Configuring the Portal for SSO with Logon
Tickets
Use
The following scenarios exist:
● The portal is the ticket-issuing system
By default the portal is configured so that the underlying AS Java issues logon tickets. By default the authentication scheme used by the portal references a login module stack that issues and accepts tickets.
More information: Defining an Authentication Scheme and Adjusting the Login Module Stacks for Using Logon Tickets
● Another system is the ticket-issuing system:
You must configure the portal to accept the tickets issued by another system. This takes place in the underlying AS Java.
More information: Configuring the AS Java to Accept Logon Tickets
The sections below describe the settings you need to make in exceptional cases.
Procedure
Add-In installations only: Change the AS Java client used in the logon tickets
In Add-In installations, the logon tickets of the AS Java and AS ABAP must be different. Change the client that is written to the logon ticket.
More information: Specifying the AS Java Client to Use for Logon Tickets
Configure the lifetime of the logon ticket
More information: Configuring the Validity Period of Logon Tickets
Map portal user IDs to user IDs in other systems
If users’ portal user IDs are different to their user IDs in the component systems, the administrator or user must map the portal user ID to the user ID in the other systems. You must define a reference system for user data and map the portal users to the users in this system.
More information: Configuring User Mapping with Tickets for SSO
ABAP systems only: Set logon method to logon tickets in portal system landscape
For each ABAP system that the portal accesses using the Java Connector (JCo), do the following to enable access with logon tickets:
...
1. Open the portal system for properties.
2. Set the value of the property Logon Method to SAPLOGONTICKET.
3. Save your changes.
More information:
Editing SAP
System Properties