Configuring SAP Web AS ABAP to Accept Logon Tickets from the J2EE Engine
If you want to use Single Sign-On between the J2EE Engine and an SAP Web AS ABAP system, then you must configure the corresponding SAP Web AS ABAP application server to accept logon tickets accordingly.
The public-key certificate to use for verifying the J2EE Engine’s digital signature is available as a file in the file system. It must exist either in base 64 or in DER format.
The J2EE Engine uses a self-signed public-key certificate for digitally signing logon tickets. It is located in the TicketKeystore entry in the Key Storage service. For more information, see Managing Entries.
On the SAP Web AS ABAP application server:
1. Set the profile parameter login/accept_sso2_ticket = 1. Set login/create_sso2_ticket = 0 unless the server should also be able to issue tickets. (Use DEFAULT.PFL.)
2. For Releases 4.0 and 4.5, also set the profile parameter SAPSECULIB to the location (path and file name) of the SAP Security Library (or SAP Cryptographic Library).
3. Add the J2EE Engine’s public-key certificate to the corresponding certificate list.
¡ For Releases >= 6.10, use the trust manager (transaction STRUST or STRUSTSSO2). Import the J2EE Engine’s public-key certificate into the PSE that is used for logon tickets. Per default this is the System PSE.
In the following cases a PSE other than the System PSE is used:
· If the system has been upgraded from a Release <= 4.6B, then the PSE used for logon tickets is the SAPSSO2 PSE.
· If you have defined an explicit PSE to use for logon tickets, then this PSE (as specified in the table SSFARGS) is used.
¡ For Releases <= 4.6D, use the transaction PSEMAINT.
4. Add the J2EE Engine’s information to the access control list:
5. Enter the J2EE Engine’s system ID and its Distinguished Name from the certificate found in the TicketKeystore entry. For the client, see Determining the Client to Use for the J2EE Engine.
○ For Releases >= 6.10, use the transaction STRUSTSSO2.
○ For Releases <= 4.6D, use table maintenance (transaction SM30) to edit the table TWPSSO2ACL.
The following content is not part of SAP product documentation. For more information, see the following disclaimer .