SSO from SAPJ2EE to Non-SAP Java/J2EE Applications
There was a requirement in 2004-2005 for me to perform SSO from SAP J2EE to Non-SAP Java Application and there sure was an article to support the same which later disappeared.
But I had struggled a while before I could get that to work with base64 encode/decode issues etc…
I finally managed to fix all issues and was able to implement it.
I raised query on forum https://scn.sap.com/thread/19345 in 2005 to get some help but couldn’t get any help.
Later on, there were quite a number of queries and interest on the same which had me interested to write a blog but never made it until now…
Hopefully I remember the steps I did to crack it all…fingers crossed.
Here are the steps:
- Installing the Libraries :
- UNIX: Copy the libraries libsapsecu.so, libsapssoext.so in classpath or copy them to the path pointed by the environment variable LD_LIBRARY_PATH or in the lib folder of the application itself.
- WINDOWS: Use corresponding DLL files.
- The latest libraries can be downloaded from SAP Service Marketplace (https://service.sap.com)
- Installing the certificate :
- The certificate (.pse file) from the concerned Portal Server has to be copied to a location in the server where the Non-SAP Web Application is deployed, with proper read permissions.
- Using the code SSO2Ticket.class & ssosample_custom.jsp:
- The SSO2Ticket.class has to be placed in the Application where accessible by JSP.
- Modify the ssosample_custom.jsp to specify the path of the .pse file.
- Place the ssosample_custom.jsp or the code in it where necessary to pick the userID and thus allow the user access.
- Make sure both the servers are in the same domain.
Here’s the sample JSP that was in that article…which I modified for my use.
==================================================================================================================
<!–
/************************************************************************/
/*
* (C) Copyright 2000 SAP AG Walldorf
*
* Author: Kai Ullrich
*
* SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
* EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
* OF THIS SOFTWARE.
*/
This is a sample implementation that demonstrates the use of the mySAP.com
logon ticket in a Java Web application. This jsp file can be used as
reference implementation for your own jsp/servlet implementation.
–>
<%@ page import=”com.mysap.sso.SSO2Ticket” %>
<!– Only Java 1.2 –>
<%@ page import=”java.security.*” %>
<%@ page import=”java.io.*” %>
<%@ page import=”java.lang.Math.*”%>
<%@ page import=”java.util.Date”%>
<% Cookie[] all_Cookies = request.getCookies ();
String ticket = “”;
int i = 0;
for (i=0; i<all_Cookies.length; i++) {
//Get MYSAPSSO2 cookie from request context…
if (“MYSAPSSO2”.equals (all_Cookies[i].getName ())) {
ticket = all_Cookies[i].getValue ();
break;
}
}
//If no ticket present we output an error page
if (“”.equals(ticket)) {
%>
Error
No mySAP.com logon ticket found.
Description: You get this Error because yo uare trying to access this page without using the fully qualified domain name in the URL.
Solution: Use the complete URL to access the page. https://myportal.mydomain.com/.
<%
}
else {
%>
<% Object [] o;
o=null;
try {
// Validate logon ticket.
// System.out.println (o.toString());
// out.write(ticket);
String x =”/etc/verify_portal.pse”;
o = SSO2Ticket.evalLogonTicket(ticket,x, null);
//System.out.println (o.toString());
} catch (Exception e) {
%>
An error occured. The error message is <%= e.toString () %>
<% } catch (Throwable te) { %>
An error occured. The error message is <%= te.toString () %>
<% }
String user = (String)o[0]; //First element is the SAP system user
//String Sysid = (String)o[1]; //Second element is the id of the issuing system
//String Client = (String)o[2]; //Third element is the client of the issuing system
//byte[] cert_;
//The forth element is the certificate in byte
//representation, to get its contents we need
//to first convert it into a cert structure
//X509Certificate cert=null;
//if (o.length == 4) {
// cert_ = (byte[]) o[3];
// CertificateFactory cf = CertificateFactory.getInstance(“X.509”);
// cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(cert_));
//}
//else {
// cert = null;
//}
%>
UserID from Portal ==> <%=user%>
<% } %>
==================================================================================================================
Java class from the article for resolving the ticket:
==================================================================================================================
package com.mysap.sso;
/**
* This class provides wrapper functionality for SSO2Ticket (SAP Logon Ticket) in Java.
*
* @version 1.0 30.11.2000
*
*/
public class SSO2Ticket
{
private static boolean initialized = false;
public static String SECLIBRARY ;
public static String SSO2TICKETLIBRARY = “sapssoext”;
static {
if (System.getProperty(“os.name”).startsWith(“Win”)) {
SECLIBRARY = “sapsecu.dll”;
} else {
SECLIBRARY = “libsapsecu.so”;
}
try {
System.loadLibrary(SSO2TICKETLIBRARY);
System.out.println(“Lib geladen.”);
if ( init (SECLIBRARY) ) {
System.out.println (“SSO2TICKET initialized successful !”);
System.out.println (“version: “+getVersion());
} else {
System.out.println (“Implementation of JNI mysapsso2 not loaded. “);
}
} catch (Throwable e) {
System.out.println (“Error during initialization of SSO2TICKET
”);
}
System.out.println(“static beendet.
