Shulou(Shulou.com)05/31 Report--

This article mainly explains "what is the login mode of the ABAP Netweaver server". The explanation in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the login mode of the ABAP Netweaver server"?

We open any node in the transaction code SICF and find the Procedure field in the tab Logon Data. The default value is Standard. Press F1 to view the help documentation.

The document mentions that when Procedure is set to Standard, login authentication will be done in the following order:

(1) Logon using HTTP fields (2) Logon with SSL certificates (3) Logon using SAP Logon Ticket (SSO) (4) HTTP Basic Authentication (5) Logon using SAP user password (SAP RFC logon) (6) Logon using SAML (7) Logon using user data stored in the service

Let's use some concrete examples to understand how these different login methods work.

For example, open the WSDL url of a Web Service directly in the browser:

Http://:50078/sap/bc/srt/wsdl/flv_10002A111AD1/bndg_url/sap/bc/srt/rfc/sap/zws_add/506/zjerry1/jerry1?sap-client=506

Enter url to hit enter, and I can see the expected WSDL content. However, I also observed some interesting phenomena: the http in the address bar was automatically converted to https, and a HTTP 307 redirection was observed in the tool HTTP Watch.

This behavior of automatic redirection from HTTP protocol port 50078 to HTTPS port 44378 is defined in the parameter of the transaction code SMICM:

You can also view the value of the parameter icm/HTTP/redirect_0 through the transaction code RZ11.

At this point, however, I didn't specify any username or password at all, so why can I successfully see the resources deployed on the ABAP Netweaver server that need login authentication before I can access them?

This is Logon using SAP Logon Ticket (SSO- single sign-on), one of the standard login methods, at work.

Excerpt a description of Logon using SAP Logon Ticket (SSO) in a SAP help document:

Logon using SAP Logon Ticket (MYSAPSSO2 cookie field). If no logon data is transferred as form fields or header fields, the system then tries to logon using a logon ticket. To enable this, the cookie field MYSAPSSO2 must be set.

Using HTTP Watch (or Chrome developer tool) to observe the HTTP request I made when I visited WSDL, I found a cookie called MYSAPSSO2, which is the logon ticket issued to the client by the server after I successfully logged in to the server. After a successful login, every time you visit the same server, the browser will automatically set the cookie to the HTTP request, so that you can successfully access the server resources without requiring the user to explicitly provide login information.

When I cleared the MYSAPSSO2 cookie, I visited the same resource again and saw a pop-up dialog that asked me to enter my user name and password for a long time.

After entering the user name and password this time, I see the WSDL content again. However, the successful login method is not the previous MYSAPSSO2 Logon Ticket, but the Basic Authentication method based on the user name and password (the blue highlighted area below).

Notice the set-cookie in the green highlighted area below: after the user has successfully logged in, the MYSAPSSO2 cookie issued by the server is returned to the browser through the set-cookie field of the HTTP response. The next time the browser visits the resource, it will automatically bring the cookie field to the HTTP request and use MYSAPSSO2 Logon Ticket for login authentication again.

Here are several examples of how to specify login authentication information when accessing Netweaver server resources through ABAP code.

No login authentication information is provided in the example 1:ABAP code

When you execute the ABAP code in the above picture in SAPGUI, you will encounter a pop-up dialog box. Only by manually entering the user name and password can the code retrieve resources smoothly.

If you add a line of code:

Lo_http_client- > propertytype_logon_popup = if_http_client= > co_disabled.

A dialog box that can prevent user name and password entry from popping up, but the server will directly return HTTP 401 Unauthorized Error:

Example 2: several ways to provide user name and password in ABAP program

You can provide a user name and password in clear text as follows:

You can also create a Destination of type H:HTTP Connection to ABAP System in the transaction code SM59:

Maintain the username and password in the corresponding fields of the Logon & Security page of this Destination:

Then create an instance of cl_http_client based on this Destination. The security in this way is better than specifying the user name and password directly in the code.

Of course, I have also tried to copy the cookie value of MYSAPSSO2:

If you set it to the instance of cl_http_client directly through the set_cookie method, you can also successfully access resources in the system.

Thank you for your reading, the above is the content of "what is the login mode of the ABAP Netweaver server?" after the study of this article, I believe you have a deeper understanding of what the login method of the ABAP Netweaver server is, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.