For authentication with SAP NetWeaver that allows for Single Sign-On to other systems as well, you can use logon tickets. One system in the landscape should be set up to issue logon tickets to users. Users log on initially to this system to obtain an logon ticket and then can use the logon ticket to access the other SAP systems in the landscape.
Most of the administrative tasks for using logon tickets are also configuration, however, there are some tasks that occasionally need to be done. See the table below.
Administrative Tasks when Using Logon Tickets
Reason |
Task |
More Information |
Renewing the system’s public-key certificate |
ABAP: Use the trust manager (transaction STRUST) to regenerate the PSE used for logon tickets. J2EE Engine: Use the Key Storage service to create a new key pair for the J2EE Engine. Both ABAP and J2EE Engine: Import the new public-key certificate into ticket-accepting systems. On the ABAP server, use the transaction STRUSTSSO2. On the J2EE Engine, use the Key Storage service. If you changed the server’s Distinguished Name, then also maintain the ACLs in the ticket-accepting systems.
|
ABAP: Creating or Replacing a PSE
Per default, the PSE used for logon tickets is the system PSE, but there may be cases where you use a different PSE. For more information, see: Configuring the System for Issuing Logon Tickets. J2EE Engine: Replacing the Key Pair to Use for Logon Tickets Both ABAP and J2EE Engine for importing the public-key certificate into the ticket-issuing systems and maintaining the ACL: ● Configuring SAP Web AS ABAP to Accept Logon Tickets from Another SAP Web AS ABAP ● Configuring SAP Web AS ABAP to Accept Logon Tickets from the J2EE Engine |
Adding a new system to the landscape |
Configure the new system to accept logon tickets by importing the ticket-issuing server’s public-key certificate and maintaining the ACL. |
ABAP: Configuring SAP Web AS ABAP to Accept Logon Tickets from Another SAP Web AS ABAP ABAP: Configuring SAP Web AS ABAP to Accept Logon Tickets from the J2EE Engine J2EE Engine: Configuring the J2EE Engine to Accept Logon Tickets |
See also:
● ABAP: Using Logon Tickets
● J2EE Engine: Using Logon Tickets for Single Sign-On