Scribd
Upload
258 views10 pages

Single Sign-On With SAP Netweaver 7.3

The document provides step-by-step instructions for configuring single sign-on between an SAP ERP 6.0 system and an SAP NetWeaver 7.3 system. It describes setting profile parameters and keys in both systems, defining the trust relationship, configuring authentication in the NetWeaver system, and testing the single sign-on functionality.

Uploaded by

Kondapalli Srinu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
258 views10 pages

Single Sign-On With SAP Netweaver 7.3

The document provides step-by-step instructions for configuring single sign-on between an SAP ERP 6.0 system and an SAP NetWeaver 7.3 system. It describes setting profile parameters and keys in both systems, defining the trust relationship, configuring authentication in the NetWeaver system, and testing the single sign-on functionality.

Uploaded by

Kondapalli Srinu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

SAP Network Blog: Single Sign-on with SAP Netweaver 7.

Page 1 of 10

Blogs

Single Sign-on with SAP Netweaver 7.3

Subscribe

Sunny Pahuja
Business Card
Company: PricewaterhouseCoopers Pvt. LTD.
Posted on Jan. 04, 2012 02:42 AM in Application Server, Enterprise Portal (EP), SAP
NetWeaver Platform

Print
Permalink
Share

Let's BeginThis is my second Blog on SAP Netweaver 7.3. In this blog, I will discuss about how to configure Single Sign-on between SAP
Business Suite 7 & above system with SAP Netweaver 7.3 systems. In my below example my As ABAP system is on SAP ERP 6.0
EHP5 and As Java system on SAP Netweaver 7.3.

Profile ParametersSet below parameters in As ABAP system in instance profile1)

login/create_sso2_ticket=2

2)

login/accept_sso2_ticket=1

3)

login/password_change_for_SSO=0 (Optional) (The obligation to change the password is ignored)

4)

icm/host_name_full= <FQDN>

5)

SAPFQDN=<domain name> (Set this parameter in Default Profile)

Set below parameters in As Java in default profile1)

SAPFQDN=<domain name>

Note: After all the parameters are set, restart your system.

Process1)

Go to URL

http://<server>:<port>/sso2

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

SAP Network Blog: Single Sign-on with SAP Netweaver 7.3

Page 2 of 10

Click on Add Trusted system By Querying Trusted System


Select system Type- ABAP (In case of single sign-on between 2 As Java systems, select Java)
On next screen, enter details of As ABAP system

If you are not using SNC then keep option Disable in SNC Protection.
On next screen, click Finish.

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

SAP Network Blog: Single Sign-on with SAP Netweaver 7.3

Page 3 of 10

Now system will be visible as trusted system.

2) Go to nwa of As Java (http://<server>:<port>/nwa)


Navigate to Configuration Authentication and Single Sign-ON
Then select Authentication Components. Select Policy Configuration Name- ticket.
a. Under authentication stack, select EvaluateTicketLoginModule Template, as a result of step 1, your called system will be
automatically populated there.

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

SAP Network Blog: Single Sign-on with SAP Netweaver 7.3

Page 4 of 10

Click on Edit.
b. Select Module CreateTicketLoginModule and Make its Flag as SUFFICIENT.
c. For CreateTicketLoginModule, Add following properties under Options of login module CreateTicketLoginModule
Name

Value

trusteddn1

CN=<SID>

trustedss1

CN=<SID>

trustedsys1

<SID>,<Client>

ume.configuration.active

true

Save.
3)
1.
2.
3.
4.

Go to nwa (http://<server>:<port>/nwa)
Go to Configuration- Certificates and Keys
Select TicketKeystore key storage views
Make sure that entry of your As ABAP system should be there.
Delete SAPLogonTicketKeypair and SAPLogonTicketKeypair-cert under Details of view TicketKeystore.

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

SAP Network Blog: Single Sign-on with SAP Netweaver 7.3

5.

Page 5 of 10

Click on Create Entry.

