Definition
The Personal Security Environment (PSE) used for Single Sign-On when using logon tickets for user authentication.
Use
The issuing server uses the information contained in its SSO PSE to digitally sign users' logon tickets.
The accepting systems use the information contained in their SSO PSEs to verify the issuing server's digital signature when users present their logon tickets for access to the systems.
Structure
The SSO PSE contains the security information needed to create or verify the issuing server‘s digital signature.
On the issuing server, this information includes:
On the accepting systems, this information includes:
Integration
Each application server in a system that issues or accepts logon tickets needs access to the SSO PSE. Depending the system‘s release, the location of the SSO PSE is determined as shown in the table below.
Location of SSO PSEs
Server |
Release |
Name |
Location |
Comment |
Accepting servers |
< 4.6C |
SAPSSO2.pse |
Directory specified in the profile parameter DIR_PROFILE |
|
Issuing or accepting servers |
>= 4.6C |
SAPSYS.pse |
<instance directory>/sec |
In this case, the SSO PSE is the system PSE. |