”);
}
/**
* Initialization
*
* @param seclib location of ssf-implemenation
*
* @return true/false whether initailisation was ok
*/
private static native synchronized boolean init(String seclib);
/**
* Returns internal version.
*
* @return version
*/
public static native synchronized String getVersion();
/**
* eval ticket
*
* @param ticket the ticket
* @param pab location of pab
* @param pab_password password for access the pab
*
* @return [0] = (String)user, [1] = (String)sysid, [2] = (String)client , [3] = (byte[])certificate
*
*/
public static native synchronized Object [] evalLogonTicket(
String ticket,
String pab,
String pab_password)
throws Exception;
/**
* creates ticket.
*
*
* @return the ticket
*
*/
public static void main(String[] args) throws Exception
{
System.out.println(“start SSO2TICKET main”);
System.out.println(“————– test version ————–“);
String version =SSO2Ticket.getVersion();
System.out.println(version);
String ticket =
“AjExMDABAAZtZWllcnQCAAMwMDADAANTWVMEAAwyMDAwMDUxOTA5MzQFAAQAAAA8/wOzMIIDrwYJKoZ”+
“IhvcNAQcCoIIDoDCCA5wCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAnAwggJsMIICKqADAgE”+
“CAgECMAkGByqGSM44BAMwUjELMAkGA1UEBhMCREUxHDAaBgNVBAoTE215U0FQLmNvbSBXb3JrcGxhY2U”+
“xJTAjBgNVBAMTHG15U0FQLmNvbSBXb3JrcGxhY2UgQ0EgKGRzYSkwHhcNMDAwMzAzMDkzMDI4WhcNMDE”+
“wMzAzMDkzMDI4WjBMMQswCQYDVQQGEwJERTEcMBoGA1UEChMTbXlTQVAuY29tIFdvcmtwbGFjZTERMA8″+
“GA1UECxMIU0FQIFRlc3QxDDAKBgNVBAMTA0JJTzCB8DCBqAYHKoZIzjgEATCBnAJBAIUhUK/80ln3Iaz”+
“CLY30CBmqHZD4579VymFF3ESL/fKmVnXRPrHKxCr75L7!Is6tGx8rqz4jSwE6FpQ5SRhkIQcCFQD!9gv”+
“4ReBb/OQ9!GrfqKvK!VAJ1QJAHduN/Kzefal4ue30e93f24P!V/3jNG8KBtESPlu7GyV/bgLvq6XAN2n”+
“/h9nxE15gYb/qopAoebFHk1rtE0J1pQNDAAJAf8Xhf/D3CJVP7AKQD3e0Pm62Izy83bg20hCNrtbxEDG”+
“Ziy2nz3A9CRuVWk8T!DUVMTAROhg4VMFwxU0zHWYgG6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8″+
“EBAMCBsAwHQYDVR0OBBYEFNkcORgS3JOTD4zF68vlEntB/5ZkMB8GA1UdIwQYMBaAFJ!C34R25VEzmgj”+
“RN73NXQYp/6jRMAkGByqGSM44BAMDMQAwLgIVAMw9sjb5nVtKJbWkRRJ6IDWifvaIAhUAg7cvLs9HQg5″+
“oalQwTTY8IEBKC/wxggEHMIIBAwIBATBXMFIxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNteVNBUC5jb20″+
“gV29ya3BsYWNlMSUwIwYDVQQDExxteVNBUC5jb20gV29ya3BsYWNlIENBIChkc2EpAgECMAkGBSsOAwI”+
“aBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMDA1MTkwOTM0Mzh”+
“aMCMGCSqGSIb3DQEJBDEWBBRMpKh0Y/v8Ou57K7PN4G1ViXXIuTAJBgcqhkjOOAQDBDAwLgIVAPaINUO”+
“OnKNyt!/Milxv!8PLtY1mAhUA3wvDjDbsI7yzx8xYAC1zJQIe5n0=”;
try {
Object o[] = evalLogonTicket(ticket, “SAPdefault”, null);
System.out.println(“The User ID is: ” + (String)o[0]);
System.out.println(“Issuing System (Sysid) : ” + (String)o[1]);
System.out.println(“Issuing System (Client): ” + (String)o[2]);
if (o[3] != null) System.out.println(o[3]);
} catch (Exception e) {
System.out.println(e);
} catch (Throwable te) {
System.out.println(te);
}
//Here
}
}
==================================================================================================================
Good luck ????
JP
New NetWeaver Information at SAP.com
Very Helpfull