How to configure SSO between ABAP and portal, Create an iview, open ABAP GUI using portal

         

 

ABAP-JAVA SSO Configuration &LDAP Authentication to ABAP using portal

     

ContentsABG BSLI SSO Configuration

SAP Server details

SAP System installation

Configure portal

Direct iview links to open the SAP system based on the AD user ID and password

Unlocking users on Java

Starting/Stopping server          

      

Scenario We have an existing ERP system where users login with their current SAP ID and password. They would like to be able to login with their LDAP ID and password to SAP, however, would like the password to be provided at least once. Hence they do not want an SSO using SNC or windows authentication.  

SolutionSince the SSO shouldn’t happen and they should still be able to logon with their LDAP ID and password. One of the solution is to have a Portal installed where users can use their LDAP ID and password to logon and configure SSO between Portal and ABAP server. So the solution steps are as below – 

1)    Install Java engine/Portal2)    Configure portal to be authenticated using LDAP (e.g. LDAP UME datasource

configuration)3)    Configure SSO between ABAP and Portal4)    Create Iviews to call ABAP Gui5)    Provide link to users to access ABAP Gui while providing their LDAP ID and

password on the portal. 

Portal installation (Windows/SQL Server)  

1)    Install SQL Server E:Software51044827x86-x64-IA64EnterpriseEdition execute setup.exe 

Complete pre-requisite check - 

 Provide Product key - GYF3T-H2V88-XXXXX-XXXXX-QRTYB   

 

 

 

  

                 

            

 

                

2)    Install Portal 

 

 

       

Swap size should be of at least 20 GB

Changed the swap size

 

  

 

 

 

  

 

Password set to -  pass1234 

 

 

 

             

 

  

  

       

 

  

 

 

 

 Password is set to - pass1234! 

          

     

                    

Configure portal

 Configure the UME –Open url –http://XXXXX:50000/useradmin

And click on the configuration button and set the values as per the screenshot below – 

 

 Create System under system management –

1)    Start the wizard

 2)    Provide necessary values to the wizard and continue

 

 

 

   

   Create Necessary iviews –

 1)    Start the iview

wizard  

2)    Provide the system details and the transaction details and click go  – 

  

  

3)    Choose the transaction and click on “start upload” –

4)    Click Finish upon successful upload –  

  

5)    Change the ID of object as per the required naming convention – here AXD_SYSTEM_SHORT 

   Click Next on the ID change wizard

  Provide the required details and click Finish –  

 6)    The iView is renamed as required –

  Set the permissions for system and iviews – 

1)    Uner the permissions section of all the above created obejcts, add additional role “everyone” as per the screenshots below – 

   

 Configure ABAP & Java System Certificates – 

1)    Logon to Netweavar administrator using url – http://XXXX.com:50000/nwa

2)    Under configuration tab choose “Certification and Keys” 

3)    Choose “TicketKeystore”

 4)    Choose Certificate pair and click

export 

5)    Download the file to desired location 

 

6)    Export ABAP certificatie by logging on to 000 client and running transaction code Strustsso2 

7)    Choose the system certificate and click export

8)    Save the file to desired locaiton

 

9)    Import the Java certificate by choosing the file 

 

 10)  Add the Java certificate to certificate list and ACL  by clicking the respective

buttons -

11)  Add the Java certificate to ACL in other clients e.g. 100, 110, 120

  

12)  Import ABAP Certificate into Java system under Configuration -> Certificate & Keys -> Ticket Store 

 

 

     Direct iview links to open the SAP system based on the AD user ID and password  Sample -http://XXXXXX:50000/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fXXX!

2fSESSION_MANAGER_AXD_SHORT?sap-config-mode=true 

Portal Side: dowload certificate you need to select from Ticketkeystore by login to SAP Netweaver Administrator

ABAP Side : Create SNC SAPCryptolib PSE with STRUST TCode in 000 ClientUpdate below profile paramterslogin/create_sso2_ticket=2login/accept_sso2_ticket=1icm/host_name_full= 

Check Single Sign-On. Go to http://:/irj/portal

Click on System Administration �> Support ->Application Integration and Session Management -> Test and Configuration tools

Click on Tool -> Select Transaction and Click on run

Click System -> Select System that you created earlier and Enter any transaction code it should display ABAP Screen