themasch
commented
9 years ago From the SS02 Sample file:
/* Currently the only way to obtain an SSO2 (or assertion) ticket is, if the
SAP backend gives you one... Therefore this program works as follows:
1. The program starts an RFC server on the given RFC destination. Make sure that in
SM59 in the "Security/Logon" tab you activate the check box "Send SAP Logon Ticket".
2. The program starts to listen for a call from the backend. Go to SE37, enter the
function module STFC_CONNECTION, enter the correct RFC destination and execute the
function module.
3. In the implementing server function for STFC_CONNECTION, the program reads the SSO2
or assertion ticket from the backend system and uses it to log into that system.
If everything works correctly, you get a success message.
This program handles only one single function call and then exits.*/And from the sample sapnwrfc.ini:
# GETSSO2 : Set this to 1, if the backend should generate an SSO2 ticket for your user.
If RfcOpenConnection() succeeds, you can retrieve the ticket with
RfcGetPartnerSSOTicket() and use it for further logons to systems supporting
the same user base.
!!! Note: No longer supported! SAP systems shall no longer issue tickets during user logon!!!TL;DR: Getting a SSO2 token isn't easy anymore and I'd vote against implementing the hard war in php-sapnwrfc since it seems to involve a giant overhead (your client becomes a rfc server).
Oh, and the fix for the bug above is this:
unsigned length = 2048;
SAP_UC * ssoTicket = (SAP_UC*)emalloc(2048);
When calling get_sso_ticket(), it fails with reference to SAP_UC*. try { $conn = new sapnwrfc($config); $ticket = $conn->get_sso_ticket(); echo "ticket: $ticket \n";
The system is a Ubuntu 12.04 with UTF-8.