Single Sign-On Portal

Single Sign-On (Logon Ticket) Applies to: EP7.0 SPS14 and above SAP ECC6.0 SPS14 and above Summary Single Sign-On provides single point access to systems in the landscape. SSO is mainly categorized into two types SSO using User Mapping method and Logon Ticket method. In the article I have configured SSO using Logon Ticket method Author: Venkata Sriharsha.L Company: Willsys Infosystems PVT.LTD., Created on: 13 July 2010 Author Bio Venkata sriharsha has 2 years of experience in IT Industry as SAP NetWeaver Consultant and working on various new dimensional components.Working on SAP EP7.0 , BI and PI implementation, support and maintenance. SAP COMMUNITY NETWORK © 2010 SAP AG SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 1 .......................................com | UAC .................................................................................................................................sdn.........................com | BOC .........................sap.............uac.......................sap... 13 SAP COMMUNITY NETWORK © 2010 SAP AG SDN ...................................................... 4 Portal System ( Issuing Ticket ) ..............................................................com | BPX .......... 3 Backend System ......................com 2 .......................................................................................................................................................................................... 5 Testing SSO: ............................... 4 Backend System: (Accepting Ticket) .............................................................................................. 3 Configuration Steps: .......................................................Single Sign-On (Logon Ticket) Table of Contents Single Sign-On (SSO) Configuration ............................................... 3 Procedure .......................................................sap...............................................................................sap................. 8 Disclaimer and Liability Notice ....................boc.........................................bpx................................................................. boc.com) SAP COMMUNITY NETWORK © 2010 SAP AG SDN .sap.domain.sap. Also set the FQHN (fully qualified host name) Icm/host_name_full=<FQHN> ( company name.com | BPX .sap.Extended maintenance – click on “change” Click on tab Set the profile parameter’s Set the parameters Login/accept_sso2_ticket=1 Login/create_ss02_ticket=0 Set these parameters to accept the ticket from issuer (portal) and it can’t create any ticket.sdn.com | BOC .bpx.sap.com | UAC .Single Sign-On (Logon Ticket) Single Sign-On (SSO) Configuration Procedure Backend System Login to the backend system with user having authorizations to work with TCD RZ10 Call TCD RZ10 – select “instance profile” -.com 3 .uac. uac.sap.boc.bpx.com | UAC .der.com 4 .com | BOC .der from verify.zip).der.sap.Single Sign-On (Logon Ticket) Click on Copy tab come BACK SAVE and ACTIVATE the parameters Note: You have to restart the SAP Instance to get effected by the changes.sap.sdn.cert Click on tab and save it on the local system (it will generate ―verify.sap.der file extract the verify. SAP COMMUNITY NETWORK © 2010 SAP AG SDN .com | BPX .zip‖ file which consist of verify. Configuration Steps: Portal System ( Issuing Ticket ) Login to portal as Administrator System Administration – System Configuration – Keystore Administration Select “ Content “ tab SAPLogonTicketKeypair . Single Sign-On (Logon Ticket) Backend System: (Accepting Ticket) Login to ECC6.sdn.com | UAC .com | BPX .com | BOC .sap.sap.bpx.uac.sap.0 system Call the TCD STRUSTSSO2 SAP COMMUNITY NETWORK © 2010 SAP AG SDN .sap.boc.com 5 . sap.sap.com | BOC .Single Sign-On (Logon Ticket) On the column Certificate – click on icon Import certificate Select the tab File – in File path specify the location of verify.der file that was imported from Portal Select Binary – confirm On the Certificate column you can see the details of ticket issuer system (Portal) SAP COMMUNITY NETWORK © 2010 SAP AG SDN .boc.uac.com 6 .bpx.com | UAC .sdn.com | BPX .sap.sap. sap.sap.bpx.sap..sap. to add certificate to System PSE) 0n the Certificate column click on the tab list.com | BPX . to add certificate to SS0 access control System ID -.com | UAC .boc.com 7 .e.sdn.<SID> of the portal Client – 000 (as the portal don’t have client concept) Confirm Click on SAVE SAP COMMUNITY NETWORK © 2010 SAP AG SDN .com | BOC .uac.Single Sign-On (Logon Ticket) Click on tab to add certificate to system PSE The above process has to be done only once in the system (i. sap.sap.bpx.com | UAC .com 8 .sap.uac.Single Sign-On (Logon Ticket) Testing SSO: Defining System Aliases Login to portal with Administrative rights Create your folder for easy organization Click on Finish SAP COMMUNITY NETWORK © 2010 SAP AG SDN .sdn.sap.com | BOC .com | BPX .boc. boc.sap.com | BOC .sdn.com | UAC .sap.bpx.com 9 .Single Sign-On (Logon Ticket) Right click on Newly created folder ( here TEST SSO) Select based on your requirement click on Next tab SAP COMMUNITY NETWORK © 2010 SAP AG SDN .sap.sap.com | BPX .uac. uac.bpx.com | BPX .com | UAC .sap.sap.Single Sign-On (Logon Ticket) Click on Next – Finish on left hand side you can see Newly created system (here TEST SSO) Right click Open—Object In Property Category select Connector You have fill in the following details of the backend system (here ECC6.boc.sap.sdn.com 10 .com | BOC .0) Application Host – host name of Backend System Gateway Host Gateway Service – sapgw<instance no> Remote Host Type – 3 (connection to R3 system) SAP Client – client where we added ticket to access control list SID SAP System Number Server Port – 32<instance no> (Dispatcher port) as we are using connection type for dedicated application server System Type – SAP_R3 /SAP_BW/SAP_CRM SAP COMMUNITY NETWORK © 2010 SAP AG SDN .sap. Single Sign-On (Logon Ticket) Create System Aliases Specify the Alias Name click on Add -.uac.sap.com | BPX .SAVE System Administration – Support – SAP Application SAP COMMUNITY NETWORK © 2010 SAP AG SDN .com | BOC .boc.com | UAC .sap.bpx.com 11 .sap.sap.sdn. sap.boc. SAP COMMUNITY NETWORK © 2010 SAP AG SDN .sap.com 12 .bpx.click on Go It will open window of the backend system if SSO is successful. Note: In SSO using Logon Ticket method both the frontend (EP) and backend (ECC) should have same users (generally in backend we use service user) .Single Sign-On (Logon Ticket) Select Transaction – click on Run Select System you have defined -.sap.sdn.sap.com | BOC .com | UAC .uac.com | BPX . sap.com | BOC . or seek to hold.sdn. SAP will not be held liable for any damages caused by using or misusing the information.sap.com 13 .boc.com | UAC . SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample. SAP responsible or liable with respect to the content of this document.bpx. SAP COMMUNITY NETWORK © 2010 SAP AG SDN .sap. code or methods suggested in this document. You agree that you will not hold.sap. including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. and anyone using these methods does so at his/her own risk.com | BPX .uac.Single Sign-On (Logon Ticket) Disclaimer and Liability Notice This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.