... Tutorials, tips and tricks about my experiences with SAP Basis ...

Home Systems Authorization Database Reporting ABAP About

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

1 of 33 4/14/2014 11:48 AM

3) Portal menu

This additional login level can be overcome with the integration of Single Sign On (SSO) by setting up a trustedrelationship between the backend system and the portal.

Steps to configure the SSO integration between backend system and front end portal:

A) Front End: Export certificate from portal

1) Login to Visual Administrator Refer to How to execute or run J2EE Engine Visual Administrator

InSS*Ae

cASTinoeW

HO(b(F

P

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

2 of 33 4/14/2014 11:48 AM

2) Select Cluster: Server -> Services -> Key Storage -> Runtime tab -> Views: TicketKeystore -> Entries: SAPLogonTicketKeypair-cert -> Click "Export" button

3) Save the file on the backend server (SAP system)

pOM

SPHsth

"SSSthnSe"S

pp1e

WSutia

Atr

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

3 of 33 4/14/2014 11:48 AM

4) Enter filename. Ex: portal_sid_certificate.crt

B) Backend: Create a user "SAPJSF"

thuSb

ntoSSto

wpfodC

aSlaPaan

V

A

-

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

4 of 33 4/14/2014 11:48 AM

1) Execute TCODE: SU01 -> display user: SAPJSF" (if user not exist create a new user, user type: system)

2) Assign roles "SAP_BC_JSF_COMMUNICATION" and "SAP_BC_USR_CUA_CLIENT_RFC"

3) Check "icm/host_name_full parameter" been configured correctly in Default profile

CAAS

-

V

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

5 of 33 4/14/2014 11:48 AM

4) Execute TCODE: RZ10 to ensure parameter for "login/accept_sso2"_ticket and "login/create_sso2_ticket" areready or create it if necessary

L

R

ABcbsva

A"to((b(FA"ERWAMFASA"tocthmASBOoSAvBA"toVaA"AFTA"tocth

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

6 of 33 4/14/2014 11:48 AM

5) Select Instance profile

5) Click "Extended maintenance" and "Change" button

6) If the 2 parameters not available, Click the "Parameter" icon to create it

T

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

7 of 33 4/14/2014 11:48 AM

7) Enter Parameter name: login/accept_sso2_ticket, Parameter val: 1 and click "Copy" button

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

8 of 33 4/14/2014 11:48 AM

8) Enter Parameter name: login/create_sso2_ticket, Parameter val: 2 and click "Copy" button

9) Make sure the parameters are correct

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

9 of 33 4/14/2014 11:48 AM

10) Save the profile

11) Restart the SAP system

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

10 of 33 4/14/2014 11:48 AM

12) Restart with sapmmc

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

11 of 33 4/14/2014 11:48 AM

13) Click "OK:

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

12 of 33 4/14/2014 11:48 AM

14) Wait for the reboot

C) Backend: Import the front end certificate created earlier

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

13 of 33 4/14/2014 11:48 AM

1) Execute TCODE: STRUSTSSO2

2) Click "Certificate" -> "Import"

3) Click 'Binary" and Select the portal certificate created earlier

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

14 of 33 4/14/2014 11:48 AM

4) Click the "tick" button

5) Click "Allow"

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

15 of 33 4/14/2014 11:48 AM

6) Certificate imported successfully

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

16 of 33 4/14/2014 11:48 AM

7) Click "Add to certificate list and continue clicking on the "Add to ACL" button

8) Enter System ID: J2E, Client: 000

9) New entry created at the Logon ticket section

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

17 of 33 4/14/2014 11:48 AM

10) Click "Save" button

D) Backend: Export certificate

1) Click the "Export" button

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

18 of 33 4/14/2014 11:48 AM

2) Select "Binary" and enter filename ex: abap_back end_certificate.crt (to be import into front end server)

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

19 of 33 4/14/2014 11:48 AM

3) Click "OK"

