Show TOC Start of Content Area

Function documentation Configuring the AS ABAP to Accept Logon Tickets  Locate the document in its SAP Library structure

Use

To integrate your AS ABAP systems in SSO environments, you have to configure your systems to accept and verify the logon tickets issued by another system in your SSO landscape.

When the AS ABAP system is integrated in a System Landscape Directory, you can use the Trusted Systems Single Sign-On with SAP Logon Ticket configuration functions from the SAP NetWeaver Administrator (NWA) to configure the required trust settings for accepting logon tickets issued by another system. Alternatively, for standalone AS ABAP systems, you can enable SSO with logon tickets with the SSO2 transaction from the SAP GUI.

Features

Accepting systems need to be able to verify the logon tickets and the issuing server’s digital signature. The following information is necessary for the verification:

·        The system should only accept logon tickets issued from a trusted server. Therefore, the identity of the trusted server needs to be entered in the accepting system’s SSO access control list.

·        To use Web-based configuration with the Trusted Systems management functions of the NWA, the AS ABAP must be integrated in a System Landscape Directory (SLD). For more information, see System Landscape Directory.

·        The system must be able to verify the issuing server’s digital signature.

For this purpose, the accepting system needs access to the issuing server’s public-key information, which needs to be entered in the system’s certificate list.

·        The system needs to know where the information is stored that it uses to verify the issuing server’s digital signature. The file name and location where this information is stored (the server’s designated SSO PSE) is release-dependent.

See Using Logon Tickets with AS ABAP for the file name and location of the SSO PSE according to release.

Activities

NWA based configuration for mixed system landscapes

       1.      Open the Single Sign-On with Logon Tickets configuration wizard by navigating to Configuration Management Security Management Trusted Systems.

       2.      From the Trusted Systems tab, switch toEdit mode.

       3.      Choose Add Trusted Systemto launch the SSO2 Wizard. For each of the wizard screens proceed as shown below:

Select Ticket-Issuing System

                            a.      Select the Landscape Type from the dropdown list and choose Go to show the available systems. You can optionally filter displayed results using the text input box that is provided.

You use the System Landscape Directory functions of SAP NetWeaver to define landscape types and systems belonging to a landscape. For more information, see System Landscape Directory.

                            b.      Select the ticket-issuing system from the displayed results and choose Ok to proceed to the next step of the wizard.

Provide Connection Data

...

...

                            a.      Choose the AS ABAP client to configure for accepting logon tickets.

                            b.      When the ticket-issuing system is another AS ABAP, choose the ticket-issuing Client number.

                            c.      Enter the Username and Password to use for the SLD connection to the selected system.

The remaining Connection Propertiesfor the selected system are automatically displayed.

                            d.      Choose Next to proceed with the wizard.

Upload Certificate

Note

This step is executed if the AS ABAP cannot retrieve the certificate for the ticket-issuing system from the SLD.

...

                            a.      Using the dialog box, upload the X.509 certificate for the ticket-issuing system.

Review and Add Issuing System

...

                            a.      Review the configuration details for the ticket-issuing system and choose Next to proceed or Back to make additional changes.

Final

...

The final result from adding the system is displayed. Choose Close to complete the wizard.

Note

We recommend that you use the Trusted Systemconfiguration options in NWA to configure SSO with logon tickets in mixed system landscapes. For cases where this approach does not meet your needs, you can also manually configure the AS ABAP to accept logon tickets issued by AS Java. For more information, see Accepting Logon Tickets Issued by an AS Java System

Configuration Steps for AS ABAP only landscapes

To configure SSO with logon tickets in AS ABAP only system landscapes, you can use the SSO2 transaction from the SAP GUI for enabling the relevant configuration options. For more information, see Accepting Logon Tickets Issued by an AS ABAP System

 

End of Content Area