SAP J2EE setup for NetWeaver 7.3

Page created: 6 Sep 2022 |

Page updated: 6 Sep 2022

| 2 min read

SAP NetWeaver Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

To allow for deep linking for SP-initiated SSO, the login module appends the target-resource URL to the ssoUrl property. This feature is supported only for NetWeaver portals; for other applications the target resource is not appended and the user will go to the Default URL configured in PingFederate. For more information, see Configuring default URLs in the PingFederate documentation.
The login module JAR file (PFLoginModuleJAR.jar), along with supporting JARS included with this distribution, can be used to create a custom EAR for the NetWeaver platform. For more information, see Configuring the Login Module on the AS Java in the SAP Help Portal.

Deploy the login module included with this distribution (PFLoginModuleLibrary.ear) to NetWeaver using the appropriate version of SAP NetWeaver Developer Studio.

Note:
For information on how to deploy a login module, please refer to SAP Help.

Configure the login module through the NetWeaver Administrator, using the following options:

Option	Description
agentPropertiesFileName	Filename with full path to the location of OpenToken properties file (for example, C:\agent-config.txt).
pfBaseUrl	Base URL to the PingFederate SP instance.
enableSPSSO	If `true`, `PFLoginModule` redirects to the `ssoUrl` (below) if `OpenToken` is not found in the request. This enables SP-initiated SSO functionality for NetWeaver. The default value is `false`.
ssoUrl	URL for redirect if SP-initiated SSO, required only if is enabled (above). The value required is PingFederate’s application endpoint to start the SSO: http[s]://<PF_host>:<port>/SP/startSSO.ping `?PartnerIdpId=<connection_id>` For more information, see Developer Notes below.
excludeUrI	List of excluded resource URIs using regular expressions. For example: `./webdynpro.`
enableSSOCookie	If `true` and enableSPSSO is set to `true`, `PFLoginModule` redirects only if a cookie (an SSO Cookie, defined below) is found in the request. The SP sets an SSO Cookie in the user’s browser during an initial IdP-initiated SSO event. When the user arrives at the NetWeaver SP in the future, with the SSO Cookie, the user is redirected to the ssoUrl. If `false` and enableSPSSO is set to `true`, the PFLoginModule redirects any user to the ssoUrl, regardless of any SSO Cookie. The default value is `false`.
ssoCookieName	The name of the SSO cookie to set in the user’s browser, required only if enableSSOCookie is set to `true`.

Note:

For information on how to configure a login module, please refer to the SAP Help.

Configure an application to use the login module. A sample configuration which allows for both SSO and direct authentication is shown below:

Login Module	Flag
`EvaluateTicketLoginModule`	`SUFFICIENT`
`PFLoginModule`	`REQUISITE`
`BasicPasswordLoginModule`	`REQUISITE`
`CreateTicketLoginModule`	`OPTIONAL`

Note:

For information on how to configure an application, see Configuring an Application to Use the Login Module in the SAP Help Portal.