E) Front end: Create a JCo RFC provider

1) Execute TCODE: SMGW and mark down the LU Name, TP Name

2) Select Cluster: Server -> Services -> JCo RFC provider -> Runtime tab -> Bundles tab -> Registered server Enter Program Id: sapj2ee_port, Gateway host: LU Name, Gateway service: sapgw00, Server Count (1..20): 1

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

20 of 33 4/14/2014 11:48 AM

3) Click Repository: Specify Application Server Enter: Application server host: LU Name, System number: 00 (according to the relevant SAP system), Client: 000 (according to the relevant SAP system), Language: EN, User: SAPJSF, Password: master password created during installation or password reset for user: SAPJSF Click "Set" button

F) Front end: Add back end to security providers list

1) Select cluster: Server -> Services -> Security Provider -> Runtime tab -> Policy Configuration -> Components: ticket Click the "Pencil" button to switch to edit mode

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

21 of 33 4/14/2014 11:48 AM

2) Select Authentication tab -> "com.sap.security.core.server.jaas.EvaluateTicketLoginModule" Click Modify" button

3) Enter the following details: Name: ume.configuration.active, Value: true Name: trustedsys1, Value: SID,Client number

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

22 of 33 4/14/2014 11:48 AM

Name: trustediss1, Value: CN=SID Name: trusteddn1, Value: CN=SID Click "OK" button

4) Select cluster: Server -> Services -> Security Provider -> Runtime tab -> Policy Configuration -> Components: evaluate_assertion_ticket Select Authentication tab -> "EvaluateAssertionTicketLoginModule" Enter the following details: Name: ume.configuration.active, Value: true Name: trustedsys1, Value: SID,Client number Name: trustediss1, Value: CN=SID Name: trusteddn1, Value: CN=SID Click "OK" button Click Modify" button

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

23 of 33 4/14/2014 11:48 AM

G) Front end: Import the backend certificate

1) Select Cluster: Server -> Services -> Key Storage -> Runtime tab -> Views: TicketKeystore -> Entries: SAPLogonTicketKeypair-cert -> Click "Load" button

2) Select the "abap_back end_certificate.crt" that created from the backend system

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

24 of 33 4/14/2014 11:48 AM

3) The certificate imported successfully

4) Click "Yes" to exit the Visual Administrator

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

25 of 33 4/14/2014 11:48 AM

5) Restart the SAP system with sapmmc

H) Backend: Create and test the RFC connection

1) Execute TCODE: SM59 -> Select "TCP/IP Connection" -> Click "Create" icon

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

26 of 33 4/14/2014 11:48 AM

2) Enter RFC Destination: RFC_TO_PORTAL, Connection Type: T, Program ID: sapj2ee_port

3) Enter Gateway host = LU Name, Gateway service: sapgw00

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

27 of 33 4/14/2014 11:48 AM

4) Save and test the connection

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

28 of 33 4/14/2014 11:48 AM

5) Connection is ready

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

29 of 33 4/14/2014 11:48 AM

I) Login to portal

1) Execute TCODE: SOLMAN_WORKCENTER

2) The second layer authentication login screen will be bypass

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

30 of 33 4/14/2014 11:48 AM

3) That all for the SSO integration between backend system and front end portal

Error importing Front end: Import the backend certificate (section G)

1) Sample error appear during the import process

2) Rename the filename to a shorter filename

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

31 of 33 4/14/2014 11:48 AM

Posted by Eddie Lee at 6:30:00 pm

Labels: Administration, Maintenance, Solution Manager, Troubleshooting

3) The import of the certificate will be successful

Recom m end this on Google

1 comment:

Anonymous Wednesday, February 12, 2014 6:09:00 pm

Nice one...!! Thanks.

Reply

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

32 of 33 4/14/2014 11:48 AM

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...

33 of 33 4/14/2014 11:48 AM