I am trying to implement SSO using SAP logon tickets in a 3 tier architecture between NW CE and R/3. But so far I have not been able to crack this.
Let me describe the scenario in detail:
We have two Java EE applications on Netweaver CE 7.2 Application Server:
UI: Just handles all the UI logic : js, jsp, css, html, extjs .It calls the Business Layer Java EE application to get data from back-end systems.
Business Layer: Calls R/3 SOAP services does some processing on them and exposes the data back to the UI via a Restful JSON service (implemented using Java Spring framework)
Both UI and Business Layer Java EE applications define login modules to be used for SAP logon tickets. So the architecture is like this:
UI ---RESTfull------>Business Layer----SOAP--->ABAP R/3
So ideally when the UI link is clicked it prompts the user for authentication (uses CE UME) and then the UI applications calls the Business Layer which then calls R/3. This unfortunately doesn't work. The authentication between UI and Business Layer Application fails.
However if you remove the Business Layer Java EE application and call the SOAP service directly from the UI. SAP logon tickets starts working.
So I have been able to make SAP logon tickets work with the following 2 tier architecture:
UI-----SOAP----->R/3
So my Question is:
Is there a way to use SAP logon tickets in a 3 tier architecture between NW CE and R/3 (For the scenario described above)? Any help/pointers/documentation links would be great
Now since the SAP ECC and CRM systems have the ability to publish JSON Restful services (Wrapper on a RFC), it is not possible to directly consume this service.
Hence there is no need to covert JAX-WS services to JsonRestful , all I have done is pass in the secuirty token "MYSAPSSO2" to this interface for single sign on.
I will update the post with more details soon.