SAP Basis For Beginner - How To Configure Single Sign On (SSO) Between SAP GUI (Backend System) and Portal (Front End)

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee...
http://www.sapbasisforbeginner.com/2013/09/how-to-configure-single-si...
... Tutorials, tips and tricks about my experiences with SAP Basis ...
Home Systems Authorization Database Reporting ABAP About
1 of 33
4/14/2014 11:48 AM
3) Portal menu
In S S *A e
This additional login level can be overcome with the integration of Single Sign On (SSO) by setting up a trusted relationship between the backend system and the portal. Steps to configure the SSO integration between backend system and front end portal: A) Front End: Export certificate from portal 1) Login to Visual Administrator Refer to How to execute or run J2EE Engine Visual Administrator
c A S T in o e W
H O (b (F
2 of 33
4/14/2014 11:48 AM
p O M
S P H s th
2) Select Cluster: Server -> Services -> Key Storage -> Runtime tab -> Views: TicketKeystore -> Entries: SAPLogonTicketKeypair-cert -> Click "Export" button
"S S S th n S e "S
p p 1 e
W S u ti a
3) Save the file on the backend server (SAP system)
A tr
3 of 33
4/14/2014 11:48 AM
th u S b
n to S S to
4) Enter filename. Ex: portal_sid_certificate.crt
w p fo d C
a S la P a a n
B) Backend: Create a user "SAPJSF"
4 of 33
4/14/2014 11:48 AM
1) Execute TCODE: SU01 -> display user: SAPJSF" (if user not exist create a new user, user type: system)
C A A S
V
2) Assign roles "SAP_BC_JSF_COMMUNICATION" and "SAP_BC_USR_CUA_CLIENT_RFC"
3) Check "icm/host_name_full parameter" been configured correctly in Default profile
5 of 33
4/14/2014 11:48 AM
4) Execute TCODE: RZ10 to ensure parameter for "login/accept_sso2"_ticket and "login/create_sso2_ticket" are ready or create it if necessary
A B c b s A v " a to ( (b A (F " E R A W M F A A S " to c th A m S B O o S A v B A " to V A a " A F A T " to c th R
6 of 33
4/14/2014 11:48 AM
T
5) Select Instance profile
5) Click "Extended maintenance" and "Change" button
6) If the 2 parameters not available, Click the "Parameter" icon to create it
7 of 33
4/14/2014 11:48 AM
7) Enter Parameter name: login/accept_sso2_ticket, Parameter val: 1 and click "Copy" button
8 of 33
4/14/2014 11:48 AM
8) Enter Parameter name: login/create_sso2_ticket, Parameter val: 2 and click "Copy" button
9) Make sure the parameters are correct
9 of 33
4/14/2014 11:48 AM
10) Save the profile
11) Restart the SAP system
10 of 33
4/14/2014 11:48 AM
12) Restart with sapmmc
11 of 33
4/14/2014 11:48 AM
13) Click "OK:
12 of 33
4/14/2014 11:48 AM
14) Wait for the reboot
C) Backend: Import the front end certificate created earlier
13 of 33
4/14/2014 11:48 AM
1) Execute TCODE: STRUSTSSO2
2) Click "Certificate" -> "Import"
3) Click 'Binary" and Select the portal certificate created earlier
14 of 33
4/14/2014 11:48 AM
4) Click the "tick" button
5) Click "Allow"
15 of 33
4/14/2014 11:48 AM
6) Certificate imported successfully
16 of 33
4/14/2014 11:48 AM
7) Click "Add to certificate list and continue clicking on the "Add to ACL" button
8) Enter System ID: J2E, Client: 000
9) New entry created at the Logon ticket section
17 of 33
4/14/2014 11:48 AM
10) Click "Save" button
D) Backend: Export certificate 1) Click the "Export" button
18 of 33
4/14/2014 11:48 AM
2) Select "Binary" and enter filename ex: abap_back end_certificate.crt (to be import into front end server)
19 of 33
4/14/2014 11:48 AM
3) Click "OK"
E) Front end: Create a JCo RFC provider 1) Execute TCODE: SMGW and mark down the LU Name, TP Name
2) Select Cluster: Server -> Services -> JCo RFC provider -> Runtime tab -> Bundles tab -> Registered server Enter Program Id: sapj2ee_port, Gateway host: LU Name, Gateway service: sapgw00, Server Count (1..20): 1
20 of 33
4/14/2014 11:48 AM
3) Click Repository: Specify Application Server Enter: Application server host: LU Name, System number: 00 (according to the relevant SAP system), Client: 000 (according to the relevant SAP system), Language: EN, User: SAPJSF, Password: master password created during installation or password reset for user: SAPJSF Click "Set" button
F) Front end: Add back end to security providers list 1) Select cluster: Server -> Services -> Security Provider -> Runtime tab -> Policy Configuration -> Components: ticket Click the "Pencil" button to switch to edit mode
21 of 33
4/14/2014 11:48 AM
2) Select Authentication tab -> "com.sap.security.core.server.jaas.EvaluateTicketLoginModule" Click Modify" button
3) Enter the following details: Name: ume.configuration.active, Value: true Name: trustedsys1, Value: SID,Client number
22 of 33
4/14/2014 11:48 AM
Name: trustediss1, Value: CN=SID Name: trusteddn1, Value: CN=SID Click "OK" button
4) Select cluster: Server -> Services -> Security Provider -> Runtime tab -> Policy Configuration -> Components: evaluate_assertion_ticket Select Authentication tab -> "EvaluateAssertionTicketLoginModule" Enter the following details: Name: ume.configuration.active, Value: true Name: trustedsys1, Value: SID,Client number Name: trustediss1, Value: CN=SID Name: trusteddn1, Value: CN=SID Click "OK" button Click Modify" button
23 of 33
4/14/2014 11:48 AM
G) Front end: Import the backend certificate 1) Select Cluster: Server -> Services -> Key Storage -> Runtime tab -> Views: TicketKeystore -> Entries: SAPLogonTicketKeypair-cert -> Click "Load" button
2) Select the "abap_back end_certificate.crt" that created from the backend system
24 of 33
4/14/2014 11:48 AM
3) The certificate imported successfully
4) Click "Yes" to exit the Visual Administrator
25 of 33
4/14/2014 11:48 AM
5) Restart the SAP system with sapmmc
H) Backend: Create and test the RFC connection 1) Execute TCODE: SM59 -> Select "TCP/IP Connection" -> Click "Create" icon
26 of 33
4/14/2014 11:48 AM
2) Enter RFC Destination: RFC_TO_PORTAL, Connection Type: T, Program ID: sapj2ee_port
3) Enter Gateway host = LU Name, Gateway service: sapgw00
27 of 33
4/14/2014 11:48 AM
4) Save and test the connection
28 of 33
4/14/2014 11:48 AM
5) Connection is ready
29 of 33
4/14/2014 11:48 AM
I) Login to portal 1) Execute TCODE: SOLMAN_WORKCENTER
2) The second layer authentication login screen will be bypass
30 of 33
4/14/2014 11:48 AM
3) That all for the SSO integration between backend system and front end portal Error importing Front end: Import the backend certificate (section G) 1) Sample error appear during the import process
2) Rename the filename to a shorter filename
31 of 33
4/14/2014 11:48 AM
3) The import of the certificate will be successful
Posted by Eddie Lee at 6:30:00 pm
Recom m end t hi s on G oogl e
Labels: Administration, Maintenance, Solution Manager, Troubleshooting
1 comment:
Anonymous Wednesday, February 12, 2014 6:09:00 pm Nice one...!! Thanks. Reply
32 of 33
4/14/2014 11:48 AM
33 of 33
4/14/2014 11:48 AM

