You have released the scenario, as described in SAP Note 1320198.
If you are using one of the following SSO/STS scenarios, the following prerequisites must be fulfilled.
STS scenario with symmetric key for confirming signature (authentication only)
STS scenario with asymmetric consumer key for confirming signature (authentication only)
Messages between the WS provider and WS consumer are secured, either at transport level with the Secure Sockets Layer protocol (HTTPS) or at message level (symmetric message encryption/signature). In the case of symmetric message encryption, you need to import the encryption certificate of the WS provider into the PSE WSSCRT in the Trust Manager of the WS consumer.
Create the logical port for the connection to STS.
In the SOA Manager of the WS consumer, on the Service Administration tab page, choose the link Configuration of Individual Services.
Find the consumer proxy that is to be used to access the service end point, and for which you want to define a logical port.
Internal Name: CO_WSSESECURITY_TOKEN_SERVICE, External Name Name: SecurityTokenServiceIn.
Select the consumer proxy in the list of search results and choose Apply Selection.
On the Configurations tab page, choose the Create Log. Port button.
Specify the following in the dialog box:
The name of the logical port and its description
For configuration type, select the Meta Data Exchange Protocol radio button
The STS MEX URL
Note
Use HTTP or HTTPS in the URL, depending on whether you have configured SSL for the connection between STS and the WS consumer.
The STS endpoint URL
Note
You can only use this URL for one logical port. The logical port set up with the URL is available for all WS consumer configurations.
The MEX access user that you specified in STS
The MEX user password that you specified in STS
Choose the Copy settings button.
Scroll down.
If necessary, in the Encryption Certificate field, enter the STS encryption certificate that you previously imported into the PSE WSSCRT of the WS consumer with transaction STRUST.
If applicable, in the Signature Certificate field, specify the signature certificate of the WS consumer that you previously created with transaction STRUST in the WS consumer's PSE WS-Security Other System Encry (WSSKEY).
Save your entries.