Enter below details hereEntry Name- SAPLogonTicketKeypair


Algorithm- DSA
Key Length- 1024
Select Store Certificate Option. And click next.

Enter below detailsSateOrProvinceName


OrganizationName
localityName
organizationalUnitName
commonName=<SID>
Click on Finish. After that, SAPLogonTicketKeypair and SAPLogonTicketKeypair-cert entries will populate.

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

SAP Network Blog: Single Sign-on with SAP Netweaver 7.3

4)
1.
2.
3.
4.
5.

Page 6 of 10

Download certificate of As Java system and upload it on As ABAP system.


Go to nwa http://<server>:<port>/nwa
Go to Configuration- Certificates and Keys
Select TicketKeystore key storage views
Export SAPLogonTicketKeypair-cert certificate.
Select export format as Base64X.509

Download it.
6. Import this portal certificate in As ABAP system in t-code strustsso2.
7. Add this portal certificate to Add to Certificate list and Add to ACL (while adding to ACL list, Enter SID of As Java system and
client as 000.

Restart the As Java system.


5)
1.

Go to http://<server>:<port>/irj/portal
Go to System Administration- System Landscape- System Landscape Overview- System Landscape

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

SAP Network Blog: Single Sign-on with SAP Netweaver 7.3

2.
3.

Page 7 of 10

Click on New.
Create System Object using Template. Please choose system template as per your requirement. In my case, I selected
system template- SAP system using dedicated application server.

4. Enter details as belo


System Name, System ID & Description

Enter Alias Name and click on Add.

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

SAP Network Blog: Single Sign-on with SAP Netweaver 7.3

Page 8 of 10

On Next screen, enter details for Connector, ITS and Web Application Server.
1.
Connector

Enter all details (Under application host, please enter FQDN)


2. ITS

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

SAP Network Blog: Single Sign-on with SAP Netweaver 7.3

Page 9 of 10

Enter all details (Under ITS Host Name, please enter FQDN)
ITS Host Name- <FQDN>:<ITS Port>
ITS Path- /sap/bc/gui/sap/its//webgui
ITS Protocal- HTTP (In case, HTTPS is activates then select HTTPS)
3. User Management

4. Web Application Server (Web AS)

Enter all details (Under ITS Host Name, please enter FQDN)
ICM Host Name- <FQDN>:<As ABAP port>
ICM Protocol- HTTP (In case, HTTPS is activates then select HTTPS)
Under Additional Wizard Steps, unmark checkbox. And click on Finish.
Click on Connection Test for this object and perform connection test for Connector, ICM & Web AS. And all tests should be
successful.
6. Check Single Sign-On. Go to http://<server>:<port>/irj/portal
1. System Administration Support- Application Integration and Session Management- Test and Configuration tools
2. Under Tool, Select Transaction and Click on run.
3. Under System, Select System that you created in step 5 and Enter any transaction code of your As ABAP system. And click
on Go.
4. It should login to your backend As ABAP system without asking password.

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

SAP Network Blog: Single Sign-on with SAP Netweaver 7.3

Page 10 of 10

By this way, Single Sign-On between your As ABAP and As Java system is configured.
In case, you face any problem during this test, then please refer to SAP note 495911 to activate trace and then analyze logs.
Cheers !!!

Sunny Pahuja
is a Senior Consultant with PricewaterhouseCoopers Pvt. LTD. Writings on SCN represent my own opinion and
don't necessarily represent the opinion of my employer.

Comment on this weblog


Showing messages 1 through 1 of 1.

Titles Only


Main Topics

Oldest First

Re:Single Sign-on with SAP Netweaver 7.3


2012-01-04 07:02:43 Jacob P George Business Card [Reply]
Nice Post Sunny...Really helpful and perfectly consolidated one.

Showing messages 1 through 1 of 1.

http://weblogs.sdn.sap.com/pub/wlg/28082

1/22/2012

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy