You have the following options for enabling Single Sign-On with logon tickets to non-SAP systems and applications depending on your exact requirements.
Use this library to enable SSO to Java and C applications programmatically.
Use this filter to enable Single Sign-On (SSO) with logon tickets to Web applications that support authentication with an HTTP header variable.
Use this filter to enable SSO to a Microsoft Web-based application.
The SAPSSOEXT library provides functions that enable non-SAP applications to verify SAP logon tickets and extract the user ID from the logon ticket. The library is coded in C and has a JNI Java interface and a COM (Windows) interface. The library comes with Java, C, and C# sample files that demonstrate how you can implement the library in the source code of a high level programming language such as Visual Basic, C, Java, or .NET.
For more information about platform support, see the download area on SAP Service Marketplace.
Download
From SAP Service Marketplace at service.sap.com/patches → (Downloads tab) → SAP Support Packages →Support Packages and Patches → Entry by Application Group → Additional Components → SAPSSOEXT → <platform> → SAPSSOEXT lib for SAP logon ticket.
Documentation
Documentation is included in the archive file containing the library.
SAP offers an extension of SAPSSOEXT with Web server filters. You can use the filters to implement Single Sign On with logon tickets to Web-based applications that support authentication with an HTTP header variable. The filter verifies the logon ticket using the public-key certificate for the logon tickets. Then the filter extracts the name of the authenticated user from the logon ticket, and writes it into the HTTP header. You specify the name of the HTTP header variable in the remote_user_alias parameter in the filter configuration file.
The Web server filter supports the following Web servers:
Formerly Sun ONE Web Server and iPlanet Web Server
For more information about Web server releases and operating systems supported, see SAP Note 442401.
Documentation
The SSO22KerbMap Module is an ISAPI filter that uses the new delegation features that are available with Microsoft's Kerberos implementation in Windows Server 2003 and Active Directory 2003. The filter securely identifies the user through the SAP logon ticket and requests a constrained Kerberos ticket from Active Directory on behalf of that user. The Kerberos ticket can than be used for SSO to a Microsoft Web-based application.
A typical scenario for this filter is when setting up SSO with logon tickets to Outlook Web Access integrated in SAP NetWeaver Portal.
The filter can be used with the following systems:
Download
From SAP Service Marketplace at service.sap.com/patches → (Downloads tab) → SAP Support Packages → Support Packages and Patches → Entry by Application Group → Additional Components → SAPSSOEXT → Windows Server on IA32 32bit → SSO2 To Kerberos Mapping Filter.
Documentation