Using Transaction STRUSTSSO2 in SAP System >= 4.6C (SAP Library

Using Transaction STRUSTSSO2 in SAP System >= 4.6C

Procedure

Import public-key certificate of Portal Server to component system's certificate list and add Portal Server to ACL of component system

Both of these steps can be performed with transaction STRUSTSSO2, which is an extended version of transaction STRUST. For detailed documentation on transaction STRUST, see the Web Application Server documentation under Security ® Trust Manager.

Note that if you want to connect more than one Portal Server to the SAP System, you must configure one of the Portal Servers as described in Using More Than One Portal.

1. In the SAP System, start transaction STRUSTSSO2.

A screen with the following layout appears.

The PSE status frame on the left displays the PSEs that are defined for the system.

The PSE maintenance section on the top right displays the PSE information for the PSE selected in the PSE status frame.

Below that, the certificate section displays certificate information for a certificate that you have selected or imported.

The Single Sign-On ACL section on the bottom right displays the entries in the ACL of the system.

Note that the layout of the transaction will vary slightly, depending on the release of the SAP System.

2. In the PSE status frame on the left, choose the system PSE.

3. In the certificate section, choose Import Certificate.

The Import Certificate screen appears.

4. Choose the File tab.

5. In the File path field, enter the path of the verify.der file on the Portal Server. Typically this is <servlet-engine>\irj\WEB-INF\plugins\portal\services\usermanagement\data.

6. Set the file format to DER coded and confirm.

7. In the Trust Manager, choose Add to PSE.

8. Choose Add to ACL, to add the Portal Server to the ACL list.

9. In the dialog box that appears, enter 'WP3' as System ID and '000' as Client. These are the default values for these parameters.

Normally you only need to change these default values if you are entering more than one Portal Server in the ACL. For more information, see Using More Than One Portal.

The other values are taken from the certificate.

10. Save your entry.

11. Do not forget to set profile parameters and ITS service parameters as described in Configuring SAP Systems to Accept and Verify SAP Logon Tickets.

Result

The SAP component systems are able to accept SAP logon tickets and verify the Portal Server's digital signature when they receive a logon ticket from a user.