Show TOC

Background documentationAdministration When Using Logon Tickets Locate this document in the navigation structure

 

For authentication with SAP NetWeaver that allows for Single Sign-On to other systems as well, you can use logon tickets. One system in the landscape should be set up to issue logon tickets to users. Users log on initially to this system to obtain an logon ticket and then can use the logon ticket to access the other SAP systems in the landscape.

Tasks on Demand

Most of the administrative tasks for using logon tickets are also configuration, however, there are some tasks that occasionally need to be done. See the table below.

Administrative Tasks when Using Logon Tickets

Reason

Task

More Information

Renewing the system's public-key certificate

ABAP: Use the trust manager (transaction STRUST) to regenerate the PSE used for logon tickets.

J2EE Engine: Use the Key Storage service to create a new key pair for the J2EE Engine.

Both ABAP and J2EE Engine: Import the new public-key certificate into ticket-accepting systems. On the ABAP server, use the transaction STRUSTSSO2. On the AS Java, use the Key Storage service.

If you changed the server's Distinguished Name, then also maintain the ACLs in the ticket-accepting systems.

ABAP: Creating or Replacing a PSE

Note Note

Per default, the PSE used for logon tickets is the system PSE, but there may be cases where you use a different PSE. For more information, see: Configuring the System for Issuing Logon Tickets.

End of the note.

J2EE Engine: Replacing the Key Pair to Use for Logon Tickets

BBoth ABAP and J2EE Engine for importing the public-key certificate into the ticket-issuing systems and maintaining the ACL:

Adding a new system to the landscape

Configure the new system to accept logon tickets by importing the ticket-issuing server's public-key certificate and maintaining the ACL.

ABAP: Configuring SAP Web AS ABAP to Accept Logon Tickets from Another SAP Web AS ABAP

ABAP: Configuring SAP Web AS ABAP to Accept Logon Tickets from the J2EE Engine

J2EE Engine: Configuring the J2EE Engine to Accept Logon Tickets

See also: