Single Sign-On for SAP Shortcuts
SAP NetWeaver enables you to configure SSO to an AS ABAP system from the SAP Enterprise Portal. You can use these functions to enable integrated access from the portal to ABAP transactions available in the SAP GUI.
We recommend using SAP Single Sign-On instead of logon tickets for this scenario. This scenario does not support SNC Client Encryption.
For more information, see the documentation for SAP Single Sign-On.
For this scenario, the portal and the AS ABAP system use logon tickets to enable SSO. The logon ticket is passed to the SAP shortcut using a portal iView.
For an overview of the authentication process flow, see the following figure.
-
Users have the same user ID in all of the systems they access using the logon ticket. Passwords do not have to be the same in all systems.
-
The Web browsers used for accessing the portal can accept cookies. For example, in Internet Explorer 5.0 you can configure the Web browser to accept session cookies for the local intranet zone.
-
The ticket accepting AS ABAP system is located in the same DNS domain as the ticket issuing server system.
-
The clocks of the ticket accepting and issuing systems must be synchronized. If you do not synchronize the clocks, then the accepting system may receive a logon ticket that is not yet valid, resulting in an authentication error.
-
The ticket issuing server must possess a public-key certificate and a public and private key pair to digitally sign the logon ticket.
-
The UME of the Portal and back-end AS Java systems use the same user store as the AS ABAP system.
-
Configure component systems to accept portal logon.
-
Restart the AS ABAP.