Scribd Logo
Upload

Welcome to Scribd!

  • How To Configure SSO Between ABAP and Portal

    Uploaded by

    asimalamp
    193 views44 pages
    SSO Configuration ABAP and Portal

    Original Title

    How to Configure SSO Between ABAP and Portal

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SSO Configuration ABAP and Portal

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    193 views44 pages

    How To Configure SSO Between ABAP and Portal

    Uploaded by

    asimalamp
    SSO Configuration ABAP and Portal

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 44

    How to configure SSO between ABAP and portal, Create an iview, open ABAP GUI using portal

    &
    LDAP Authentication to ABAP using portal
    ABAP-JAVA SSO Configuration

    Contents
    ABG BSLI SSO Configuration
    SAP Server details
    SAP System installation
    Configure portal
    Direct iview links to open the SAP system based on the AD user ID and password
    Unlocking users on Java
    Starting/Stopping server

    Scenario
    We have an existing ERP system where users login with their current SAP ID and
    password.
    They would like to be able to login with their LDAP ID and password to SAP, however,
    would like the password to be provided at least once. Hence they do not want an SSO
    using SNC or windows authentication.

    Solution
    Since the SSO shouldnt happen and they should still be able to logon with their LDAP
    ID and password. One of the solution is to have a Portal installed where users can use
    their LDAP ID and password to logon and configure SSO between Portal and ABAP
    server. So the solution steps are as below
    1) Install Java engine/Portal
    2) Configure portal to be authenticated using LDAP (e.g. LDAP UME datasource
    configuration)
    3) Configure SSO between ABAP and Portal
    4) Create Iviews to call ABAP Gui
    5) Provide link to users to access ABAP Gui while providing their LDAP ID and
    password on the portal.

    Portal installation

    (Windows/SQL Server)

    1) Install SQL Server


    E:Software51044827x86-x64-IA64EnterpriseEdition
    execute setup.exe

    Complete pre-requisite check -

    Provide Product key - GYF3T-H2V88-XXXXX-XXXXX-QRTYB

    2) Install Portal

    Swap size should be of at least 20 GB

    Changed the swap size

    Password set to - pass1234

    Password is
    set to pass1234!

    Configure portal

    Configure the UME


    Open url http://XXXXX:50000/useradmin
    And click on the configuration button and set the values as per the screenshot below

    Create System under system management


    1) Start the wizard

    2) Provide necessary values to the wizard and continue

    Create Necessary iviews

    1) Start the iview

    wizard
    2) Provide the system details and the transaction details and click go

    3) Choose the transaction and click on start upload

    4) Click Finish upon successful upload

    5) Change the ID of object as per the required naming convention here


    AXD_SYSTEM_SHORT

    Click Next on the ID change wizard

    Provide the required details and click Finish

    6) The iView is renamed as required

    Set the permissions for system and iviews


    1) Uner the permissions section of all the above created obejcts, add additional role
    everyone as per the screenshots below

    Configure ABAP & Java System Certificates


    1) Logon to Netweavar administrator using url http://XXXX.com:50000/nwa
    2) Under configuration tab choose Certification and Keys

    3) Choose TicketKeystore

    4) Choose Certificate pair and click


    export

    5) Download the file to desired


    location

    6) Export ABAP certificatie by logging on to 000 client and running transaction code
    Strustsso2
    7) Choose the system certificate and click export

    8) Save the file to desired locaiton

    9) Import the Java certificate by choosing the file

    10) Add the Java certificate to certificate list and ACL by clicking the respective
    buttons -

    11) Add the Java certificate to ACL in other clients e.g. 100, 110, 120

    12) Import ABAP Certificate into Java system under Configuration -> Certificate &
    Keys -> Ticket Store

    Direct iview links to open the SAP system based on the AD user
    ID and password
    Sample http://XXXXXX:50000/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fXXX!2fSESSION_MANAGER_AXD_SHORT
    ?sap-config-mode=true

    Portal Side: dowload certificate you need to select from Ticketkeystore by login to SAP Netweaver Administrator
    ABAP Side : Create SNC SAPCryptolib PSE with STRUST TCode in 000 Client
    Update below profile paramters
    login/create_sso2_ticket=2
    login/accept_sso2_ticket=1
    icm/host_name_full=

    Check Single Sign-On. Go to http://:/irj/portal


    Click on System Administration > Support ->Application Integration and Session Management -> Test
    and Configuration tools
    Click on Tool -> Select Transaction and Click on run
    Click System -> Select System that you created earlier and Enter any transaction code it should display
    ABAP Screen

    You might also like