SAPUI5 and Logon Tokens/SSO?
https://stackoverflow.com//questions/9587903
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm getting started with SAP's SAPUI5 framework, and I am trying to get single sign on to work with logon tokens (MYSAPSSO2), but I don't see anywhere that I can fetch a token or attach a token to an OData HTTP request. The example in the blog post I linked to above employs username/password but doesn't use a token:
// Specify the SAP Gateway SalesOrder service as an OData model
var salesOrderService =
"https://gw.esworkplace.sap.com/sap/opu/sdata/IWFND/SALESORDER",
// The SalesOrder service requires authentication
// get the username/password from the SDN page.
username = "[username]",
password = "[password]",
// SAP Gateway only supports XML, so don't use JSON
asJson = false,
salesOrderModel = new ODataModel(salesOrderService, asJson, username, password)
Even when I look at the ODataModel.js file provided in the SDK, the constructor does not take logon tokens:
/**
* Constructor for a new ODataModel.
*
* @param {string} sServiceUrl required - base uri of the service to request data from
* @param {string} [bJSON] (optional) true to request data as JSON
* @param {string} [sUser] (optional) user
* @param {string} [sPassword] (optional) password
*
* @class
* Model implementation for oData format
*
* @extends sap.ui.model.Model
*
* @author SAP AG
* @version 1.2.0
*
* @constructor
* @public
*/
I'm curious (though since it's new, I wouldn't be surprised if nobody had even heard of this yet) if anyone has any experience with SSO/MYSAPSSO2 logon tokens with SAPUI5.
Solution
I am the author of the blog you refer to. Let me try and answer your question.
Your comment from Mar 15 describes a proxy approach. What you should try to do is, once your proxy has received an SSO token you should pass that on to the client, using a SET-COOKIE header.
So when you successfully authenticate to SAP you get an SSO token an HTTP header of the response.
E.g.
set-cookie: MYSAPSSO2=AjQxMDM.....BABhHAFcA%3d%3d; path=/; domain=esworkplace.sap.com
Your proxy should simply pass that on to the client's browser and change the domain name to that of the proxy, otherwise the client will not use it.
set-cookie: MYSAPSSO2=AjQxMDM.....BABhHAFcA%3d%3d; path=/; domain=yourproxydomain.com
Next time the browser makes a request to your proxy it will automatically include this session cookie in the request header, like this:
Cookie: MYSAPSSO2=AjQxMDMBABhH......%2fjmaRu5sSb28M6rEg%3d%3d
Your proxy can read that cookie from the HTTP request headers and use it to make a call.
I hope this helps.
OTHER TIPS
I'm responsible for SAPUI5 - although I'm not 100% sure whether I completely understand the issue, I'll try to answer. The SAPUI5 calls to read data use XMLHttpRequests and thus all certificates or cookies are sent along with the requests automatically. Futhermore, Gateway is expected to accept these (valid) certificates. So following the answer from Istak and using cookies with a proper domain, it should just work without the need of an API in UI5.
Anyhow, if I missed something, please explain more in detail.
Best regards Stefan
Not Sure about SAPUI5 and oData, I have used MYSAPSSO2 token with Java EE web applications / sencha touch based apps which connect sto SAP backend systems with SSO. You simply pass the token as a cookie in the http request.
There are many ways of doing this, the one I used was SimpleClientHttpRequestFactory or you could do that in UrlConnection itself.
