none
BizTalk 2010 & enterprise SSO

    Question

  • Hi,

    I'm starting to look at using BizTalk and SSO for SAP single sign-on however can't find a great deal of samples on Google.  Has anyone tried this?  If so, was it quite a simple process?  Are you aware of any good SSO examples I can download and try?  It looks like the SSO example Ms provide doesn't work on 64bit.

    In short we are hoping to use BizTalk to login to SAP as the user calling an exposed webservice to call and IDOC.  The user user calling the web service will be an AD user and hopefully map to their SAP username and password, and then login to SAP to call the IDOC using those credentials.

    Many thanks in advance.


    GilesB

    vendredi 15 juin 2012 09:46

Réponses

Toutes les réponses

  • By Default Biztalk will store all the credentials(configured ports) in SSO and if you want store any another credentails we will use SSO tool.

    vendredi 15 juin 2012 10:29
  • You do not need to write anything yourself if you're using BizTalk components such as Send Ports etc.  If you need direct custom access to such a thing then yes, do you SSO as a custom Config Store.

    C:\Program Files (x86)\Microsoft BizTalk Server 2006\SDK\Samples\SSO\HTTPSSO\SsoSample.cs

    The SDK has a sample for interacting with SSO, although you only really need to pay attention to SsoConfigurator class as the rest is some IIS thing which you probably won't be interested in.

    Here are some useful blogs:



    If this is helpful or answers your question - please mark accordingly.
    Because I get points for it which gives my life purpose (also, it helps other people find answers quickly)

    vendredi 15 juin 2012 10:55
  • Thanks for the fast reply's.  I will be using a static WCF-SAP send port so think I shouldn't need to play with any code etc..., only the SSO config client, is that correct?

    I have now added an individual affiliate application to the SSO config for SAP, with my domain user account mapping to my SAP username and password, and set the send adapter to use the SSO of this SAP affiliate application.

    However when testing I get the following error:

    Error Description: System.Runtime.InteropServices.COMException (0x80004005): Unable to redeem ticket, no ticket exists in the message.

    Any idea?  I have set the application under SSO config to allow tickets.

    Many thanks in advance


    GilesB

    vendredi 15 juin 2012 14:51
  • You need to setup a SSOTicket.  You can either do this in your Orchestration or Send Pipeline, more info here:


    If this is helpful or answers your question - please mark accordingly.
    Because I get points for it which gives my life purpose (also, it helps other people find answers quickly)

    lundi 18 juin 2012 10:11
  • Thanks.  I've managed to get it working to an extent now using the below pipeline, however I can only get it working when using a mapping from this account running the host instance to my SAP account

    http://code.msdn.microsoft.com/Use-single-signon-with-FTP-b6414ce8

    What I'm hoping to do is for BizTalk to know which windows user started off the orchistration, then use their mappings to login into SAP.  Hope that makes sense.

    I.e. 

    Currently have User1 starts process, host account gets mapping for host AD account to host SAP account, login as hosts SAP account.

    Would like to have User1 starts process, host account gets mapping for User1 AD account to User1 SAP account, login as User1 SAP account.

    Many thanks in advance


    GilesB

    lundi 18 juin 2012 12:14
  • This blog post goes into detail on how to use SSO and AD clients:


    If this is helpful or answers your question - please mark accordingly.
    Because I get points for it which gives my life purpose (also, it helps other people find answers quickly)

    lundi 18 juin 2012 12:59
  • On The Send Port COnfigration , you can very well you the Custo Usrename and Crediatil to be used by Biztalk , and then Biztalk will access the External systems using the User/Pwd you provided and it also saves in SSO .
    jeudi 21 juin 2012 14:41