Testing Single Sign-On Between the Portal and the ABAP System  

Procedure

...

       1.      Set up your Web browser to prompt for cookies.

If this is not possible, then you can alternatively verify the use of logon tickets in the security log using the Log Viewer. The corresponding log is security.log under Cluster → Server → .\log → system.

       2.      Launch the portal.

       3.      Authenticate yourself as necessary, for example, using user ID and password.

       4.      View the detailed information for each cookie that you receive.

The logon ticket is a cookie with the name MYSAPSSO2.

If you look in the security log of the portal system, you see the entry New SAP Logon Ticket for user <username> has been created.

       5.      Navigate to the Web Dynpro application that you integrated in the portal.

The Web Dynpro application should appear in the portal page without you having to reauthenticate yourself.

If you look in the security log of the Web Dynpro system, you see the entry Ticket verify of user <username> successful.

       6.      The Web Dynpro application should be able to retrieve any data from the ABAP system in the backend.

In the trace files of the ABAP system, you see the entry  usrexist: effective authentification method: mySAP.com logon ticket. (To check the trace files, before accessing the Web Dynpro application in the portal, set the trace level to 2 for security components.)

Possible Reasons Why Single Sign-On Does Not Work

·        The JCo destination is not configured properly in the Web Dynpro Content Administrator.

·        The ABAP system is not configured correctly to accept logon tickets from the portal system.