cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO issue in Portal 7.31

former_member261631
Participant

on ‎06-13-2013 8:39 AM

0 Kudos

Hi,

I have configured SSO in SAP Portal 7.31 with SAP BI 7.01 system.

I have referred following bolg for the SSO configuration in Portal 7.31.

http://scn.sap.com/people/sunny.pahuja2/blog/2012/01/04/single-sign-on-with-sap-netweaver-73

But after configuration, I am getting mention logon popup message in Portal 7.31. I have tried and ensured every configuration to be done...

This seems pretty okay, but facing problems.

I am hope both (SAP Portal 7.31 & SAP BI 7.01) system version are compatible enough for SSO configuration.

Like to know where I am going wrong in SSO configuration or whether I am missing something…?

Regards,

Hanif

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-13-2013 2:19 PM
0 Kudos

Hi Hanif,

First of all it is not a compatiblity issue. There can be various reason for this issue to come :

1. Check if the user account is existed in backend and is valid and not locked.

2. If the issue is coming only for one user the create and accept parameters as said above should not be a issue( if it is not configured, the issue will come for all).

3. Check if the Certificate that you are using is valid and  not expired. Maybe you can delete the certificate and import it again to backend correctly.

4. If using Central and dialog instaces ladscape ,check if you have done distribute action after right click on System PSE in STRUSTSSO2 in  backend system.( as needed for the certificate to be applicable for all dialog instances).

5. Check the connector properties for correct host name and port no and system type.

6. Check if the system is maintianed in SLD.

The above steps and check list should solve the issue, check all of them one by one. If still facing the issue, please let me know, would like to explore more.

Award with points if the steps are useful.

Regards,

Rakesh Singh

Show replies
Show replies
Former Member
‎06-13-2013 10:01 AM
0 Kudos

Hello

Are you using FQDN when reaching to portal site and also did you configured ABAP system parameters?

  1. login/create_sso2_ticket=2
  2. login/accept_sso2_ticket=1
  3. icm/host_name_full= <FQDN>

Another thing, is your ABAP user a service user or a dialog user?

Also check for ITS services on your ABAP side whether they are active or not.

Final thing, check your ABAP system on Java portal, test all system connections which you have created.

Best regards

Kaan

Show replies
Show replies
former_member261631
Participant
‎06-13-2013 10:35 AM
0 Kudos

Hi Kaan,

Thanks for you reply...

1. Mention ABAP system paramters are already configured in SAP BI system.

2. SAP BI ABAP user through which I am login in portal and connecting to SAP BI to run BI reports is of dialog user type in SAP BI system.

3. Required services in SICF is already activated in SAP BI system. Any specific service you know related to sso between portal & SAP BI system, which need to be activated..? I hope to run SAP BI report through portal apart from bsp & ITS service no other service is required...Which is already activate in SAP BI system and supporting well to our other Portal 7.01 system. But this SSO issue lies with Portal 7.31 system.

4. When I am trying to access SAP portal through complete FQDN as url in browser and trying to test system object for SAP BI system by following step:

a) System Administration – Support- Application Integration and Session Management- Test and  Configuration tools

b) Under Tool, Select Transaction and Click on run.

c) Under System, Select System that you created in step 5 and Enter any transaction code [Here I am using Su01] of your As ABAP system. And click on Go.

d) It should login to your backend As ABAP system without asking password.

 

I am getting below mention logon popup window message in portal 7.31...

For your kind information, I am not using https protocol while accessing SAP Portal 7.31 in browser and neither I have mention https protocol for SAP BI SystemObject in Portal 7.31..So not able to understand why https protocol is creating issue for SSO...?

Regards,

Hanif

Sriram2009
Active Contributor
‎06-13-2013 1:29 PM
0 Kudos

Hi

Pls follow the below steps for SSO

1. Ensure that the BI (ABAP) system is SSO enabled.
Ensure that the following parameters have the required values:
login/create_sso2_ticket = 2
login/accept_sso2_ticket = 1
Use report RSPARAM to check the values of these parameters.
If necessary, use transaction RZ10 to change the values of these parameters.
If you have to change these parameters, remember to restart the ABAP system afterwards.

2. Check that the logon group of your BI (ABAP) system is set up (use transaction smlg e.g.).

3. Before you set up JCo destinations in the Web Dynpro Content Administrator of the J2EE Engine,
ensure that user SAPBIMETA has been established in the BI (ABAP) system and
has been assigned role "SAP_BC_JSF_COMMUNICATION_RO" and profile "S_BW_RFC".

