Search code examples
htmlsapui5sap-basis

SAPUI5 and Logon Tokens/SSO?

I'm getting started with SAP's SAPUI5 framework, and I am trying to get single sign on to work with logon tokens (MYSAPSSO2), but I don't see anywhere that I can fetch a token or attach a token to an OData HTTP request. The example in the blog post I linked to above employs username/password but doesn't use a token:

// Specify the SAP Gateway SalesOrder service as an OData model
var salesOrderService =
    "https://gw.esworkplace.sap.com/sap/opu/sdata/IWFND/SALESORDER",

// The SalesOrder service requires authentication
// get the username/password from the SDN page.
username = "[username]",
password = "[password]",

// SAP Gateway only supports XML, so don't use JSON
asJson = false,
salesOrderModel = new ODataModel(salesOrderService, asJson, username, password)

Even when I look at the ODataModel.js file provided in the SDK, the constructor does not take logon tokens:

/**
 * Constructor for a new ODataModel.
 *
 * @param {string} sServiceUrl required - base uri of the service to request data from
 * @param {string} [bJSON] (optional) true to request data as JSON
 * @param {string} [sUser] (optional) user
 * @param {string} [sPassword] (optional) password
 *
 * @class
 * Model implementation for oData format
 *
 * @extends sap.ui.model.Model
 *
 * @author SAP AG
 * @version 1.2.0
 *
 * @constructor
 * @public
 */

I'm curious (though since it's new, I wouldn't be surprised if nobody had even heard of this yet) if anyone has any experience with SSO/MYSAPSSO2 logon tokens with SAPUI5.

Solution

  • I am the author of the blog you refer to. Let me try and answer your question.

    Your comment from Mar 15 describes a proxy approach. What you should try to do is, once your proxy has received an SSO token you should pass that on to the client, using a SET-COOKIE header.

    So when you successfully authenticate to SAP you get an SSO token an HTTP header of the response.

    E.g.

    set-cookie: MYSAPSSO2=AjQxMDM.....BABhHAFcA%3d%3d; path=/; domain=esworkplace.sap.com

    Your proxy should simply pass that on to the client's browser and change the domain name to that of the proxy, otherwise the client will not use it.

    set-cookie: MYSAPSSO2=AjQxMDM.....BABhHAFcA%3d%3d; path=/; domain=yourproxydomain.com

    Next time the browser makes a request to your proxy it will automatically include this session cookie in the request header, like this:

    Cookie: MYSAPSSO2=AjQxMDMBABhH......%2fjmaRu5sSb28M6rEg%3d%3d

    Your proxy can read that cookie from the HTTP request headers and use it to make a call.

    I hope this helps.