You are here: Home > Documentation > Knowledgebase > KB #0013: Obtaining MYSAPSSO2 tickets with NWRFC

Obtaining SSO tickets with NWRFC

The technique described below is useful if you want to use Web Dynpro / BSP applications (e.g. BSPApplication) without an additional user logon dialog.

Background

A MYSAPSSO2 token contains authentication information in encrypted form. These tokens can be used instead of username and password to log on to the SAP backend.

The (now unsupported) „classic“ RFC library offered a function to retrieve a MYSAPSSO2 token directly. Unfortunately, the NWRFC library does not support this, therefore the necessary ticket-creating functionality must be implemented in a customer-defined function module.

The source code for this function module is given below.

Prerequisites

  1. You have single sign on (SSO) over RFC deployed successfully
  2. You are connecting with a regular SAP user (not a system or communication user)
  3. You have set the profile parameters login/accept_sso2_ticket and login/create_sso2_ticket (see here)
  4. You have implemented a function module to obtain the SSO ticket. The source code for this function module should look like this:
FUNCTION Z_GET_SSO2_TICKET.
*"----------------------------------------------------------------------
*"*"Lokale Schnittstelle:
*"  EXPORTING
*"     VALUE(TICKET) TYPE  STRING
*"----------------------------------------------------------------------

call function 'CREATE_RFC_REENTRANCE_TICKET'
 importing
   ticket = ticket.

ENDFUNCTION.

Procedure

To obtain the ticket, open a RFC connection to the ABAP system, set the name of the ticket creation module as option sso2.create_ticket_module, and call GetSSO2Ticket(). You can use this ticket later in a BSPApplication:

// create a session instance
NWRfcSession session = new NWRfcSession();
// supply the name of the ticket creation module
session.Option["sso2.create_ticket_module"] = "Z_GET_SSO2_TICKET";

// set up system and logon data (omitted)
// ...

// connect to the ABAP system
session.connect();

// obtain the ticket
string ticket = session.GetSSO2Ticket();

// use the ticket to log on to BSP/WebDynpro application
BSPApplication app = new BSPApplication();
app.LogonData.SSO2Ticket = ticket;

// show the application
app.ShowApplication("/my/app/url/");