Testing Logon Tickets and PAS (SAP Library - Pluggable Authentication Services for External Authentication)

Testing Logon Tickets and PAS

Use

If you do not use the SAP Cryptographic Library as the security product for SNC, then you cannot use the ITS Administration tool to test the logon ticket and PAS configuration. In this case, use the procedure below.

Prerequisites

The corresponding application server and ITS are configured for using SNC, PAS, and for issuing logon tickets.

Procedure

Configure your Web browser to prompt you for accepting session cookies.

Example

For example, for Microsoft Internet Explorer, choose Prompt for session cookies in the local intranet zone.

Access your PAS authentication ticket-issuing application server via the ITS using the corresponding URL.

https://host123.mycompany.com:443/scripts/wgate/<PAS_Service>/!

If necessary, enter your user authentication information (for example, user ID and password for the authenticating mechanism).

If the authentication was successful, you receive several session cookies for the connection and are prompted whether you want to accept these cookies.

View the contents of each of the cookies that you receive. (For Microsoft Internet Explorer, choose More Info.)

If you receive a cookie named MYSAPSSO2, then you have received your logon ticket.

Otherwise, check the AGate’s trace file. See SAP Note 320991 for a list of the possible return codes.

Note

If you are able to log on to the SAP system but did not receive a cookie with the name MYSAPSSO2, then the PAS authentication has worked, but the logon ticket could not be set in the Web browser. This is most likely caused by a DNS domain conflict. Make sure that the Web server exists in the DNS domain and that you are accessing the Web server using the fully-qualified host name.