How to Configure SSO Between ABAP and Portal
description
Transcript of How to Configure SSO Between ABAP and Portal
How to configure SSO between ABAP and portal, Create an iview, open ABAP GUI using portal
ABAP-JAVA SSO Configuration &LDAP Authentication to ABAP using portal
ContentsABG BSLI SSO Configuration
SAP Server details
SAP System installation
Configure portal
Direct iview links to open the SAP system based on the AD user ID and password
Unlocking users on Java
Starting/Stopping server
Scenario We have an existing ERP system where users login with their current SAP ID and password. They would like to be able to login with their LDAP ID and password to SAP, however, would like the password to be provided at least once. Hence they do not want an SSO using SNC or windows authentication.
SolutionSince the SSO shouldn’t happen and they should still be able to logon with their LDAP ID and password. One of the solution is to have a Portal installed where users can use their LDAP ID and password to logon and configure SSO between Portal and ABAP server. So the solution steps are as below –
1) Install Java engine/Portal2) Configure portal to be authenticated using LDAP (e.g. LDAP UME datasource
configuration)3) Configure SSO between ABAP and Portal4) Create Iviews to call ABAP Gui5) Provide link to users to access ABAP Gui while providing their LDAP ID and
password on the portal.
Portal installation (Windows/SQL Server)
1) Install SQL Server E:Software51044827x86-x64-IA64EnterpriseEdition execute setup.exe
Complete pre-requisite check -
Provide Product key - GYF3T-H2V88-XXXXX-XXXXX-QRTYB
2) Install Portal
Swap size should be of at least 20 GB
Changed the swap size
Password set to - pass1234
Password is set to - pass1234!
Configure portal
Configure the UME –Open url –http://XXXXX:50000/useradmin
And click on the configuration button and set the values as per the screenshot below –
Create System under system management –
1) Start the wizard
2) Provide necessary values to the wizard and continue
Create Necessary iviews –
1) Start the iview
wizard
2) Provide the system details and the transaction details and click go –
3) Choose the transaction and click on “start upload” –
4) Click Finish upon successful upload –
5) Change the ID of object as per the required naming convention – here AXD_SYSTEM_SHORT
Click Next on the ID change wizard
Provide the required details and click Finish –
6) The iView is renamed as required –
Set the permissions for system and iviews –
1) Uner the permissions section of all the above created obejcts, add additional role “everyone” as per the screenshots below –
Configure ABAP & Java System Certificates –
1) Logon to Netweavar administrator using url – http://XXXX.com:50000/nwa
2) Under configuration tab choose “Certification and Keys”
3) Choose “TicketKeystore”
4) Choose Certificate pair and click
export
5) Download the file to desired location
6) Export ABAP certificatie by logging on to 000 client and running transaction code Strustsso2
7) Choose the system certificate and click export
8) Save the file to desired locaiton
9) Import the Java certificate by choosing the file
10) Add the Java certificate to certificate list and ACL by clicking the respective
buttons -
11) Add the Java certificate to ACL in other clients e.g. 100, 110, 120
12) Import ABAP Certificate into Java system under Configuration -> Certificate & Keys -> Ticket Store
Direct iview links to open the SAP system based on the AD user ID and password Sample -http://XXXXXX:50000/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fXXX!
2fSESSION_MANAGER_AXD_SHORT?sap-config-mode=true
Portal Side: dowload certificate you need to select from Ticketkeystore by login to SAP Netweaver Administrator
ABAP Side : Create SNC SAPCryptolib PSE with STRUST TCode in 000 ClientUpdate below profile paramterslogin/create_sso2_ticket=2login/accept_sso2_ticket=1icm/host_name_full=
Check Single Sign-On. Go to http://:/irj/portal
Click on System Administration �> Support ->Application Integration and Session Management -> Test and Configuration tools
Click on Tool -> Select Transaction and Click on run
Click System -> Select System that you created earlier and Enter any transaction code it should display ABAP Screen