Use
For authentication on the SAP Web AS that allows for Single Sign-On (SSO) to other systems as well, you can have the system issue logon tickets to the users. The user can then access other systems using the logon ticket as the authentication token instead of having to repeatedly enter his or her user ID and password.
Prerequisites
In Internet Explorer 5.0, accept session cookies for the local intranet zone.
SAP System application servers (to include the SAP Web AS) receive a key pair and a self-signed public-key certificate during the installation process. As an alternative, you can obtain a certificate signed by the SAP Certification Authority (SAP CA).
Depending on the type of certificate you use, the server's certificate is either sent with the logon ticket to the accepting system or the information is entered in the accepting system's certificate list. We provide a configuration tool, the SSO administration wizard (transaction SSO2), that automatically establishes the appropriate configuration for the accepting system.
Activities
In the following, we describe the processes when the issuing or accepting server is an SAP Web AS. Note however, depending on the scenario you use, other server components may act as the issuer or acceptor.
Receiving a Logon Ticket from the SAP Web AS
Using the Logon Ticket to Access the SAP Web AS as an Accepting System
When the user accesses the SAP Web AS as an accepting system:
If the ticket is valid and has been issued by a trusted server, then the user is granted access to system.