Administration When Using Logon Tickets 
For authentication with SAP NetWeaver that allows for Single Sign-On to other systems as well, you can use logon tickets. One system in the landscape should be set up to issue logon tickets to users. Users log on initially to this system to obtain an logon ticket and then can use the logon ticket to access the other SAP systems in the landscape.
Tasks on Demand
Most of the administrative tasks for using logon tickets are also configuration, however, there are some tasks that occasionally need to be done. See the table below.
Administrative Tasks when Using Logon Tickets
Reason |
Task |
More Information |
Renewing the system’s public-key certificate |
ABAP: Use the trust manager (transaction STRUST) to regenerate the PSE used for logon tickets. J2EE Engine: Use the Key Storage service to create a new key pair for the J2EE Engine. Both ABAP and J2EE Engine: Import the new public-key certificate into ticket-accepting systems. On the ABAP server, use the transaction STRUSTSSO2. On the J2EE Engine, use the Key Storage service. If you changed the server’s Distinguished Name, then also maintain the ACLs in the ticket-accepting systems.
|
ABAP:
Per default, the
PSE used for logon tickets is the system PSE, but there may be cases where you
use a different PSE. For more information, see: J2EE Engine: Both ABAP and J2EE Engine for importing the public-key certificate into the ticket-issuing systems and maintaining the ACL: ●
●
|
Adding a new system to the landscape |
Configure the new system to accept logon tickets by importing the ticket-issuing server’s public-key certificate and maintaining the ACL. |
ABAP: ABAP: J2EE Engine: |
See also:
●
ABAP: 
Using Logon
Tickets
●
J2EE Engine: Using Logon
Tickets for Single Sign-On