Setting Up Trust Between SAP
Systems 
Depending on the types of systems your organization supports, your system landscape may comprise several SAP systems.
To facilitate the
seamless flow of user authentication from system to system by means of SAP
logon tickets, you need to establish a trust relationship between the various
J2EE Engine components running on each system. For detailed information, see
Configuring
the J2EE Engine to Accept Logon Tickets.
Implementation
When you set up the trust relationship in a multitenant portal environment, you need to configure an additional parameter (tenant<x>) for each tenant in the EvaluateTicketLoginModule module, whereby tenant<x>=tenant name. See the bolded parameters in the example below.
This parameter allows any ticket-issuer system (ABAP or Java) that is not the tenant user store system (for example, BI-ABAP and HR-ABAP), to include the tenant information of each user in the logon ticket. This information is necessary for the J2EE Engine running the multitenant portal to determine the complete user ID and the user's tenant. Without this information, the J2EE Engine will not accept the logon ticket for a tenant user.
Example
If the login module options for EvaluateTicketLoginModule are defined as follows, any user who signs on with a logon ticket issued by system ABC,100 will be identified as user of tenant TenantA. Any user who signs on with a logon ticket issued by system J2E,000 will be identified as user of tenant TenantB.
Parameter Name |
Value |
tenant1 |
TenantA |
trustedsys1 |
ABC, 100 |
trustediss1 |
CN=ABC, O=MyCompany, C=US |
trusteddn1 |
CN=ABC, O=MyCompany, C=US |
tenant2 |
TenantB |
trustedsys2 |
J2E, 000 |
trustediss2 |
CN=J2E, O=MyCompany, C=US |
trusteddn2 |
CN=J2E, O=MyCompany, C=US |
ume.configuration.active |
true |