Show TOC

Using Transaction STRUSTSSO2 in SAP System >= 4.6CLocate this document in the navigation structure

Procedure

Download the public-key certificate of the Portal Server

Use the Keystore Administration functions of the SAP NetWeaver Administrator to download the verify.der file from the portal.

Import public-key certificate of the Portal Server to the component system's certificate list and add the Portal Server to the ACL of the component system

Both of these steps can be performed with transaction STRUSTSSO2, which is an extended version of transaction STRUST. For detailed documentation on transaction STRUST, see the Web Application Server documentation under Security → Trust Manager.

  1. In the SAP system, start transaction STRUSTSSO2.

    A screen with the following layout appears.

    The PSE status frame on the left displays the PSEs that are defined for the system.

    The PSE maintenance section on the top right displays the PSE information for the PSE selected in the PSE status frame.

    Below that, the certificate section displays certificate information for a certificate that you have selected or imported.

    The Single Sign-On ACL section on the bottom right displays the entries in the ACL of the system.

    Note

    The layout of the transaction varies slightly, depending on the release of the SAP system.

  2. In the PSE status frame on the left, choose the system PSE.
  3. In the certificate section, choose Import Certificate.

    The Import Certificate screen appears.

  4. Choose the File tab.
  5. In the File path field, enter the path of the portal's verify.der file.
  6. Set the file format to DER coded or Binary and confirm.
  7. In the Trust Manager, choose Add to PSE.
  8. Choose Add to ACL, to add the Portal Server to the ACL list.
  9. In the dialog box that appears, enter the portal's system ID and client. By default, the portal's system ID is the common name (CN) of the Distinguished Name entered during installation of the portal. The default client is 000 .

    If you are using an Add-In installation, you must change the client to a value other than 000 . For more information, see Specifying the AS Java Client to Use for Logon Tickets .

    The other values are taken from the certificate.

  10. Save your entry.
  11. Do not forget to set profile parameters as described in Configuring SAP Systems to Accept and Verify Logon Tickets .
Result

The SAP component systems are able to accept logon tickets and verify the portal server's digital signature when they receive a logon ticket from a user.