Configuring the System to Accept Logon Tickets 

Accepting systems need to be able to verify the logon tickets and the issuing server’s digital signature. The following information is necessary for the verification:

·        The system should only accept logon tickets issued from a trusted server. Therefore, the identity of the trusted server needs to be entered in the accepting system’s SSO access control list.

·        The system must be able to verify the issuing server’s digital signature. If the issuing server possesses a public-key certificate that is signed by the SAP CA, the accepting system can verify the issuing server’s digital signature without needing any additional information. However, if the certificate is a self-signed certificate, then the accepting system needs access to the issuing server’s public-key information, which needs to be entered in the system’s certificate list.

·        The system needs to know where the information is stored that it uses to verify the issuing server’s digital signature. The file name and location where this information is stored (the server’s designated SSO PSE) is release-dependent. See SSO Personal Security Environment (SSO PSE) for the file name and location of the SSO PSE according to release.

If the ticket issuer is an SAP Web AS ABAP, then you can use the SSO administration wizard to configure the system accordingly. Otherwise, you have to perform several steps manually. Therefore, see the following topics for the exact procedures to use:

·        Configuring the System to Accept Logon Tickets from SAP Web AS ABAP

·        Configuring SAP Web AS ABAP to Accept Logon Tickets from the J2EE Engine