none
How to use SAP SSO token in RFC client call RRS feed

  • Question

  • I am trying to use the SAP adapter (Adapter pack 2.0) to make calls into SAP backends which will accept the SAP SSO Token.  The sample code I have seen are all using the id/password way when making the call. 

    If I have the SSO Token, how do I use it to make a call so that I don't need to set the id/password any more.  Any code sample will be great.

    Thanks.

    Tuesday, February 2, 2010 4:50 PM

Answers

  • you don't have to decrypt anything. This property should be set with the encrypted cookie value.

    Thanks
    Jeevitha
    • Marked as answer by GZLuo Friday, February 12, 2010 5:59 PM
    Friday, February 12, 2010 2:32 PM

All replies

  • Hi,

    Support for SAP logon tickets was added as a  hotfix-
    You can refer to the following KB-

    http://support.microsoft.com/kb/973683
    http://support.microsoft.com/kb/974801

    In this hotfix, the SAP adapter supports logon tickets by providing the following two new binding properties:
    • LogOnTicketType
    • LogOnTicketPassword

    Hope this helps.

    Regards,
    Rohit

    Wednesday, February 3, 2010 6:13 AM
  • Rohit,

    I am aware of these two hot fixes and I have downloaded the 2.0 version.  I do have a problem installing the hot fix though, it does not recognize the installed adapter pack 2.0 for whatever reason but keeps saying can't find the installed adapter pack 2.0.  Well this is a different issue.  What I am really looking for is some sample code as how you will attach a SAP token before calling the RFC.  I did that with user id/password w/o problem.  Just wondering how to achieve the same thing with SSO.

    Thanks.
    Robert
    Thursday, February 4, 2010 3:32 PM
  • For the problem with hotfix installation, I wonder if it is an issue with the windows installer.
    What is the error that you get on installing the fix.

    Can you install the latest windows installer and check if it solves the issue? You can download it from this link

    How are you consuming the adapter? Are you using it in a .Net app using 'Add adapter service reference'?

    If so, you can set the LogonTicketType and LogonTicketPassword binding properties with appropriate values in your app.config.

    Hope this helps!

    Thanks,
    Jeevitha
    Thursday, February 4, 2010 3:51 PM
  • Jeevitha,

    Thanks for the info.  I will try it with this MSI.

    And Yes I am using "Add adapter service reference" and I am going to using it in ASP.NET.  Are you saying I don't need to do anything in the code, just have the LogonTicketType set to "MYSAPSSO2" in my web.config and it will take care of the rest?  And do I have to set "LogonTicketPassword" at the same time?

    Thanks,
    Robert
    Friday, February 5, 2010 4:03 AM
  • The latest MSI version does fix the hotfix installation issue.  Thanks Jeevitha.
    Friday, February 5, 2010 5:42 PM
  • Yes, you should specify the LogonTicketType to MYSAPSSO1 or SSO2 depending upon how you got the ticket and the value of actual ticket in LogonTicketPassword in your web.config. And you dont need to specify anything in your program.

    Thanks
    Jeevitha
    Monday, February 8, 2010 6:48 PM
  • Jeevitha,

    Thanks again for your reply.  I am using MYSAPSSO2, what should I set "LogonTicketPassword" to then?

    Thanks,
    Robert
    Monday, February 8, 2010 8:58 PM
  • Hi Robert,

    LogonTicketPassword should be set with the value of the logon ticket that you get from the sap logon ticket issuer.

    Thanks
    Jeevitha
    Tuesday, February 9, 2010 7:02 PM
  • Jeevitha,

    I need more clarification here.   You did not mean it should be set to the encrypted string of the logon ticket, right?  As this will be different for every user and you can only get it at run time.  Do you mean "LogonTicketPassword" should be set to the name of the parameter that keeps the user's password in that encrypted cookie value?  If so, I need to look it up in SAP's documentation.

    Thanks,
    Robert
    Wednesday, February 10, 2010 4:08 PM
  • you will have to fetch the password from the cookie yourself  and set it the binding parameter.

    Sample code-

     

        ....

                string uri = "sap://client=800@A/SAPSERVER/10";

                TestSAPConnectionUri tscu = new TestSAPConnectionUri(new Uri(uri), true, null, null);

                tscu.UserName = null;

                tscu.Password = null;

     

                SAPBinding b = new SAPBinding();

                b.LogOnTicketType = LogOnTicketType.MySapSSO2;

                b.LogOnTicketPassword = GetLogonTicketPassword(); // this is the method where you have to encapsulte the logic of getting the logon ticket password.

