The user enters the URL for the mySAP.com Workplace in his or her Web browser.
The request is sent to the Workplace Server via the Workplace Server's Web server and Internet Transaction Server (ITS).
Because it is the user's initial logon request (that is, no SSO cookie for the user exists), the system requests the user's ID and password.
The user provides his or her user ID and password in the corresponding dialog.
The information is sent to the Workplace Server to be validated.
If the central Workplace server can successfully authenticate the user, then:
The user is logged on to the Workplace.
The Web server used for the Workplace Server sets the SSO cookie (MYSAPSSO2) in the user's Web browser.
When a user accesses Actuate application using a logon ticket for authentication, the ticket is automatically sent to the Actuate HTTP Server.
Actuate Active Portal Security Extension (APSE) retrieves the Logon ticket from the MYSAPSSO2 cookie.
APSE invokes the shared library SAPSSOEXT to verify the Workplace Server's digital signature included with the Logon ticket.
To be able to verify the Workplace Server's digital signature, APSE must have access to the Workplace Server's public-key certificate. A Personal Security Environment (PSE) file is required by the SAPSSOEXT library to verify the signature using the supporting library SAPSECULIB. The Workplace Server's public key is available directly in the PSE file.
If the digital signature is valid, SAPSSOEXT library function returns the User ID, which is passed to the Report Server for logging in.