Single Sign-On to Back-End ABAP Systems

Use

This section summarizes the different scenarios for Single Sign-On (SSO) from an application on SAP NetWeaver Application Server (AS) Java to back-end ABAP systems. In this configuration a client accesses an application on an AS Java. The application then attempts to access an ABAP system. The user must authenticate themselves on both the AS Java and on the back-end ABAP system.

Each scenario has different prerequisites, for example, the release of the ABAP system or whether the user IDs are the same on the ABAP and Java systems. Use the figure below to determine which method of SSO to use with a specific ABAP system.

Figure 1: Flowchart for Deciding the Preferred Method of SSO

For more information, see Accessing Back-End Systems with a Different User ID .

Scenario 1: Single Sign-On Using Logon Tickets Without User Mapping

This is the preferred SSO method. It ensures authentication with a minimum of configuration. Users must have the same user IDs in the portal as well as in all back-end ABAP systems that are accessed with logon tickets.

Configure the portal to issue logon tickets.

This is the default configuration.

For more information, see Configuring the Portal for SSO with Logon Tickets .
Configure the ABAP back-end system to accept logon tickets.

For more information, see Configuring Component Systems to Accept Portal Logon Tickets

Scenario 2: Single Sign-On Using Logon Tickets With User Mapping

If users have a different user ID in the ABAP systems than in the AS Java system, define a reference system and map each user's user ID to their ABAP user ID in the reference system.

Configure the portal to issue logon tickets.

For more information, see Configuring the Portal for SSO with Logon Tickets .
Configure the portal for user mapping with logon tickets.

Use the procedure appropriate for your configuration, with or without LDAP directory server.

For more information, see the following:
- Configuring User Mapping with Tickets for SSO
- Using an LDAP Directory for User Mapping with Tickets for SSO
Configure the ABAP back-end system to accept logon tickets.

For more information, see Configuring Component Systems to Accept Portal Logon Tickets
Map users to their back-end user IDs.

You can also have users map themselves.

For more information, see the following:
- Configuring User Mappings on the Behalf of Users
- Setting Portal Preferences

Scenario 3: Single Sign-On Using User ID and Password With User Mapping

Use this method of SSO in the following cases:

The ABAP system has release 3.1I.
Users have different user IDs in the different ABAP back-end systems in question.

Configure the system according to the infrastructure required by the application calling the back-end system.

For more information, see the following: