Let me start by asking forgiveness if I get the SAP side of this incorrect as I'm a Microsoft developer and not entirely familiar with our SAP environment.
I'm trying to implement a solution whereby I can provide single-sign-on to SAP Enterprise SOAP Services from a Microsoft .Net application. I currently have it working but in a somewhat convoluted way:
(1) .Net app accesses NetWeaver portal, which is configured for single sign-on. NW portal returns SAPSSO2 ticket via cookie, which is captured by .Net app
(2) .Net app then inserts cookie into request to SAP ECC system to provide authentication. A trust relationship is already established between NW and ECC.
I'm hoping to skip the part where I access the NW system, as it tends to add a somewhat long delay into the process. I was directed to the SAPSSOEXT library as a possible way to generate SAP assertions tickets. After much trial and error, I have been able to generate a ticket with a PSE file provided from the ECC system. Unfortunately, the ECC system is not accepting the assertion ticket for authentication. My guess is that there needs to be some sort of trust relationship set up between my Windows system and the ECC system. I have no idea how to set up that trust relationship as I believe STRUSTSSO2 requires a certificate and I don't have one on my Windows system (at least I don't think so).
I'm hoping someone out there has tried to do something like this and can provide some guidance. At this point I'm open to just about any solution. I will mention that we don't yet have a SAML environment set up, so I can't use that mechanism for authentication.
Mike