Post on 17-Oct-2015
description
transcript
... Tutorials, tips and tricks about my experiences with SAP Basis ...
Home Systems Authorization Database Reporting ABAP About
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
1 of 33 4/14/2014 11:48 AM
3) Portal menu
This additional login level can be overcome with the integration of Single Sign On (SSO) by setting up a trustedrelationship between the backend system and the portal.
Steps to configure the SSO integration between backend system and front end portal:
A) Front End: Export certificate from portal
1) Login to Visual Administrator Refer to How to execute or run J2EE Engine Visual Administrator
InSS*Ae
cASTinoeW
HO(b(F
P
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
2 of 33 4/14/2014 11:48 AM
2) Select Cluster: Server -> Services -> Key Storage -> Runtime tab -> Views: TicketKeystore -> Entries: SAPLogonTicketKeypair-cert -> Click "Export" button
3) Save the file on the backend server (SAP system)
pOM
SPHsth
"SSSthnSe"S
pp1e
WSutia
Atr
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
3 of 33 4/14/2014 11:48 AM
4) Enter filename. Ex: portal_sid_certificate.crt
B) Backend: Create a user "SAPJSF"
thuSb
ntoSSto
wpfodC
aSlaPaan
V
A
-
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
4 of 33 4/14/2014 11:48 AM
1) Execute TCODE: SU01 -> display user: SAPJSF" (if user not exist create a new user, user type: system)
2) Assign roles "SAP_BC_JSF_COMMUNICATION" and "SAP_BC_USR_CUA_CLIENT_RFC"
3) Check "icm/host_name_full parameter" been configured correctly in Default profile
CAAS
-
V
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
5 of 33 4/14/2014 11:48 AM
4) Execute TCODE: RZ10 to ensure parameter for "login/accept_sso2"_ticket and "login/create_sso2_ticket" areready or create it if necessary
L
R
ABcbsva
A"to((b(FA"ERWAMFASA"tocthmASBOoSAvBA"toVaA"AFTA"tocth
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
6 of 33 4/14/2014 11:48 AM
5) Select Instance profile
5) Click "Extended maintenance" and "Change" button
6) If the 2 parameters not available, Click the "Parameter" icon to create it
T
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
7 of 33 4/14/2014 11:48 AM
7) Enter Parameter name: login/accept_sso2_ticket, Parameter val: 1 and click "Copy" button
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
8 of 33 4/14/2014 11:48 AM
8) Enter Parameter name: login/create_sso2_ticket, Parameter val: 2 and click "Copy" button
9) Make sure the parameters are correct
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
9 of 33 4/14/2014 11:48 AM
10) Save the profile
11) Restart the SAP system
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
10 of 33 4/14/2014 11:48 AM
12) Restart with sapmmc
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
11 of 33 4/14/2014 11:48 AM
13) Click "OK:
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
12 of 33 4/14/2014 11:48 AM
14) Wait for the reboot
C) Backend: Import the front end certificate created earlier
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
13 of 33 4/14/2014 11:48 AM
1) Execute TCODE: STRUSTSSO2
2) Click "Certificate" -> "Import"
3) Click 'Binary" and Select the portal certificate created earlier
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
14 of 33 4/14/2014 11:48 AM
4) Click the "tick" button
5) Click "Allow"
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
15 of 33 4/14/2014 11:48 AM
6) Certificate imported successfully
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
16 of 33 4/14/2014 11:48 AM
7) Click "Add to certificate list and continue clicking on the "Add to ACL" button
8) Enter System ID: J2E, Client: 000
9) New entry created at the Logon ticket section
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
17 of 33 4/14/2014 11:48 AM
10) Click "Save" button
D) Backend: Export certificate
1) Click the "Export" button
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
18 of 33 4/14/2014 11:48 AM
2) Select "Binary" and enter filename ex: abap_back end_certificate.crt (to be import into front end server)
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
19 of 33 4/14/2014 11:48 AM
3) Click "OK"
E) Front end: Create a JCo RFC provider
