Configuring the Portal for SSO with Logon Tickets
The following scenarios exist:
-
The portal is the ticket-issuing system
By default the portal is configured so that the underlying SAP NetWeaver Application Server (AS) Java issues logon tickets. By default the authentication scheme used by the portal references a login module stack that issues and accepts tickets.
For more information, see Defining an Authentication Scheme and Configuring the AS Java to Issue Logon Tickets .
-
Another system is the ticket-issuing system:
You must configure the portal to accept the tickets issued by another system. This takes place in the underlying AS Java.
For more information, see Configuring the AS Java to Accept Logon Tickets .
The sections below describe the settings you need to make in exceptional cases.
Add-In installations only: Change the AS Java client used in the logon tickets
In Add-In installations, the logon tickets of the AS Java and AS ABAP must be different. Change the client that is written to the logon ticket.
For more information, see Specifying the AS Java Client to Use for Logon Tickets .
Configure the lifetime of the logon ticket
For more information, see Configuring the Validity Period of Logon Tickets .
Map portal user IDs to user IDs in other systems
If users' portal user IDs are different to their user IDs in the component systems, the administrator or user must map the portal user ID to the user ID in the other systems. You must define a reference system for user data and map the portal users to the users in this system.
For more information, see Configuring User Mapping with Tickets for SSO .
ABAP systems only: Set logon method to logon tickets in portal system landscape
For each ABAP system that the portal accesses using the Java Connector (JCo), do the following to enable access with logon tickets:
-
Open the portal system for properties.
-
Set the value of the property Logon Method to SAPLOGONTICKET .
-
Save your entries.
For more information, see SAP System Properties .