Show TOC

Administration When Using Logon TicketsLocate this document in the navigation structure

Use

For authentication with SAP NetWeaver that allows for Single Sign-On to other systems as well, you can use logon tickets. One system in the landscape should be set up to issue logon tickets to users. Users log on initially to this system to obtain an logon ticket and then can use the logon ticket to access the other SAP systems in the landscape.

Tasks on Demand

Most of the administrative tasks for using logon tickets are also configuration, however, there are some tasks that occasionally need to be done. See the table below.

Administrative Tasks when Using Logon Tickets

Reason

Task

More Information

Renewing the system's public-key certificate

AS ABAP : Use the trust manager (transaction STRUST) to regenerate the PSE used for logon tickets.

AS Java : Use the Key Storage service to create a new key pair for the J2EE Engine.

AS ABAP and AS Jav a: Import the new public-key certificate into ticket-accepting systems. On the ABAP server, use the transaction STRUSTSSO2. On the AS Java, use the Key Storage service.

If you changed the server's Distinguished Name, then also maintain the ACLs in the ticket-accepting systems.

AS ABAP : Creating or Replacing a PSE

Per default, the PSE used for logon tickets is the system PSE, but there may be cases where you use a different PSE. For more information, see: Configuring the AS ABAP for Issuing Logon Tickets .

AS Java : Replacing the Key Pair to Use for Logon Tickets

Both AS ABAP and AS Java for importing the public-key certificate into the ticket-issuing systems and maintaining the ACL:

Adding a new system to the landscape

Configure the new system to accept logon tickets by importing the ticket-issuing server's public-key certificate and maintaining the ACL.

AS ABAP : Accepting Logon Tickets Issued by another AS ABAP

AS ABAP : Accepting Logon Tickets Issued by the AS Java

AS Java : Configuring the AS Java to Accept Logon Tickets

See also:

Logon Tickets