1) Execute TCODE: SMGW and mark down the LU Name, TP Name
2) Select Cluster: Server -> Services -> JCo RFC provider -> Runtime tab -> Bundles tab -> Registered server Enter Program Id: sapj2ee_port, Gateway host: LU Name, Gateway service: sapgw00, Server Count (1..20): 1
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
20 of 33 4/14/2014 11:48 AM
3) Click Repository: Specify Application Server Enter: Application server host: LU Name, System number: 00 (according to the relevant SAP system), Client: 000 (according to the relevant SAP system), Language: EN, User: SAPJSF, Password: master password created during installation or password reset for user: SAPJSF Click "Set" button
F) Front end: Add back end to security providers list
1) Select cluster: Server -> Services -> Security Provider -> Runtime tab -> Policy Configuration -> Components: ticket Click the "Pencil" button to switch to edit mode
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
21 of 33 4/14/2014 11:48 AM
2) Select Authentication tab -> "com.sap.security.core.server.jaas.EvaluateTicketLoginModule" Click Modify" button
3) Enter the following details: Name: ume.configuration.active, Value: true Name: trustedsys1, Value: SID,Client number
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
22 of 33 4/14/2014 11:48 AM
Name: trustediss1, Value: CN=SID Name: trusteddn1, Value: CN=SID Click "OK" button
4) Select cluster: Server -> Services -> Security Provider -> Runtime tab -> Policy Configuration -> Components: evaluate_assertion_ticket Select Authentication tab -> "EvaluateAssertionTicketLoginModule" Enter the following details: Name: ume.configuration.active, Value: true Name: trustedsys1, Value: SID,Client number Name: trustediss1, Value: CN=SID Name: trusteddn1, Value: CN=SID Click "OK" button Click Modify" button
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
23 of 33 4/14/2014 11:48 AM
G) Front end: Import the backend certificate
1) Select Cluster: Server -> Services -> Key Storage -> Runtime tab -> Views: TicketKeystore -> Entries: SAPLogonTicketKeypair-cert -> Click "Load" button
2) Select the "abap_back end_certificate.crt" that created from the backend system
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
24 of 33 4/14/2014 11:48 AM
3) The certificate imported successfully
4) Click "Yes" to exit the Visual Administrator
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
25 of 33 4/14/2014 11:48 AM
5) Restart the SAP system with sapmmc
H) Backend: Create and test the RFC connection
1) Execute TCODE: SM59 -> Select "TCP/IP Connection" -> Click "Create" icon
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
26 of 33 4/14/2014 11:48 AM
2) Enter RFC Destination: RFC_TO_PORTAL, Connection Type: T, Program ID: sapj2ee_port
3) Enter Gateway host = LU Name, Gateway service: sapgw00
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
27 of 33 4/14/2014 11:48 AM
4) Save and test the connection
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
28 of 33 4/14/2014 11:48 AM
5) Connection is ready
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
29 of 33 4/14/2014 11:48 AM
I) Login to portal
1) Execute TCODE: SOLMAN_WORKCENTER
2) The second layer authentication login screen will be bypass
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
30 of 33 4/14/2014 11:48 AM
3) That all for the SSO integration between backend system and front end portal
Error importing Front end: Import the backend certificate (section G)
1) Sample error appear during the import process
2) Rename the filename to a shorter filename
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
31 of 33 4/14/2014 11:48 AM
Posted by Eddie Lee at 6:30:00 pm
Labels: Administration, Maintenance, Solution Manager, Troubleshooting
3) The import of the certificate will be successful
Recom m end this on Google
1 comment:
Anonymous Wednesday, February 12, 2014 6:09:00 pm
Nice one...!! Thanks.
Reply
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
32 of 33 4/14/2014 11:48 AM
SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee... http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
33 of 33 4/14/2014 11:48 AM