Академический Документы
Профессиональный Документы
Культура Документы
Applies to:
EP7.0 SPS14 and above
SAP ECC6.0 SPS14 and above
Summary
Single Sign-On provides single point access to systems in the landscape. SSO is mainly categorized into two
types SSO using User Mapping method and Logon Ticket method. In the article I have configured SSO using
Logon Ticket method
Author Bio
Venkata sriharsha has 2 years of experience in IT Industry as SAP NetWeaver Consultant and
working on various new dimensional components.Working on SAP EP7.0 , BI and PI
implementation, support and maintenance.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 1
Single Sign-On (Logon Ticket)
Table of Contents
Single Sign-On (SSO) Configuration .................................................................................................................. 3
Procedure ........................................................................................................................................................ 3
Backend System .......................................................................................................................................................... 3
Configuration Steps: ........................................................................................................................................ 4
Portal System ( Issuing Ticket ) ................................................................................................................................... 4
Backend System: (Accepting Ticket) ........................................................................................................................... 5
Testing SSO: ...................................................................................................................................................... 8
Disclaimer and Liability Notice .......................................................................................................................... 13
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 2
Single Sign-On (Logon Ticket)
Backend System
Login to the backend system with user having authorizations to work with TCD RZ10
Call TCD RZ10 – select “instance profile” -- Extended maintenance – click on “change”
Click on tab
Set the profile parameter’s
Set the parameters
Login/accept_sso2_ticket=1
Login/create_ss02_ticket=0
Set these parameters to accept the ticket from issuer (portal) and it can’t create any ticket.
Also set the FQHN (fully qualified host name)
Icm/host_name_full=<FQHN> ( company name.domain.com)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 3
Single Sign-On (Logon Ticket)
Note: You have to restart the SAP Instance to get effected by the changes.
Configuration Steps:
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 4
Single Sign-On (Logon Ticket)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 5
Single Sign-On (Logon Ticket)
On the Certificate column you can see the details of ticket issuer system (Portal)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 6
Single Sign-On (Logon Ticket)
The above process has to be done only once in the system (i.e., to add certificate to System PSE)
0n the Certificate column click on the tab to add certificate to SS0 access control
list.
Click on SAVE
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 7
Single Sign-On (Logon Ticket)
Testing SSO:
Defining System Aliases
Login to portal with Administrative rights
Click on Finish
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 8
Single Sign-On (Logon Ticket)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 9
Single Sign-On (Logon Ticket)
You have fill in the following details of the backend system (here ECC6.0)
Application Host – host name of Backend System
Gateway Host
Gateway Service – sapgw<instance no>
Remote Host Type – 3 (connection to R3 system)
SAP Client – client where we added ticket to access control list
SID
SAP System Number
Server Port – 32<instance no> (Dispatcher port) as we are using connection type for dedicated
application server
System Type – SAP_R3 /SAP_BW/SAP_CRM
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 10
Single Sign-On (Logon Ticket)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 11
Single Sign-On (Logon Ticket)
Note: In SSO using Logon Ticket method both the frontend (EP) and backend (ECC) should have same users
(generally in backend we use service user) .
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 12
Single Sign-On (Logon Ticket)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 13