Accepting Logon Tickets Issued by SAP NetWeaver AS for Java

To use Single Sign-On between SAP NetWeaver AS for Java and SAP NetWeaver AS for ABAP with logon tickets issued by SAP NetWeaver AS for Java, configure the corresponding SAP NetWeaver AS for ABAP to accept logon tickets.

Prerequisites

The public-key certificate to use for verifying the digital signature of the SAP NetWeaver AS for Java is available as a file in the file system. The certificate must exist either in base 64 or in DER format.

Context

If your SAP NetWeaver AS for ABAP is integrated in a System Landscape Directory, you can configure SAP NetWeaver AS for ABAP to accept logon tickets from the Trusted Systems functions of the SAP NetWeaver Administrator.

Procedure

Set the profile parameter login/accept_sso2_ticket = 1.

Note

Set login/create_sso2_ticket = 2 if the server should also be able to issue tickets. (Use DEFAULT.PFL.)

See also SAP Note 1562004 .
Add the public-key certificate of the SAP NetWeaver AS for Java to the corresponding certificate list.
Use the trust manager (transaction STRUST or STRUSTSSO2). Import the public-key certificate of SAP NetWeaver AS for Java into the PSE that is used for logon tickets. By default this PSE is the System PSE.
Note

In the following cases a PSE other than the system PSE is used:
- If the system has been upgraded from a Release <= 4.6B, then the PSE used for logon tickets is the SAPSSO2 PSE.
- If you have defined an explicit PSE to use for logon tickets, then this PSE (as specified in the table SSFARGS) is used.
Use transaction STRUSTSSO2 to add the information of the SAP NetWeaver AS for Java to the access control list.

Enter the system ID (SID) and Distinguished Name from the certificate found in the TicketKeystore entry of SAP NetWeaver AS for Java.

For the client, see the value of the UME property login.ticket_client of SAP NetWeaver AS for Java.