of choosing the logon procedure is given in Anonymous Logon Data.