"Send SAP Logon Ticket" option not available in SM...

Former Member · ‎01-10-2011

Dear All,

We have restored production ECC 6.0 on test environment for testing and configuration of SSO .As a part SSO, when i am creating RFC destination from backend server to portal, "Send SAP Logon Ticket" option is not available in SM59 under "Logon & Security'". Instead options available is "Send assertion Ticket".

I don't whether this thing will create problem in SSO configuration and working of SSO.

Why option "Send SAP Logon Ticket" is not available under SM59 and how to make it available.

Backend System(R/3), system Details:

-

OS : Solaris 10

SAP : ECC 6.0

Database : Oracle 10

Also i am new to SDN. Kindly let us know how and on what basis points are to be given.

Also kindly suggest the link PDF fo SSO configuraiton on Unix platform.

Thanks and Regards.

Aakash Hambarde

former_member218672 · ‎01-10-2011

Hi Aakash,

1. First you need to export the public cert from the ticket issuing server.

Visual Admin -> Server -> Key Storage -> TicketKeystore -> SAPLogonTicketKeypair-cert -> Export

2. Then you need to import the cert into the ticket accepting server.

Visual Admin -> Server -> Key Storage -> TicketKeystore -> Load

3. Configure the "ticket" security stack template of the accepting server.

Visual Admin -> Server -> Security Provider -> ticket

Then modify the options of the EvalTicket module as per note 721815.

Hope this helps,

Regards,

Sen

Former Member · ‎01-11-2011

Dear Sen,

I am facing issue in R/3 backend system for creating T RFC in T-code SM59 wherein i am not finding option "Send SAP Logon Tickets". I want to know how to enable that option(Send Sap Logon Tickets) in backend R/3 system for creating RFC destination.

While creation of RFC i am getting option in SM59 as "Send assertion Ceritifcate" which i should not get.

Secondly you are asking me to do the changes at EP level. But i am facing issue in backend ECC system.

Kindly revert .

Aakash.

Former Member · ‎01-13-2011

Dear All,

My issue is not yest resolved.

I am not getting "send sap logon ticket" option in SM59 for creating T RFC for SSO configuration in backend ECC 6.0 system.

Instead of option "send sap logon ticket", option available is getting "assertion logon ticket"

How do activate/enable option "send sap logon ticket" in SM59 for creation T RFC for SSO configuration.

Regards,

Aakash

Former Member · ‎01-14-2011

Hi,

There should not be any problem using SAP Assertion Ticket for the authetication for SSO.

In newer SAP versions , we have option of SAP Assertion Ticket instead of SAP Logon Ticket.

The SAP Assertion Ticket is fully compatible with the SAP Logon Ticket.

Please check out following link:-

http://help.sap.com/saphelp_nw04s/helpdata/en/96/a75742b6081053e10000000a155106/frameset.htm

Thanks,

Vishal

WolfgangJanzen · ‎01-16-2011

>


>  "Send SAP Logon  Ticket" option is not available in SM59 under "Logon & Security'". Instead options available is "Send assertion Ticket".

The label "Send Assertion Ticket" is the correct one - in previous release the wrong text "Send Logon Ticket" was used.

What's the difference between both?

"Logon Tickets" will be issued in exchange to valid credentials (usually that happens during logon, therefore the name).

They are typically valid for several hours and not issued for one particular recipient.

Historic background: "Logon Tickets" have been designed for the "Workplace server" (WP 2.11 - for those who can remember) for the purpose of "SSO in Workplace system landscape" (the Enterprise Portal is a kind of Workplace successor).

"Assertion Tickets" will be issued only while performing an outbound communication (providing an assertative statement on the "current user" to be passed to the communication peer, enabling "principal propagation"). Thus they are short-lived (2 minutes validity, hard-coded) and should contain the information on the "intended recipient". For historic reasons the "intended recipient" information is not mandatory, but it is highly recommended to enter this constrainting information in the SM59 destination.

From a technical point of view, Assertion Tickets are special Logon Tickets (shorter validity, recipient constraint, non-cacheable). And talking of that, Re-entrance Tickets are special Assertion Tickets (with issuer = recipient).

Former Member · ‎01-17-2011

Thanks for Reply,

The system i am refering for the logon issue is replica of production server. After making the replica we have installed EHP4 in the same. But option available in actual production environment and replica are different. In actual production environment option available is "Logon Tickets" and in replica server is "assertion tickets". I thought this new option may by beacuse of EHP4 upgradation in replica server.

But when i compared the replica server with other production server with "ECC6- EHP4" i found the option "Logon tickets". It means one production server with ECC 6.0-EHP4 has option of "Logon tickets" and other server(replica) ECC 6.0-EHP4 has option of "asserstion ticket"

Actually i am facing problem in SSO configuration, i am checking all the options one by one as per my document. What differece i face in document and acutal scenario is " Logon procedure option" and that is why i post this message.

As per your message "assertion ticket" option is OK, but let me know with this option will i be able to configure SSO

successfully or i need to do some more setting in the configuration.

"Send SAP Logon Ticket" option not available in SM59 under "Logon & Securit