KaTe styx.JAS for SAP
With the introduction of NetWeaver into the SAP system landscape, JAVA applications are becoming increasingly important. Therefore, a single sign-on solution is not only relevant for the ABAP stack. With our solution styx.JAS we offer you an integration of your J2EE engines (e.g. Process Integration, Solution Manager, Portal, etc.) into the Single-Sign-On scenario.
For the implementation, we use the tools that SAP has delivered in the standard since the JAVA Stack Release 6.40. Kerberos authentication is performed using the simple and protected GSS API negotiation mechanism (SPNego), which is integrated in the JAAS login module SPNegoLoginModule.
After the first call of an application in the JAVA stack, the web browser receives the response code 401 (unauthorized) and the value “WWW-Authenticate: Negotiate” as a response, after which it obtains an SPNego token from the Key Distribution Center (KDC). The SPNego login module decrypts the token and checks its accuracy and the availability of a corresponding SAP user. If the check is positive, access to the application is granted without entering a password.
With the authentication at the JAVA Stack a SAP Logon Ticket is issued. By configuring a trust relationship between the JAVA stack and an ABAP backend system, a single sign-on for applications of the integrated ITS can be realized.
JAVA and web-based applications of the integrated ITS