SAP Basis For Beginner - How To Configure Single Sign On (SSO) Between SAP GUI (Backend System) and Portal (Front End)

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

SAP Basis For Beginner - How To Configure Single Sign On (SSO) Between SAP GUI (Backend System) and Portal (Front End)

Transféré par

Droits d'auteur :

Formats disponibles

SAP Basis For Beginner: How to configure Single Sign On (SSO) betwee...

3) Save the file on the backend server (SAP system)

4) Enter filename. Ex: portal_sid_certificate.crt

B) Backend: Create a user "SAPJSF"

3) Check "icm/host_name_full parameter" been configured correctly in Default profile

A B c b s A v " a to ( (b A (F " E R A W M F A A S " to c th A m S B O o S A v B A " to V A a " A F A T " to c th R

5) Click "Extended maintenance" and "Change" button

6) If the 2 parameters not available, Click the "Parameter" icon to create it

9) Make sure the parameters are correct

10) Save the profile

11) Restart the SAP system

12) Restart with sapmmc

13) Click "OK:

14) Wait for the reboot

C) Backend: Import the front end certificate created earlier

1) Execute TCODE: STRUSTSSO2

2) Click "Certificate" -> "Import"

3) Click 'Binary" and Select the portal certificate created earlier

4) Click the "tick" button

6) Certificate imported successfully

8) Enter System ID: J2E, Client: 000

9) New entry created at the Logon ticket section

10) Click "Save" button

D) Backend: Export certificate 1) Click the "Export" button

2) Select Authentication tab -> "com.sap.security.core.server.jaas.EvaluateTicketLoginModule" Click Modify" button

3) The certificate imported successfully

4) Click "Yes" to exit the Visual Administrator

5) Restart the SAP system with sapmmc

2) Enter RFC Destination: RFC_TO_PORTAL, Connection Type: T, Program ID: sapj2ee_port

3) Enter Gateway host = LU Name, Gateway service: sapgw00

4) Save and test the connection

I) Login to portal 1) Execute TCODE: SOLMAN_WORKCENTER

2) The second layer authentication login screen will be bypass

2) Rename the filename to a shorter filename

3) The import of the certificate will be successful

Posted by Eddie Lee at 6:30:00 pm

Recom m end t hi s on G oogl e

Labels: Administration, Maintenance, Solution Manager, Troubleshooting

Vous aimerez peut-être aussi