Scribd
Upload
177 views3 pages

Configure The SSO

The document outlines the steps to configure single sign-on (SSO) between a portal and SAP backend systems. Step 1 involves setting the logon method to SAPLOGONTICKET for each backend system in the portal. Step 2 has the portal generate an X.509 certificate. Step 3 exports this certificate. Step 4 imports the portal certificate into each backend system. Step 5 exports the backend certificate to the portal. Finally, the backend systems are added as trusted relationships in the portal configuration.

Uploaded by

Barun Paul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
177 views3 pages

Configure The SSO

The document outlines the steps to configure single sign-on (SSO) between a portal and SAP backend systems. Step 1 involves setting the logon method to SAPLOGONTICKET for each backend system in the portal. Step 2 has the portal generate an X.509 certificate. Step 3 exports this certificate. Step 4 imports the portal certificate into each backend system. Step 5 exports the backend certificate to the portal. Finally, the backend systems are added as trusted relationships in the portal configuration.

Uploaded by

Barun Paul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 3

Configure the SSO (Single sign on) for Portal

How to configure the SSO (Single sign on) for Portal? What are the steps
needs to be taken?

By: Kamakshi

Single Sign On with Portal to SAP Backend Systems

Single Sign On (SSO) is good documented in the SAP world. This guide to give you a
complete working example of how you can enable SSO in your environment.

Step 1 - Setting the logon method as Single Sign on

1.1 Log in to your Portal as a System Administrator.

1.2 Choose System Administration --> System Configuration --> System Landscape

1.3 Find the system you want to assign Single Sign on to and open it

1.4 Choose User Management as Property Category

1.5 Set Logon Method to SAPLOGONTICKET

What we have done now is to set the system you want to use as a Single Sign On logon
method. Do this to each system you want to connect.

Step 2 - Create a Portal Certificate

1.1 Log in to the Visual Administrator

1.2 Choose Server --> Services --> KeyStorage --> TicketKeystore

1.3 Delete SAPLogonTicketKeypair-cert and SAPLogonTicketKeypair

1.4 Choose Create (Create button in the Entry field) and


type in the following information:
a. mark Store Certificate
b. Common Name: Your <SID> (just example)
c. Entry Name: SAPLogonTicketKeypair
d. Store Certificate: Mark it
e. Key Length: 1024
f. Algorithm: DSA
g. Press Generate

Now you will have two entries in the TicketKeyStore:

SAPLogonTicketKeypair
SAPLogonTicketKeypair-cert
Step 3 - Export the Portal certificate

3.1 Choose Server --> Services --> KeyStorage --> TicketKeystore

3.2 Choose SAPLogonTicketKeypair-cert and press Export (Export button in the Entry field)

a. Fill in a name of the Certificate


To keep track of your certificate, call it the SID of the Portal

b. Choose either X.509 or Base64 Encoded Format

Step 4 - Import the Portal certificate to the Backend System

4.1 Log in to the Backend System


In my example, I log in to ERP 2004

4.2 Run transaction STRUSTSSO2

4.3 Press Import Certificate (Button in the Certificate field)

a. Open the generated certificate from step 3 with the right file format that you choosed in
step 3.4

4.5 Press Add to Certificate List button (Button in the Certificate field)

4.6 Press Add to ACL button (Button in the Certificate field)

a. Enter the <SID> of your Portal

b. Enter Client 000

4.7 Press Save

Step 5 - Export the Backend certificate to your Portal

5.1 You are still in the transaction STRUSTSSO2. Doubleclick the Owner Certificate and
choose Export and store in on the file system

5.2 Log into Visual Administrator


Choose Server --> Services --> KeyStorage --> TicketKeystore and press Load and choose
the Certificate

5.3 Set the Backend System as "ACL" in the Portal


Choose Server --> Services --> Security --> Provider --> Ticket

Choose the Authentication tab and add the following on the


com.sap.security.core.server.jass.EvaluateTicketLoginModule:

trustedsys<Number>=<ABAP_SID>, <CLIENT> (for example, ABA, 200)


trustediss<Number>=<ISSUER_DISTINGUISHED_NAME> (for example, CN= ABA)

trusteddn<Number>=<SUBJECT_DISTINGUISHED_NAME> (for example, CN=ABA)

You have set up a trusted relationship between your portal and the backend system. To do so
with several system, run this guide again from step 4

You might also like