cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO for SMP 3.0sp7 and NWGW

Former Member

on ‎06-04-2015 11:12 AM

0 Kudos

Hi,

We need to configure sso between SMP 3.0 sp7 and NetWeaver gateway server.our architecture is SMP 3.0--NWGW central hub--Backend system Ecc. Ldap configuration has been done between AD and SMP 3.0 (End user will login in to the mobile device using windows AD user account and it will fetch data from backend system via nwgw. I hope sso between NWGW and ECC can be done by StrustSSO, but single signon between SMP 3.0 and NWGW is new to us,Kindly help me by sharing any document for this.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎06-17-2015 8:29 AM
0 Kudos

IMO, you have to export certificate of Gateway server and import it into SMP server keystore.

1. You can directly export the certificate from OData service document

2. Go to SMP server installation path, run below command


C:\SAP\MobilePlatform3\Server\configuration>keytool -import -v -alias gw -keystore smp_keystore.jks -storepass changeit -file <GW server certificate>


gw: any name of your choice

changeit: SMP keystore password (you have to enter as per your configuration done while SMP installation)


3. Open Admin cockpit :

     select SSO as one of the SSO2 mechanism under Backend tab,

      Under Authentication tab, add HTTP/HTTPS authentication security provider


e.g.



(Above scenario doesn't fit for mutual way authentication)


You can verify that security profile settings using   (Example 2)


For any SMP related query, feel free to post it at



Regards,

JK

Show replies
Show replies
Former Member
‎09-22-2015 1:58 PM
0 Kudos

Hi JK,

I am testing SSO from SMP 3.0 SP07 with GW.

I have 2 apps abc1 & abc2. abc1 has Basic + HTTP without MYSAPSSO2 cookie. where as abc2 has SSO + HTTP with MYSAPSSO2 cookie as you mentioned above.

I have 2 issues.

1. Even when I log in with different USER credentials, both applications are working fine but only one USERID is getting logged into SAP ECC.

2. Can I test SSO using rest client? Pls see screen shots. For abc1, I see MYSAPSSO2 cookie is coming in rest client but for abc2 MYSAPSSO2 cookie value did not come. Is this how it should work?

Is my ECC system correctly configured for SSO using MYSAPSSO2 cookie?

Thanks

seenu

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎09-23-2015 10:28 PM
0 Kudos

Hello Seenu,



1. Even when I log in with different USER credentials, both applications are working fine but only one USERID is getting logged into SAP ECC.

What about registration at SMP ? Do you see both users registered for respective apps? Are you able to see data for both apps in REST client (GET method) ?



2. Can I test SSO using rest client? Pls see screen shots. For abc1, I see MYSAPSSO2 cookie is coming in rest client but for abc2 MYSAPSSO2 cookie value did not come. Is this how it should work?


Is my ECC system correctly configured for SSO using MYSAPSSO2 cookie?

This is the correct behavior of SSO2 mechanism with respect to MYSAPSSO2 cookie, i can confirm it.

more info on SSO2:

  • SSO2 – authenticates the user to the back end using a MYSAPSSO2 token. You can use this mechanism only if an HTTP/HTTPS provider is configured in the security profile, and it authenticates the end user to SAP Mobile Platform Server against a Web server that returns a MYSAPSSO2 token.

Regards,

JK

behlau_carlos
Contributor
‎06-16-2015 12:30 PM
0 Kudos

Hello Vinodh,

can you check out

=> Documents

Best regards

Carlos Behlau

Show replies
Show replies
Ask a Question