     

                //RfcClient is generated proxy

                RfcClient client = null;

                try

                {

                    SAPConnectionUri sapConnectionUri = new SAPConnectionUri();

                    sapConnectionUri.Uri = tscu.Uri;

     

                    client = new RfcClient(b, new EndpointAddress(sapConnectionUri.Uri.ToString()));

                    client.Open();

      ....



    Sample C++ code for  getting logon ticket from SAP using RFC-SDK

    #define SAPwithUNICODE

     

    #include "saprfc.h"

    #include <stdio.h>

     

     

    void print(  RFC_CHAR* input);

    int main(int argc, char* argv[])

    {

     RFC_ERROR_INFO_EX errorInfo;

     rfc_char_t* connstring = L"ASHOST=ADAPSAP60UC SYSNR=10 CLIENT=800 USER=USER PASSWD=password LANG=EN GETSSO2=1";

     RFC_HANDLE connectionHandle = RfcOpenEx(connstring,

      &errorInfo);

     

     if(connectionHandle == RFC_HANDLE_NULL)

     {

      print(errorInfo.message);

     }

     

     RFC_CHAR* ticket = (RFC_CHAR*)malloc(2048*sizeof(RFC_CHAR));

     RfcGetTicket(connectionHandle, ticket);

     print(ticket);

     RfcClose(connectionHandle);

     

     return 0;

    }

     

    void print(  RFC_CHAR* input)

    {

     int i=0;

     while(input[i]!='\0')

      printf("%c", input[i++]);

     printf("\n");

    }

     

    Thursday, February 11, 2010 8:35 AM
  • Rohit,

    Thanks for the sample code. 

    I am guessing when you said "getting the logon ticket password", you mean the password of the current , which is encrypted inside the SSO token.  If so, this is quite interesting that we have to decrypt the password from inside the SSO token in order for it to work.  This is kind of going against the whole SSO idea, which usually means you don't need the password again.

    Thanks again.
    Robert
    Friday, February 12, 2010 2:41 AM
  • you don't have to decrypt anything. This property should be set with the encrypted cookie value.

    Thanks
    Jeevitha
    • Marked as answer by GZLuo Friday, February 12, 2010 5:59 PM
    Friday, February 12, 2010 2:32 PM
  • Jeevitha,

    This sounds much better.  However, instead of setting the binding in web.config, I think I need to create the binding programatically in order to set the whole encrypted cookie value at run time.

    Thanks,
    Robert
    Friday, February 12, 2010 5:59 PM
  • you will have to fetch the password from the cookie yourself  and set it the binding parameter.

    Sample code-

     

        ....

                string uri = "sap://client=800@A/SAPSERVER/10";

                TestSAPConnectionUri tscu = new TestSAPConnectionUri(new Uri(uri), true, null, null);

                tscu.UserName = null;

                tscu.Password = null;

     

                SAPBinding b = new SAPBinding();

                b.LogOnTicketType = LogOnTicketType.MySapSSO2;

                b.LogOnTicketPassword = GetLogonTicketPassword(); // this is the method where you have to encapsulte the logic of getting the logon ticket password.

     

                //RfcClient is generated proxy

                RfcClient client = null;

                try

                {

                    SAPConnectionUri sapConnectionUri = new SAPConnectionUri();

                    sapConnectionUri.Uri = tscu.Uri;

     

                    client = new RfcClient(b, new EndpointAddress(sapConnectionUri.Uri.ToString()));

                    client.Open();

      ....



    Sample C++ code for  getting logon ticket from SAP using RFC-SDK

    #define SAPwithUNICODE

     

    #include "saprfc.h"

    #include <STDIO.H>

     

     

    void print(  RFC_CHAR* input);

    int main(int argc, char* argv[])

    {

     RFC_ERROR_INFO_EX errorInfo;

     rfc_char_t* connstring = L"ASHOST=ADAPSAP6UC SYSNR=10 CLIENT=800 USER=USER PASSWD=password LANG=EN GETSSO2=1";

     RFC_HANDLE connectionHandle = RfcOpenEx(connstring,

      &errorInfo);

     

     if(connectionHandle == RFC_HANDLE_NULL)

     {

      print(errorInfo.message);

     }

     

     RFC_CHAR* ticket = (RFC_CHAR*)malloc(2048*span style="color:blue">sizeof(RFC_CHAR));

     RfcGetTicket(connectionHandle, ticket);

     print(ticket);

     RfcClose(connectionHandle);

     

     return 0;

    }

     

    void print(  RFC_CHAR* input)

    {

     int i=0;

     while(input[i]!='\0')

      printf("%c", input[i++]);

     printf("\n");

    }

     


    It's very useful, Thanks for your answer! This is what I'm looking for.
    Saturday, August 14, 2010 3:39 AM