Configure Single Sign-On in SAP Solution Manager of Partner

A partner provides an SAP Solution Manager to which a customer can log on in single sign-on mode by using a certificate.

This section describes configuring single sign-on by using a certificate from SAP Service Marketplace.

Note Note

Some activities are performed by the partner and some activities are performed by the customer.

End of the note.

In the system running SAP Solution Manager, call the ICM Monitor (transaction SMICM) and choose Sevices.
Check whether HTTPS is available and active.
To set up HTTPS, call Maintain Profile Parameter (transaction RZ10), and enter the system profile name.
Select Instance profile, and in the Edit Profile screen area, select Extended Maintenance and choose Change.
The Maintain Profile screen appears.
Choose New Parameter.
Enter the following data:
Parameter name: icm/server_port_<free number>

Parameter values:
- PROT = HTTPS
- PORT = <free port, for example 420$$>
- TIMEOUT = <number, 240 is default>
- PROCTIMEOUT = <number, 600 is default>
Save your entries.
Restart the system.
To check whether HTTPS is available and active, call the ICM Monitor (transaction SMICM) and choose Sevices.

Note
If HTTPS is not active, the row is yellow and the Actv column is empty.

End of the note.
To activate HTTPS, call Trust Manager (transaction STRUST) and select SSL service Standard. In the context menu, choose Create.
The Create PSE screen appears.
Confirm the default entries.
The SSL server is active.

The partner performs this activity to retrieve the Certification Authority (CA) and to test single sign-on.

The customer performs this activity to activate single sign-on.

In the browser, enter https://service.sap.com/sso-smp.
The Applying for an SAP Passport browser popup window appears.
Enter the S-user password and confirm your entries.

The certificate is installed in your browser.

For more information about browser settings for single sign-on, in the Applying for an SAP Passport screen, see Applying for an SAP Passport - Background (http://service.sap.com/~sapidb/002006825000000038452001/).

Prerequisite: The partner has a certificate for an S-user from SAP Service Marketplace.

Open the browser with which you call the SAP Solution Manager WebClient UI.
Save the SAP Passport CA in format X.509 (CER).

Note
Depending on the browser version, there are different ways to save the certificate. For more information, refer to the browser documentation.

End of the note.
To import the certificate, in the SAP Solution Manager system, call Trust Manager (transaction STRUST) and under SSL server Standard, select the server.
The SSL server Standard screen appears.
Choose Import Certificate.
The Import Certificate screen appears.
In the File tab page, upload the certificate in Base64 format, and save your entries.
In the SSL server Standard screen, choose Add to Certificate List.

In the SAP Solution Manager system, call ABAP Editor (transaction SE38) and call report RSUSREXTID.
Enter the following parameters:
- User: <S-user from SU01 for which you want to enable the logon with the s-user certificate>
- External ID type: DN
- Prefix of External Name: CN=
- Suffix of External Name: , OU=SAP Service Marketplace, O=SAP Trust Community, C=DE
- Make sure that Test Mode is deselected.
- Execute the report.

For more information, see SAP Note 1531399.

In the SAP Solution Manager system, call Maintain Services (transaction SICF).
In Service Name, enter the service for which you want to configure SSL and execute the transaction.
Choose the service.
In the Logon Data tab page, in the Security Requirement screen area, select SSL.
Save your entries.

The S-user can log on in single sign-on mode by using the SAP Certificate.