Show TOC Start of Content Area

Procedure documentation Testing the Use of Logon Tickets  Locate the document in its SAP Library structure

Use

Because the J2EE Engine always accepts its own tickets, to test the use of logon tickets, you should use two separate servers. Configure one as the issuing server and a different one to  accept the logon tickets from the first server.

Prerequisites

·        You have set up a test application for creating logon tickets.

If the J2EE Engine is the ticket-issuing server, then you can use one of the example programs provided with the server, for example, Hello. The application is deployed on the ticket-issuing J2EE Engine and its login module stack is configured to authenticate the user and then create a logon ticket.

·        You have a test application for testing the use of logon tickets for successive logons to the J2EE Engine. This application is also deployed on the corresponding J2EE Engine and its login module stack configured to accept logon tickets.

·        Your Web browser is configured to prompt for session cookies.

Note

If you do not set your Web browser to prompt for cookies, then you can alternatively verify the use of logon tickets in the security log using the Log Viewer. The corresponding log is security.log under Cluster Server .\log system.

Procedure

Testing the Creation of Logon Tickets

...

       1.      Call the test application for creating a logon ticket (for example, Hello).

       2.      Authenticate yourself as necessary, for example, using user ID and password.

You receive several cookies.

       3.      View the detailed information for each cookie that you receive.

The logon ticket is a cookie with the name MYSAPSSO2.

Note

The message New SAP Logon Ticket for user <user_ID> has been created. in the security log indicates that the logon ticket has been created successfully for the user.

Testing the Use of Logon Tickets for Successive Access

Using the same Web browser as you used for the first test, access the test application for using logon tickets.

You should receive access to the application without having to authenticate yourself. If you are not allowed access, then Single Sign-On using logon tickets is not set up correctly.

Note

The message Ticket verify of user <user_ID> successful. in the security log indicates that the logon ticket was used for authentication on the server.

Possible Reasons for Unsuccessful Single Sign-On

·        The application used for accepting logon tickets does not reside in the same DNS domain as the application that issued the logon ticket.

·        The login module stacks are not set up correctly.

 

 

End of Content Area