4. Make sure that the http port of the message server of your BI (ABAP) system is set.

5. Registry your ABAP system in the SLD (system landscape directory) before.

6. Make sure the connection parameters related to SLD system are correctly typed.
(go to visual administrator -> "SID" -> Server xx -> Services
-> Configuration adaptor -> CTC -> Propertysheet SystemProperties)

7. Create pse in ABAP (Transaction strustsso2).

Thanks & Regards

Sriram

Former Member
‎06-14-2013 12:24 PM
0 Kudos

Try like below

1) Export certificate from portal (verify.der and verify.pse)

a) Navigate to 'System Administration' >> 'System configuration' >> 'Keystore Administration'.

b) In 'Content' select "SAPLogonTicketKeypar-cert" and press'n'save "Download verify.pse file" and "Download verify.der file.

2) Check existence of SAPJSF user in target system

a) Create if necessary using transaction SU01.

b) User should have two roles: SAP_BC_JSF_COMMUNICATION and SAP_BC_USR_CUA_CLIENT_RFC (if you have CUA in place).

c) Probably you will have to generate profiles for those roles in target system (transaction PFCG).

3) Check profile parameters

a) use transaction RZ10

b) choose instance profile, 'extended maintenance', then 'Change'

c) make sure that "login/create_sso2_ticket" is set to "2" and "login/accept_sso2_ticket" set to "1"

4) Export certificate from target system (the system to which you want to connect using SSO from portal)

a) use transaction STRUSTSSO2

b) double-click on "Own Certif." on "CN=..." part.

c) press on "Export certificate" button in the middle of the screen and provide file name and path, where to save certificate file.

5) Import portal certificate to target system

a) Use transaction STRUSTSSO2 in target system

b) push "Import certificate" button in the middle of the screen

c) in 'File path' field enter path to *.der file, you created in step 1 (or point at it via 'Browse' button)

d) Press "Enter"

e) Press 'Add to certificate list' button and then 'Add to ACL button

6) Create a JCo RFC provider in J2EE engine of portal system.

a) Logon to J2EE using J2EE Admin tool (go.bat)

b) navigate to 'Server' >> 'JCo RFC provider' node

c) On the right side of the screen choose any entry in 'Available RFC destinations' area.

d) Enter information about new destination:

- Program ID: name of the program (you will need it later) - sapj2ee_port, for example

- Gateway host - FQDN of target system - server.domain.com, for example

- Gateway service - sapgw00 for example

e) in 'Repository' section enter:

- Application server host - FQDN of target system - server.domain.com, for example

- System number - 00, for example

- Client - 100, for example

- Logon language - EN

- User - SAPJSF (from step 2)

- Password (from step 2)

f) Press 'Set'

7) Add target system to Security providers list

a) Open J2EE Admin and navigate to 'Server' >> 'Services' >> 'Security Provider'. In components select 'Ticket'. Enter edit mode (button with pencil above)

b) select 'Login module' "com.sap.security.core.server.jaas.EvaluateTicketLoginModule" and press 'Modify'

c) ensure that "ume.configuration.active" is set to "true"

d) enter following info:

- Name - 'trustedsysN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trustedsys1'). Enter, as a value (C11,100 for example)

- Name - 'trustedissN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trustediss1'). Enter CN= as a value (CN=C11 for example)

- Name - 'trusteddnN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trusteddn1'). Enter CN= as a value (CN=C11 for example)

e) Press 'OK'

f) Do substeps b,c,d,e in 'evaluate_assertion_ticket' view for "com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule" login module.

😎 Import target system certificate to J2EE of portal system (from step 4)

a) Open J2EE Administrator and logon to portal instance

b) Navigate to 'Server" >> 'Services' >> 'Key storage'

c) in 'Ticket keystore' view press 'load' and select certificate of target system, you exported in step 3.

9) Restart J2EE instance.

10) Create RFC connection in target system

a) Use transaction SM59

b) Point to TCP/IP connections and press 'New'

c) Enter name for new connection ("RFC_to_portal", for example), enter connection type "T" (external TCP/IP application) and description. Save.

d) in 'Technical settings' choose "Registered server program" and enter application name from step 6d in "Program ID" field. Provide 'Gateway host' and 'Gateway service' same as in step 6d. Save. Test connection. RFC connection ready.

If you had to change or add parameters in RZ10 (in step 3), do not forget to restart target system.

Also double-check that portal server and target system are in a same domain, this is important for ticket issuing. This thing is always mentioned in various documents.

Now SSO is configured. Try to test it by creating simple iView, which launches WebGUI. Or just simply by going to System Admin - > Support -> SAP Application

Ask a Question