06-20-2008 3:58 PM
Hello All,
I need to perform the activity of SSO(SingleSignOn) in our project and regarding that i have few queries:
1>Can any one send the link which gives the document to perform SSO.
2>While performing SSO to back end system, is it necessary to perform the activity of
Exporting the SSL client of Portal and import into backend R3 system , or only the activity of exporting the SSL of R3 backend system and importing into portal system 5.0 .?
3>As I am doing this activity for the first time , <removed_by_moderator> ..
Best Regards
Rakesh
Edited by: Julius Bussche on Jun 21, 2008 8:59 PM
06-20-2008 10:01 PM
Hello. I'm don't know EP 5.0 but in 7.0 the process is :
In backend you add in istance profile some parameters, restart the R3, export sertificat from portal, import in backend, add in sertificats list and after in ACL (in required client). The Users ID's must be same in portal and backend (if not you can use SSO with user mapping or SAP reference system ) About SSO in EP 5.0 read
http://help.sap.com/saphelp_ep50sp6/helpdata/en/38/76bd3b6e74d708e10000000a11402f/frameset.htm
>Security>Single Sign-ON. Regards. <removed_by_moderator>
Edited by: Julius Bussche on Jun 21, 2008 9:00 PM
06-21-2008 2:20 PM
Hi,
You can follow these steps to have SSO:-
1. Log on to Visual administrator and under service-> keystorage -> ticket keystore -> make a new SAPLogonTicketKeypair and SAPLogonTicketKeypair-cert and then export the cert.
2.) Check existence of SAPJSF user in target system
a) Create if necessary using transaction SU01.
b) User should have two roles: SAP_BC_JSF_COMMUNICATION and SAP_BC_USR_CUA_CLIENT_RFC (if you have CUA in place).
c) Probably you will have to generate profiles for those roles in target system (transaction PFCG).
3.) make sure that "login/create_sso2_ticket" is set to "2" and "login/accepte_sso2_ticket" set to "1" in the target SAP system. You can chnge it through RZ10
4) Import portal certificate to target system
a) Use transaction STRUSTSSO2 in target system
b) push "Import certificate" button in the middle of the screen
c) in 'File path' field enter path to *.der file, you created in step 1 (or point at it via 'Browse' button)
d) Press "Enter"
e) Press 'Add to certificate list' button and then 'Add to ACL button
5) Create an JCo RFC provider in J2EE engine of portal system.
a) Logon to J2EE using J2EE Admin tool (go.bat)
b) navigate to 'Server' >> 'JCo RFC provider' node
c) On the right side of the screen choose any entry in 'Available RFC destinations' area.
d) Enter information about new destination:
- Program ID: name of the program (you will need it later) - sapj2ee_port, for example
- Gateway host - FQDN of target system - server.domain.com, for example
- Gateway service - sapgw00 for example
e) in 'Repository' section enter:
- Application server host - FQDN of target system - server.domain.com, for example
- system number - 00, for example
- client - 100, for example
- logon language - EN
- user - SAPJSF (from step 2)
- password (from step 2)
f) press 'Set'
6) Add target system to Security providers list
a) Open J2EE Admin and navigate to 'Server' >> 'Services' >> 'Security Provider'. In components select 'Ticket'. Enter edit mode (button with pencil above)
b) select 'Login module' "com.sap.security.core.server.jaas.EvaluateTicketLoginModule" and press 'Modify'
c) ensure that "ume.configuration.active" is set to "true"
d) enter following info:
. - Name - 'trustedsysN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trustedsys1'). Enter , as a value (C11,100 for example)
- Name - 'trustedissN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trustediss1'). Enter CN= as a value (CN=C11 for example)
- Name - 'trusteddnN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trusteddn1'). Enter CN= as a value (CN=C11 for example)
e) Press 'OK'
f) Do substeps b,c,d,e in 'evaluate_assertion_ticket' view for "com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule" login module.
7) Make sure on target system, the RFC connection is configured for the portal.
06-21-2008 10:02 PM