SSO from EP to SRM and then on to another client
My company is going live with EP using a single i-view. They call the main SRM bbp from a URL i-view set up in client 920. The SSO works fine to this client.
My problem now is when the user accesses the back end SRM system they can click a link that takes them to another client (900) in the back end. You can SSO directly to this client from EP but when they use the link it prompts them for a logon to the second client.
I have added the certificate from the back end system to the ACL and set the "create_ticket" parameter to 2 but it is still prompting them to logon. I've also ran SSO2 and entered the host/client and RFC information and 'activated' this. Everything is green when I log in though it does say that the certificate will not be added to the ticket.
Do I need to add something to EP to have the second client know that it can trust the ticket it has? Do I need to create a second ticket for the user (if this is possible) when they log in to the back end 920? There is little information on setting up a system in this configuration.
Everything works if they go straight there but they've decided not to use the SRM content in EP but rather work exclusivly on the back end using EP for user authentication with LDAP.