Showing results for 
Search instead for 
Did you mean: 

what are the problem you face in sso when u do that?

Former Member
0 Kudos

plz let me know hte ans for this quesion?

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Anandan,

I can give you the steps for establishing sso.

1.Set the profile parameter login/accept_sso2_ticket = 1. Set login/create_sso2_ticket = 0 unless the server should also be able to issue tickets. (Use DEFAULT.PFL). Remember you need to talk to the ever helpful basis person to get this done.

2.Download certificate from the Web AS (OR) Enterprise Portal. (Talk to your Web AS administrator or the EP System Administrator)

Web AS:

In the Visual Administrator, press on "Export" button "Server -> Services -> Key Storage -> Ticket Keystore -> SAP Logon Ticket Key Pair-Cert" Enterprise Portal:

Press on button "Download verify.der File" - navigate using link given below. "System Administration -> System Configuration -> Keystore Administration-> SAP Logon Ticket Key Pair-Cert"

3.Go to transaction "STRUSTSSO2", add the certificate (Talk to your ABAP Basis person again)

4.Add to the ACL. You have to enter the WPS System and the WPS Client. WPS System: <Instance Name> - click on the certificate and take the "Issued By" value WPS Client: Enter this as "000" (3 Zeroes)

5.If you want to allow access to more than one client using the digitally signed certificates then you need to log into the R/3 system in that client and add to ACL alone again.

6.Create the equivalent user IDs in WebAS/EP as in the R/3. If you don't want to create as many equivalent users then do "User Mapping" (Refer to Help portal). But then to begin with I suggest you to create corresponding users even if you are enabling SSO for many users.

7.In the "Webdynpro Content Administrator" Change JCO connection settings accordingly: I. Set Model data logical destination to UseSSO. II. Set Metadata logical destination to DefinedUser (because metadata is common for all users)

During runtime only the user IDs in the UME and the R/3 are verified. If they are the same then it would allow access as per the authorization for that user in the R/3 system. So the passwords can be different.

Warm Regards,