Show TOC Start of Content Area

Procedure documentation Providing User Credentials with Single Sign-On  Locate the document in its SAP Library structure

Use

To ensure that CAF and KM services are available to one another in KM, you must first provide user credentials to each external service you are using. To do this, you use Single Sign-On (SSO2) authentication.

After a user has logged on, the Application Server Java (AS Java) system encodes user information using private signing keys and sets up a SSO2 logon ticket (cookie with encoded user credentials). Other systems must have imported a signing certificate from each specific system to decrypt such information. Therefore, a signing certificate must be imported for each system that should be trusted.

Procedure

Exporting the CAF AS Java Signing Certificate

       1.      Log on to the CAF AS Java Visual Administrator tool.

       2.      Navigate to Cluster Server  Services Key Storage Runtime TicketKeyStore

       3.      Select the certificate used to sign authentication tickets. By default, this is SAPLogonTicketKeypair-cert.

       4.      Choose Export.

       5.      Save the certificate to a local directory under an appropriate name.

For example: CAF-ticket-cert.crt.

Exporting the KM AS Java Signing Certificate

 

       1.      Log on to the KM AS Java Visual Administrator tool.

       2.      Navigate to Cluster Server  Services Key Storage Runtime TicketKeyStore

       3.      Select the certificate used to sign authentication tickets. By default, this is SAPLogonTicketKeypair-cert.

       4.      Choose Export.

       5.      Save the certificate to a local directory under an appropriate name.

For example: KM-ticket-cert.crt.

Importing the CAF AS Java Signing Certificate into the KM

 

       1.      Log on to the KM AS Java Visual Administrator tool.

       2.      Navigate to Cluster Server  Services Key Storage Runtime TicketKeyStore.

       3.      Choose Load.

       4.      Select the CAF certificate that was exported in Exporting the CAF AS Java Signing Certificate above.

For example: CAF-ticket-cert.crt.

Importing the KM AS Java Signing Certificate into CAF

 

       1.      Log on to the CAF AS Java Visual Administrator tool.

       2.      Navigate to Cluster Server  Services Key Storage Runtime TicketKeyStore.

       3.      Choose Load.

       4.      Select the KM certificate that was exported in Exporting the KM AS Java Signing Certificate above.

For example:KM-ticket-cert.crt.

End of Content Area