Single Sign-On to Back-End ABAP Systems 

This section summarizes the different scenarios for Single Sign-On (SSO) from an application on an SAP NetWeaver Application Server (AS) Java to back-end ABAP systems. In this configuration a client accesses an application on an AS Java. The application then attempts to access an ABAP system. The user must authenticate themselves on both the AS Java and on the back-end ABAP system.

Each scenario has different prerequisites, for example, the release of the ABAP system or whether the user IDs are the same on the ABAP and Java systems. Use the figure below to determine which method of SSO to use with a specific ABAP system.

 

See also:

●      Accessing Back-End Systems with a Different User ID

 

Scenario 1: Single Sign-On Using Logon Tickets Without User Mapping

This is the preferred SSO method. It ensures authentication with a minimum of configuration. Users must have the same user IDs in the portal as well as in all back-end ABAP systems that are accessed with logon tickets. Do the following:

...

       1.      Configure the portal to issue logon tickets.

This is the default configuration.

More information: Configuring the Portal for SSO with Logon Tickets

       2.      Configure the ABAP back-end system to accept logon tickets.

More information: Configuring Component Systems to Accept Portal Logon Tickets

Scenario 2: Single Sign-On Using Logon Tickets With User Mapping

If users have a different user ID in the ABAP systems than in the AS Java system, define a reference system and map each user's user ID to their ABAP user ID in the reference system. Do the following:

...

       1.      Configure the portal to issue logon tickets.

More information: Configuring the Portal for SSO with Logon Tickets

       2.      Configure the portal for user mapping with logon tickets.

Use the procedure appropriate for your configuration, with or without LDAP directory server.

More information:

○       Configuring User Mapping with Tickets for SSO

○       Using an LDAP Directory for User Mapping with Tickets for SSO

       3.      Configure the ABAP back-end system to accept logon tickets.

More information: Configuring Component Systems to Accept Portal Logon Tickets

       4.      Map users to their back-end user IDs.

You can also have users map themselves.

More information:

○       Configuring User Mappings on the Behalf of Users

○       Setting Portal Preferences

Scenario 3: Single Sign-On Using User ID and Password With User Mapping

Use this method of SSO in the following cases:

●      The ABAP system has release 3.1I.

●      Users have a different user IDs in the different ABAP back-end systems in question.

Configure the system according to the infrastructure required by the application calling the back-end system.

●      Configuring User Mapping with User ID and Password on an AS Java

●      Configuring User Mapping with User ID and Password on a Portal