Set the following properties for the directory configuration
Please check the pre-requisites before you start the SSO configuration steps
0.1. E-Sourcing using the NetWeaver Java stack as the application server
0.2. Patched to E-Sourcing release 5.1 ( minimum SP05 , however it will work SP04 also)
0.3. Enterprise Portal 7.0 SP 15
0.4. User id's between the Enterprise Portal and ESO are identical.
0.5. Cookies enabled within browser.
0.6. IE6 or IE7.
0.7. Per note 1275398 , the user ids should be in small case
Here are the basic steps invloved in configuring the SSO between EP and ESO:
Export certificate from NW Enterprise Portal0.1.
Create the keystore directory in eSourcing server and put the portal certificate there0.1.
Generate the keystore in eSourcing server from the NW EP certificate0.1.
Set the fcisystem properites to adapt to the keystore settings0.1.
set the directory configuration in esourcing0.1.
Restart the ESO application0.1.
Test the SSOThe details provided below are from EP 7.0 and ESO 5.1 .
1.
Export certificate from NW Enterprise Portal
Log on to the EP , go to system Administration--> System Configuration --> Keystore Administration
Select SAPLogonTicketKeypair-cert
Download the verify.der file . Extract the zip file and rename the certificate as verify.crt
2. Create the keystore directory and copy the portal certificate to that location
In the esourcing server, set up the keystore directory under the FCI home directory.
Eg : let the FCI_HOME is /usr/sap/esourcing51 , set up the directory with name keystore under this . So the keystore location is /usr/sap/esourcing51/keystore.
This directory can be used to store certificates from multiple systems.
Now copy the verify.crt certificate to the keystore directory
3. Generate the keystore in eSourcing server from the NW EP certificate
Go to the Java Home directory and in the bin folder you will see the utlilty keytool which can be used to generate the keystore.
Suppose your JAVA_HOME is /usr/j2se , navigate to /usr/j2se/bin and execute the utility as follows:</p><p>keytool -import -alias <alias name> -file /< FCI_HOME>/keystore/verify.crt -keystore <name of keystore file></p><p> </p><p>The standard JDK keytool utility is used here to generate the keystore, it will prompt for the keystore password during generation and upon completion of the generation you will see the keystore file added to the keystore directory</p><p>!https://weblogs.sdn.sap.com/weblogs/images/251988140/keystore1.JPG|height=319|alt=image|width=653|sr...!" </p><p> </p><p> </p><p>4. Set the fcisystem properites to adapt to the keystore settings 5. Set the directory configuration in esourcing
To configure the local buy-side directory to activate the SSO ,lauch SAP E -Sourcing and go to setup -> Configuration-> Directory Configuration
Choose the active buy side configuration and Set the driver as ‘basic'
Enter the following in the authenticator field:
com.frictionless.usermgmt.security.ExtSAPNetWeaverAuthentication
Also check the following features :
Changeable password, expired passwords, New accounts, Browsing
In the controls , check ‘Browse using Stored Credentials'
Set the following properties for the directory configuration
9 Comments
| User | Count |
|---|---|
| 525 | |
| 263 | |
| 238 | |
| 234 | |
| 167 | |
| 157 | |
| 152 |
