+

Search Tips   |   Advanced Search

Configure Basic Authentication for SSO for the SAP navigation integration


For single sign-on between WebSphere Portal and SAP NetWeaver Portal, we can configure HTTP Basic Authentication using the Credential Vault. The portlet IBM WebSphere Portal Integrator for SAP provides an administration interface used to perform this configuration.

To configure it:

  1. In the Edit Shared Settings mode of the portlet IBM WebSphere Portal Integrator for SAP, create a Credential Vault slon that can later store users credentials. As an alternative method, we can use the WebSphere Portal administration for creating a slot. For details, see the topic Configure Integrator for SAP.

  2. Configure HTTP Basic Authentication for SSO for Integrator for SAP:

    1. Set the parameter sap.CrendentialSlotId to the name of the Credential Slon that createdd in the previous step.

    2. Set the parameter sap.SSOTokenUrl to a URL in the SAP NetWeaver Portal.
    For details see the topics Configure Integrator for SAP and Configuration parameters for the SAP navigation integration.

  3. Users must add their credentials to the slot. They can do this in the Personalize mode of the SAP integrator portlet, independent of whether to use the portlet itself for integration of content from the SAP NetWeaver Portal into your WebSphere Portal.

  4. If you do not want users to be able to edit the user ID and password credentials that the integrator portlet uses with Basic Authentication, then we can revoke the Privileged User role at the portlet for these users. You do this using the Portal Access Control. This can be useful if we use a shared Credential Vault slot and a group of users share the same user ID and password for accessing the SAP NetWeaver Portal.

  5. Optional: Configure single sign-on with the SAP navigation integration for browsers. If we configure HTTP Basic Authentication for single sign-on, Integrator for SAP provides single sign-on between WebSphere Portal and the SAP NetWeaver Portal navigation only. This means that users can see the integrated navigation, but when they access an integrated page, SAP NetWeaver Portal prompts them for authentication, if SSO is not implemented by other means. We can include browsers in the configuration of this single sign-on. If you want WebSphere Portal to pass the SAP NetWeaver Portal authentication token to the user's browser, perform both of the following tasks:

    1. Set the parameter sap.SSOTOkenDomain to the domain for which to set the token. For details see the topic about Configuration parameters for the SAP navigation integration.

    2. Configure the following login and logout filters in the Resource Environment Provider WP Authentication Service: 
      login.explicit.filterchain    com.ibm.wps.integration.sap.login.LoginFilter   
login.implicit.filterchain    com.ibm.wps.integration.sap.login.LoginFilter   
logout.explicit.filterchain   com.ibm.wps.integration.sap.logout.LogoutFilter 
logout.implicit.filterchain   com.ibm.wps.integration.sap.logout.LogoutFilter
      For details, see the topic Configure authentication filters.

Note that configuring single sign-on with the SAP navigation integration for browsers is supported only for HTTP Basic Authentication.


Parent: Configure Integrator for SAP
Related:
Configure authentication filters
Related:
Configure Basic Authentication for SSO for the SAP integrator portlet
Related reference:
Configuration parameters for the SAP navigation integration