I am looking into option on using Single Sign On (SSO) from a SAP Portal to a Non-SAP ASP .Net application. Reading through the documents and online searches, I found there are couple of approaches 1. Use "SAPSSOEXT" to evaluate the Logon ticket in the .Net application. 2. Use "SSO22KerbMap" ISAPI module.
The .Net application is already configured to use Integrated Windows Authentication using Active Directory. But, now we need to support SSO from SAP Portal. Without SSO, if a User A signs into the .net app from a User B's system, the .net app would Windows authentication and treat the user B as the logged in User.
Option 1 involves developing new code for the .net application as it currently does not support it and it may not be possible in my case. Option 2 sounds very promising, but I am not very clear on how this would work. It sounds like the module verifies the SAP Logon ticket and acquires a constrained kerberos ticket. But, I am confused as how would the .Net application use this constrained kerberos ticket. Is Option 2 a seamless bridge that I could just install and suddenly the .net app support SSO like Magic? I would love if it did that, but sounds too good to be true.