For authentication with SAP NetWeaver that allows for Single Sign-On to other systems as well, you can use logon tickets. One system in the landscape should be set up to issue logon tickets to users. Users log on initially to this system to obtain an logon ticket and then can use the logon ticket to access the other SAP systems in the landscape.
Tasks on Demand
Most of the administrative tasks for using logon tickets are also configuration, however, there are some tasks that occasionally need to be done. See the table below.
Administrative Tasks when Using Logon Tickets
Reason |
Task |
More Information |
Renewing the system's public-key certificate |
AS ABAP : Use the trust manager (transaction STRUST) to regenerate the PSE used for logon tickets. AS Java : Use the Key Storage service to create a new key pair for the J2EE Engine. AS ABAP and AS Jav a: Import the new public-key certificate into ticket-accepting systems. On the ABAP server, use the transaction STRUSTSSO2. On the AS Java, use the Key Storage service. If you changed the server's Distinguished Name, then also maintain the ACLs in the ticket-accepting systems. |
AS ABAP : Creating or Replacing a PSE Per default, the PSE used for logon tickets is the system PSE, but there may be cases where you use a different PSE. For more information, see: Configuring the AS ABAP for Issuing Logon Tickets . AS Java : Replacing the Key Pair to Use for Logon Tickets Both AS ABAP and AS Java for importing the public-key certificate into the ticket-issuing systems and maintaining the ACL: |
Adding a new system to the landscape |
Configure the new system to accept logon tickets by importing the ticket-issuing server's public-key certificate and maintaining the ACL. |
AS ABAP : Accepting Logon Tickets Issued by another AS ABAP |
See also: