A partner provides an SAP Solution Manager to which a customer can log on in single sign-on mode by using a certificate.
This section describes configuring single sign-on by using a certificate from SAP Service Marketplace.
Solution Manager 7.1 or higher
You have administrator authorizations assigned.
Note
Some activities are performed by the partner and some activities are performed by the customer.
In the system running SAP Solution Manager, call the ICM Monitor (transaction SMICM
) and choose Sevices
.
Check whether HTTPS is available and active.
To set up HTTPS, call Maintain Profile Parameter (transaction RZ10
), and enter the system profile name.
Select Instance profile
, and in the Edit Profile
screen area, select Extended Maintenance
and choose Change
.
The Maintain Profile
screen appears.
Choose New Parameter
.
Enter the following data:
Parameter name: icm/server_port_<free number>
Parameter values:
PROT = HTTPS
PORT = <free port, for example 420$$>
TIMEOUT = <number, 240 is default>
PROCTIMEOUT = <number, 600 is default>
Save your entries.
Restart the system.
To check whether HTTPS is available and active, call the ICM Monitor (transaction SMICM
) and choose Sevices.
Note
If HTTPS is not active, the row is yellow and the Actv
column is empty.
To activate HTTPS, call Trust Manager (transaction STRUST
) and select SSL service Standard
. In the context menu, choose Create
.
The Create PSE
screen appears.
Confirm the default entries.
The SSL server is active.
The partner performs this activity to retrieve the Certification Authority (CA) and to test single sign-on.
The customer performs this activity to activate single sign-on.
In the browser, enter https://service.sap.com/sso-smp.
The Applying for an SAP Passport
browser popup window appears.
Enter the S-user password and confirm your entries.
The certificate is installed in your browser.
For more information about browser settings for single sign-on, in the Applying for an SAP Passport
screen, see Applying for an SAP Passport - Background
(http://service.sap.com/~sapidb/002006825000000038452001/).
Prerequisite: The partner has a certificate for an S-user from SAP Service Marketplace.
Open the browser with which you call the SAP Solution Manager WebClient UI.
Save the SAP Passport CA in format X.509 (CER).
Note
Depending on the browser version, there are different ways to save the certificate. For more information, refer to the browser documentation.
To import the certificate, in the SAP Solution Manager system, call Trust Manager (transaction STRUST
) and under SSL server Standard
, select the server.
The SSL server Standard
screen appears.
Choose Import Certificate
.
The Import Certificate
screen appears.
In the File
tab page, upload the certificate in Base64 format, and save your entries.
In the SSL server Standard
screen, choose Add to Certificate List
.
In the SAP Solution Manager system, call ABAP Editor (transaction SE38
) and call report RSUSREXTID
.
Enter the following parameters:
User: <S-user from SU01 for which you want to enable the logon with the s-user certificate>
External ID type: DN
Prefix of External Name: CN=
Suffix of External Name: , OU=SAP Service Marketplace, O=SAP Trust Community, C=DE
Make sure that Test Mode
is deselected.
Execute the report.
For more information, see SAP Note 1531399.
In the SAP Solution Manager system, call Maintain Services (transaction SICF
).
In Service Name
, enter the service for which you want to configure SSL and execute the transaction.
Choose the service.
In the Logon Data
tab page, in the Security Requirement
screen area, select SSL
.
Save your entries.
The S-user can log on in single sign-on mode by using the SAP Certificate.