Definition

As a rule, it is desirable that after successful logon a security session and/or a logon ticket is generated. However, this is not appropriate or desirable in all cases.

For some applications (for example, SOAP-based Web services), both the generation and the use of security sessions and logon tickets is not desired. Logon tickets should be accepted, but not generated.

Other applications (for example, OData services, ABAP push channels) want to use existing security sessions and logon tickets, but want to prevent the generation of security sessions and logon tickets.

Use

Switch Value    Security Sessions    Logon Tickets

Unlimited    Use and Generation Possible    Use and generation possible

Partly restricted    Only use possible    Only use possible

Completely restricted    Neither use nor generation possible    Only use possible

Dependencies

The general activation/deactivation of security sessions (for each ABAP client) is possible using the transaction SICF_SESSIONS. Using the ICF service configuration, only the use of activated security can be restricted; it is possible to activate Security Session Management.

The profile parameter login/create_sso2_ticket defines whether logon tickets can be generated. If the generation of logon tickets is deactivated using the profile parameter, it cannot be activated using the ICF service configuration.

Example