Applies to:
EP7.0 SPS14 and above SAP ECC6.0 SPS14 and above
Summary
Single Sign-On provides single point access to systems in the landscape. SSO is mainly categorized into two types SSO using User Mapping method and Logon Ticket method. In the article I have configured SSO using Logon Ticket method Author: Venkata Sriharsha.L
Company: Willsys Infosystems PVT.LTD., Created on: 13 July 2010
Author Bio
Venkata sriharsha has 2 years of experience in IT Industry as SAP NetWeaver Consultant and working on various new dimensional components.Working on SAP EP7.0 , BI and PI implementation, support and maintenance.
Single Sign-On (SSO) Configuration
Procedure Backend System Login to the backend system with user having authorizations to work with TCD RZ10 Call TCD RZ10 – select “instance profile” -- Extended maintenance – click on “change”
Click on
tab
Set the profile parameter’s Set the parameters Login/accept_sso2_ticket=1 Login/create_ss02_ticket=0 Set these parameters to accept the ticket from issuer (portal) and it can’t create any ticket. Also set the FQHN (fully qualified host name) Icm/host_name_full=<FQHN> ( company name.domain.com)
Click on Copy tab come BACK SAVE and ACTIVATE the parameters
Note: You have to restart the SAP Instance to get effected by the changes.
Configuration Steps: Portal System ( Issuing Ticket ) Login to portal as Administrator System Administration – System Configuration – Keystore Administration
Select “ Content “ tab SAPLogonTicketKeypair - cert Click on tab and save it on the local system (it will generate ―verify.der.zip‖ file which consist of verify.der file extract the verify.der from verify.der.zip).
On the column Certificate – click on icon Import certificate Select the tab File – in File path specify the location of verify.der file that was imported from Portal Select Binary – confirm
On the Certificate column you can see the details of ticket issuer system (Portal)
The above process has to be done only once in the system (i.e., to add certificate to System PSE) 0n the Certificate column click on the tab list. to add certificate to SS0 access control
System ID -- <SID> of the portal Client – 000 (as the portal don’t have client concept) Confirm
Click on Next – Finish on left hand side you can see Newly created system (here TEST SSO)
Right click Open—Object
In Property Category select Connector You have fill in the following details of the backend system (here ECC6.0) Application Host – host name of Backend System Gateway Host Gateway Service – sapgw<instance no> Remote Host Type – 3 (connection to R3 system) SAP Client – client where we added ticket to access control list SID SAP System Number Server Port – 32<instance no> (Dispatcher port) as we are using connection type for dedicated application server System Type – SAP_R3 /SAP_BW/SAP_CRM
It will open window of the backend system if SSO is successful.
Note: In SSO using Logon Ticket method both the frontend (EP) and backend (ECC) should have same users (generally in backend we use service user) .
Disclaimer and Liability Notice
This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade. SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk. SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document.