Sap Single Sign On Certificate



This presentation introduces the SAP portfolio for compliant identity and access management. The SAP Single Sign-On solution and its benefits are explained in detail. Various scenarios covered by the solution are outlined. In addition, recommendations and best practices for your single sign-on project are provided. View this Presentation. How to install an SAP Passport How to use single sign-on for S-User logins Why am I getting repeated login prompts? How to prevent having to log in over and over How to install an SAP Passport browser certificate How to add the SAP Passport Enable Single Sign-On tile. SAP Knowledge Base Article.

Symptom

  • How to install an SAP Passport
  • How to use single sign-on for S-User logins
  • Why am I getting repeated login prompts?
  • How to prevent having to log in over and over
  • How to install an SAP Passport browser certificate
  • How to add the SAP Passport Enable Single Sign-On tile
  • Getting prompted multiple times for S-User ID and password
  • Can I use a SAP Passport when I have more than one S-User ID?
  • Why do I have to enter my user name and password multiple times?
  • Is there a way to login automatically without having to manually enter S-User ID and Password?

Read more...

Environment

  • SAP Support Portal
  • SAP ONE Support Launchpad
  • SAP Passport application
Certificate

Keywords

sso, X.509, single sign on, single signon certificate, Single Sign-on, SMP, IE, Chrome, Firefox , logins , credentials , passwords , password , sap trust center , digital client certificate , Simplify my login , SSO certificate , single sign-on certificate , repeated logins , not accepting password , can't log in , expiration , expire , Ablauf des Passwortes , Gültigkeit des Passwortes , S-User Passport , S-User Zertifikat , valid , validation , , KBA , xx-ser-sapsmp-swc , download error , a download error has occurred , download center , XX-SER-SAPSMP-LAUNCH , SAP Support Portal Launchpad , XX-SER-SAPSMP-USR , User Administration , XX-SER-TCS , SAP Trust Center Service , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.

Configure the SSO (Single sign on) for Portal

How to configure the SSO (Single sign on) for Portal? What are the steps needs to be taken?

By: Kamakshi

Single Sign On with Portal to SAP Backend Systems

Single Sign On (SSO) is good documented in the SAP world. This guide to give you a complete working example of how you can enable SSO in your environment.

Step 1 - Setting the logon method as Single Sign on

1.1 Log in to your Portal as a System Administrator.

1.2 Choose System Administration --> System Configuration --> System Landscape

1.3 Find the system you want to assign Single Sign on to and open it

1.4 Choose User Management as Property Category

1.5 Set Logon Method to SAPLOGONTICKET

What we have done now is to set the system you want to use as a Single Sign On logon method. Do this to each system you want to connect.

Step 2 - Create a Portal Certificate

1.1 Log in to the Visual Administrator

1.2 Choose Server --> Services --> KeyStorage --> TicketKeystore

1.3 Delete SAPLogonTicketKeypair-cert and SAPLogonTicketKeypair

Sap Single Sign-on With X.509 Certificates

1.4 Choose Create (Create button in the Entry field) and
type in the following information:
a. mark Store Certificate
b. Common Name: Your <SID> (just example)
c. Entry Name: SAPLogonTicketKeypair
d. Store Certificate: Mark it
e. Key Length: 1024
f. Algorithm: DSA
g. Press Generate

Now you will have two entries in the TicketKeyStore:

SAPLogonTicketKeypair
SAPLogonTicketKeypair-cert

Step 3 - Export the Portal certificate

3.1 Choose Server --> Services --> KeyStorage --> TicketKeystore

Sap Single Sign On Certificate Form

3.2 Choose SAPLogonTicketKeypair-cert and press Export (Export button in the Entry field)

a. Fill in a name of the Certificate
To keep track of your certificate, call it the SID of the Portal

b. Choose either X.509 or Base64 Encoded Format

Step 4 - Import the Portal certificate to the Backend System

4.1 Log in to the Backend System
In my example, I log in to ERP 2004

4.2 Run transaction STRUSTSSO2

Sap Single Sign On Portal

4.3 Press Import Certificate (Button in the Certificate field)

Sap Single Sign On Certificate

Single Sign On Sap

a. Open the generated certificate from step 3 with the right file format that you choosed in step 3.4

4.5 Press Add to Certificate List button (Button in the Certificate field)

Sap Single Sign On Certificate

4.6 Press Add to ACL button (Button in the Certificate field)

a. Enter the <SID> of your Portal

b. Enter Client 000

4.7 Press Save

Step 5 - Export the Backend certificate to your Portal

5.1 You are still in the transaction STRUSTSSO2. Doubleclick the Owner Certificate and choose Export and store in on the file system

5.2 Log into Visual Administrator
Choose Server --> Services --> KeyStorage --> TicketKeystore and press Load and choose the Certificate

5.3 Set the Backend System as 'ACL' in the Portal
Choose Server --> Services --> Security --> Provider --> Ticket

Choose the Authentication tab and add the following on the com.sap.security.core.server.jass.EvaluateTicketLoginModule:

trustedsys<Number>=<ABAP_SID>, <CLIENT> (for example, ABA, 200)

trustediss<Number>=<ISSUER_DISTINGUISHED_NAME> (for example, CN= ABA)

trusteddn<Number>=<SUBJECT_DISTINGUISHED_NAME> (for example, CN=ABA)

You have set up a trusted relationship between your portal and the backend system. To do so with several system, run this guide again from step 4

Get help for your Basis problems
Do you have a SAP Basis Question?

SAP Basis Admin Books
SAP System Administration, Security, Authorization, ALE, Performance Tuning Reference Books

SAP Basis Tips
SAP BC Tips and Basis Components Discussion Forum

Sap single sign on certificate sample

Administration In SAP - Sapgui, Unix, SAP ITS, Router, Client Copy and IDES

Best regards,
SAP Basis, ABAP Programming and Other IMG Stuff
http://www.erpgreat.com

All the site contents are Copyright © www.erpgreat.com and the content authors. All rights reserved.
All product names are trademarks of their respective companies. The site www.erpgreat.com is in no way affiliated with SAP AG.
Every effort is made to ensure the content integrity. Information used on this site is at your own risk.
The content on this site may not be reproduced or redistributed without the express written permission of
www.erpgreat.com or the content authors.