Configuring the AS ABAP for Issuing Tickets for Logon
Use
Use this procedure to enable SAP NetWeaver Application Server (AS) ABAP to issue tickets for authentication. There are two types of tickets:
-
Logon tickets
These tickets enable SSO for Web-based access.
-
Authentication assertion tickets
These tickets enable system-to-system communication on the behalf of a given user or service.
Prerequisites
-
You have configured the ticket-accepting system to trust the ticket-issuing system.
-
You have ensured the system clocks remain synchronized.
-
Users in the issuing and accepting systems have the same user IDs.
Procedure
-
Set the profile parameters on AS ABAP according to the table below.
|
Parameter |
Value |
Comment |
|---|---|---|
|
login/accept_sso2_ticket |
1 |
Set this parameter to enable the server to accept an existing logon or assertion ticket. |
|
login/create_sso2_ticket |
2 or 3 |
Enter the value 3 to enable the AS ABAP to issue authentication assertion tickets and no logon tickets. We recommend you use this value. Enter the value 2 to enable the AS ABAP to issue logon and assertion tickets. Use this value if you use legacy systems that require you to use logon tickets. |
|
login/ticket_expiration_time |
Required value |
Default = 8 hours (logon tickets only) |
For more information, see the documentation provided for the profile parameters in transaction RZ11.