07-09-2012 10:31 AM
Hi Geeks,
I am new to SSO .
My requirement is that , we have certain SAP systems in our landscape .
We create users in those systems and communicate the user credentials to the respective users.
Now we thought of implementing SSO in those systems .
So instead of sending the user credentials .
Our Aim is to send the user id and SAP passport , so that the user can configure the same in their systems and use .
And we also need to create a program which will allow us to generate a certificate for a particular user.
Is this possible ?
Because in X.509 certificates should be got from Trust center ,
And SAP logon tickets are got from portal .
We are going to create passport to log in into SAP Gui through HTML.
What should i do now ?
07-09-2012 1:23 PM
HI Hima,
Yes it is possible. You don't have to create any program. SAP already has standard SSO configurations.
pre-requisites
1. Issuer Portal and target systems has to be in the same Domain (*.xxx.com)
2.Usernames of employees are the same in SAP Portal and SAP Backend
3.Trust configured between Issuer Portal and SAP Backend Systems
just do little search, you will find configuration details..
Regards
Imran
07-09-2012 1:23 PM
HI Hima,
Yes it is possible. You don't have to create any program. SAP already has standard SSO configurations.
pre-requisites
1. Issuer Portal and target systems has to be in the same Domain (*.xxx.com)
2.Usernames of employees are the same in SAP Portal and SAP Backend
3.Trust configured between Issuer Portal and SAP Backend Systems
just do little search, you will find configuration details..
Regards
Imran
07-10-2012 6:00 AM
Hi Imran ,
Thanks a lot for the reply .
We will try to do the configurations and check .
I will get back if i have any doubts .
Thanks a lot .
Will these configurations generate the passports ?
07-10-2012 8:27 AM
Hi Hima,
there are certain profile parameters for SSO configurations to set for passwords (not passport )
1) login/password_change_for_SSO=0
The obligation to change the password is ignored. No password change dialog box is displayed.
2) login/password_change_for_SSO=1 (default setting)
The password must be changed or deleted. The password change dialog box appears with an additional delete button.
3) login/password_change_for_SSO=2
The password change dialog box appears and the password must be changed (input: old and new password).
4) login/password_change_for_SSO=3
The password can only be deactivated. The password is automatically deactivated and no dialog box appears.
Best Regards
Imran
07-10-2012 11:00 AM
Hi Imran ,
I am talking about SAP passport which contains the certificate for sso .
These SAP Passports we configure in the browser to activate SSO .
Is there a possibility to get this locally without contacting the trust center ?
The method which you mentioned is not using these X509 certificates right ?
which is the easier method to do this
07-10-2012 12:16 PM
HI Hima,
Sorry I got you wrong, i usually use certificate word instead of passport.
Anyway, I was talking about SAPLGON cert. which we import in SAP backend via SSTRUSTO2. But your requirement is diffrent.
check out below link, http://help.sap.com/saphelp_nw04s/helpdata/en/b1/07dd3aeedb7445e10000000a114084/content.htm
07-10-2012 12:48 PM
Hi Imran ,
Thanks for the reply .
Actually my requirement does not constrict me to X509 certificate .
I can use any method to implement the SSO .
But i need a easier method for the same to do it locally .
I understood that there are 2 easier methods
Can you tell me which is the easier way to do that ?
And also it will be nice if you tell me how to do that ?
07-10-2012 1:04 PM
Hi Hima,
We have implemented SSO with logon tickets and i felt is easier method.
Please follow , http://help.sap.com/saphelp_nw2004s/helpdata/en/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
07-11-2012 4:42 AM
Hello Hima,
If you are going to use logon tickets then you need few more settings which are not indicated in the link which you have picked up :-
Hope this helps.
Thanks,
Dev