Configuring the AS ABAP to Accept Logon
Tickets
To integrate your AS ABAP systems in SSO environments, you have to configure your systems to accept and verify the logon tickets issued by another system in your SSO landscape.
When the AS ABAP
system is integrated in a
System Landscape
Directory, you can use the Trusted Systems
→ Single Sign-On with SAP
Logon Ticket configuration
functions from the SAP NetWeaver Administrator (NWA) to configure the required
trust settings for accepting logon tickets issued by another system.
Alternatively, for standalone AS ABAP systems, you can enable SSO with logon
tickets with the SSO2 transaction from the SAP GUI.
Accepting systems need to be able to verify the logon tickets and the issuing server’s digital signature. The following information is necessary for the verification:
· The system should only accept logon tickets issued from a trusted server. Therefore, the identity of the trusted server needs to be entered in the accepting system’s SSO access control list.
·
To use Web-based
configuration with the Trusted Systems management functions of the NWA, the AS
ABAP must be integrated in a System Landscape Directory (SLD). For more
information, see
System Landscape
Directory.
· The system must be able to verify the issuing server’s digital signature.
For this purpose, the accepting system needs access to the issuing server’s public-key information, which needs to be entered in the system’s certificate list.
· The system needs to know where the information is stored that it uses to verify the issuing server’s digital signature. The file name and location where this information is stored (the server’s designated SSO PSE) is release-dependent.
See Using Logon Tickets with AS ABAP for the file name and location of the SSO PSE according to release.
1. Open the Single Sign-On with Logon Tickets configuration wizard by navigating to Configuration Management → Security Management → Trusted Systems.
2. From the Trusted Systems tab, switch toEdit mode.
3. Choose Add Trusted Systemto launch the SSO2 Wizard. For each of the wizard screens proceed as shown below:
a. Select the Landscape Type from the dropdown list and choose Go to show the available systems. You can optionally filter displayed results using the text input box that is provided.
You use the
System Landscape Directory functions of SAP NetWeaver to define landscape
types and systems belonging to a landscape. For more information, see
System Landscape
Directory.
b. Select the ticket-issuing system from the displayed results and choose Ok to proceed to the next step of the wizard.
...
...
a. Choose the AS ABAP client to configure for accepting logon tickets.
b. When the ticket-issuing system is another AS ABAP, choose the ticket-issuing Client number.
c. Enter the Username and Password to use for the SLD connection to the selected system.
The remaining Connection Propertiesfor the selected system are automatically displayed.
d. Choose Next to proceed with the wizard.

This step is executed if the AS ABAP cannot retrieve the certificate for the ticket-issuing system from the SLD.
...
a. Using the dialog box, upload the X.509 certificate for the ticket-issuing system.
...
a. Review the configuration details for the ticket-issuing system and choose Next to proceed or Back to make additional changes.
...
The final result from adding the system is displayed. Choose Close to complete the wizard.

We recommend that you use the Trusted Systemconfiguration options in NWA to configure SSO with logon tickets in mixed system landscapes. For cases where this approach does not meet your needs, you can also manually configure the AS ABAP to accept logon tickets issued by AS Java. For more information, see Accepting Logon Tickets Issued by an AS Java System
To configure SSO with logon tickets in AS ABAP only system landscapes, you can use the SSO2 transaction from the SAP GUI for enabling the relevant configuration options. For more information, see Accepting Logon Tickets Issued by an AS ABAP System