To integrate SAP NetWeaver Application Server (AS) ABAP in Single Sign-On (SSO) environments, you must configure your systems to accept and verify the logon tickets issued by other systems in your SSO landscape.
Accepting systems must be able to verify logon tickets and the digital signature of the issuing server. The accepting system requires the following information for verification:
The system should only accept logon tickets issued from a trusted server. Therefore, the identity of the trusted server must be entered in the SSO access control list of the accepting system.
The system must be able to verify the digital signature of the issuing server.
For this purpose, the accepting system needs access to the public-key information of the issuing server, which must be entered in the certificate list of the accepting system.
The system must know where the information is stored that it uses to verify the digital signature of the issuing server. The file name and location where this information is stored (the server's designated SSO PSE) is release-dependent.
For more information, see Using Logon Tickets with AS ABAP.
The procedure to configure the AS ABAP to accept logon tickets depends on whether the issuing server is an AS ABAP or AS Java.
For more information, see the following:
Accepting Logon Tickets Issued by an AS Java System