We have setup Orbeon 4.0 beta 3 on SAP Netweaver 7.3 with custom persistancy layer.
This layer is created on Netweaver with this in mind: http://wiki.orbeon.com/forms/doc/developer-guide/form-runner/persistence-api Basic CXF webservices which acts as a proxy to the SAP Backend where we store the form and data. Connection to the backend is made via SAP HTTPDestination.
This setup works as long as authentication is turn off in web.xml etc.
The next step was to enable this with SSO in mind. So that the persistancy layer is called with the same SSO ticket to enable usercontext passing to the SAP backend.
Steps:
- Enable security in orbeon web.xml and web-j2ee-engine with proper SAP role and login stack (ticket)
- Enable security on the persistency layer
- Setup orbeon to pass the MYSAPSSO2 cookie (property as="xs:string" name="oxf.http.forward-cookies" value="MYSAPSSO2"/>)
Looking at the browser window I see the JSESSIONID and MYSAPSSO2 cookies. This is supported by java filter I made in front of Orbeon to read the cookies. This filter in front of the Orbeon loops over the Cookie[] array of the Servlet request.
I have 3 log records of this and what caught my eye was that the JSESSION of the first log record looked like this
Cookie: JSESSIONID 0iqTevo1vDb_lYFwTa-9CJHymaGMPAHaCk0A_SAPox1Z6aY-RvYBtiK-2U5GLmAh
the following records did look like this:
Cookie: JSESSIONID 0iqTevo1vDb_lYFwTa-9CJHymaGMPAHaCk0A_SAP
So first question is why the trim of the JSESSIONID?
Looking at the logs of the percistancy layer this class shows an error:
com.sap.engine.services.security.authentication.loginmodule.ticket
Base64 Encoded Ticket String: 0iqTevo1vDb_lYFwTa-9CJHymaGMPAHaCk0A_SAP
It looks to me that SAP can handle this shorter JSESSIONID.
A test via browser:
- Open Orbeon forms url
- Log into SAP by the login page shown
- Open the
/rest/test(url of the persistancy layer) to see if I have to login again
No login required when opening /rest/test and no errors in the login regarding com.sap.engine.services.security.authentication.loginmodule.ticket
