Providing User Credentials with Single
Sign-On
Use
In order to ensure that CAF and SAP NetWeaver Portal services are available to one another in KM, you must first provide user credentials to each external service you are using. To do this, you use Single Sign-On (SSO2) authentication.
After a user has logged on, the J2EE system encodes user information using private signing keys and sets up a SSO2 logon ticket (cookie with encoded user credential). Other systems must have imported a signing certificate from each specific system in order to decrypt such information. Therefore, a signing certificate must be imported for each system that should be trusted.
Procedure
Exporting the CAF J2EE Signing Certificate
1. Logon to the CAF J2EE Visual Administrator tool.
2. Navigate to Global Configuration ® Services ® Key Storage ® Runtime ®TicketKeyStore ® SAP LogonTicketKeypair-cert.
3. Choose Export.
4. Save the certificate to a local directory as <CAF_J2EE_Machine_Name>_<System_ID>.crt.
Exporting the SAP NetWeaver Portal J2EE Signing Certificate
1. Logon to the SAP NetWeaver Portal J2EE Visual Administrator tool.
2. Repeat steps 2-4 as above; however in step 4, save the certificate with the name of the portal J2EE machine.
Importing the CAF J2EE Signing Certificate into the SAP NetWeaver Portal
1. Logon to the CAF J2EE Visual Administrator tool.
2. Navigate to Global Configuration ® Services ® Key Storage ® Runtime ®TicketKeyStore.
3. Choose Load.
4. Select the CAF certificate that was exported in step 4 of Exporting the CAF J2EE Signing Certificate above.
Importing the SAP NetWeaver Portal J2EE Signing Certificate into CAF
1. Logon to the SAP NetWeaver Portal J2EE Visual Administrator tool.
2. Repeat steps 2-4 as above; however, in step 4, select the SAP NetWeaver Portal certificate you exported in Exporting the SAP NetWeaver Portal J2EE Signing Certificate.