cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enabling SSO for Integrated ITS

Go to solution
Former Member

on ‎01-17-2006 10:19 AM

0 Kudos

Hi,

Are there any specific settings to be made to enable SSO for Integrated ITS.

We have configured the ECC backend system to accept tickets.

The profile parameters have been set. Certificate for EP has been added to ACL.

But when we create transaction iViews (which in turn use ITS) I am getting a screen, SSO is not active in the system.

Are there any settings other than this,specific to ITS that have to be done.

Thanks and Regards

Bharathwaj

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

athavanraja
Active Contributor
‎01-17-2006 10:31 AM
0 Kudos

you need the following in ECC

login/accept_sso2_ticket to 1

login/create_sso2_ticket to 2

and in portal - > system deifnition you need to maintain ITS host, path and protocol details.

make sure FQDN is implemented for WAS server and the same in used in system definition .

make sure that icm/host_full_name parameter is maintained in RZ10

Regards

Raja

Show replies
Show replies
Former Member
‎01-17-2006 10:46 AM
0 Kudos

Dear Durairaj,

<b>FQDN </b> ? What is that ?

And icm/host_full_name = localhost ?

i also found a forum discussion saying..

<i>I found out the setting in a integrated ITS need not to be setup : mysapcomusesso2cookie

You need to activate a service mysso2control (or similar...) on the client site.

Also make sure that you have the logon group PUBLIC on the backend system ! Otherwise it gives you "Username or password incorrect", because the R/3 / ECC gets an empty username string.</i>

Is group PUBLIC necessary ?

Thanks and Regards

Bharathwaj

Message was edited by: Bharathwaj R

athavanraja
Active Contributor
‎01-17-2006 11:20 AM
0 Kudos

> Dear Durairaj,

>

> <b>FQDN </b> ? What is that ?

FULLY QUALIFIED DOMAIN NAME instead of just host:port your should use host.domain.com:port for SSO to work

> And icm/host_full_name = localhost ?

it should be hostname.domainname.com

>

> <i>I found out the setting in a integrated ITS need

> not to be setup : mysapcomusesso2cookie

no need in integrated ITS

> You need to activate a service mysso2control (or

> similar...) on the client site.

>

> Also make sure that you have the logon group PUBLIC

> on the backend system ! Otherwise it gives you

> "Username or password incorrect", because the R/3 /

> ECC gets an empty username string.</i>

I am not aware of this

> Is group PUBLIC necessary ?

I am not aware of this

Regards

Raja

Former Member
‎01-18-2006 5:39 AM
0 Kudos

Hi Durairaj,

Am configuring the ECC system to accept tickets. If i give create ticket parameter to 2, its saying "System SID is creating logon tickets THAT DO NOT INCLUDE ITS CERTIFICATE" when executing transaction SSO2.

Is this correct.

<i>And icm/host_full_name = localhost ?

it should be hostname.domainname.com</i>

Is this the ECC system hostname or the portal system name.

Regards

Bharathwaj

athavanraja
Active Contributor
‎01-18-2006 5:59 AM
0 Kudos

you can change that to 1/2 depending on your requirement (check the documentation of that parameter from transaction RZ11)

the host name is the host name of the ECC system.

Regards

Raja

Former Member
‎01-21-2006 9:26 AM
0 Kudos

HI Durairaj,

After i set the create_sso2_ticket = 2 and set the hostname to the domain name as in the system properties,

i get the error <b>" Invalid host name for issuing SSO ticket ".</b>

Can you help me resolve this issue.?

The hostname i have given is of the form <b><system name>.<domain name>.<company name>.net.</b>Thanks and regards

Bharathwaj

Message was edited by: Bharathwaj R

athavanraja
Active Contributor
‎01-21-2006 11:14 AM
0 Kudos

<system name>.<domain name>.<company name>.net

is your portal also in the same domain?

Regards

Raja

Former Member
‎01-21-2006 11:59 AM
0 Kudos

Hi Durairaj,

Yes.Its in the same domain.

athavanraja
Active Contributor
‎01-21-2006 12:11 PM
0 Kudos

can you give us the the url where you are getting this error.

points to note: should use FQDN to log on to portal

WAS/ITS host has to be with FQDN

Regards

Raja

Former Member
‎01-21-2006 12:19 PM
0 Kudos

Hi ,

i was previously using the hostname.

When i ping with the FQDN its working.

But when i use it in the URL it is giving that DNS cannot resolve host name.

what can i do to solve this

athavanraja
Active Contributor
‎01-21-2006 12:45 PM
0 Kudos

for the system to accept SSO cookie and create SSO cookie both has to be on same domain and you should use FQDN to access the application.

may be search the weblog section on SSO there are quiet a few weblogs on this topic and make sure you have done all of what is explained in those weblogs.

Regards

Raja

Former Member
‎01-21-2006 12:49 PM
0 Kudos

Hi Durairaj,

1. They are both in the same domain.

2. I have done every setting as per help.sap, weblogs, note 701205 and other related notes.

3. Raised a OSS note.

4. Checked SM50 security level 2 trace.

5.Checked SSO2 transcation.

But i am still not able to find out why its not working.

When i ping with FQDN it works. But in the browser FQDN does not work.

May be if this is solved, the SSO might work.

Any help will be greatly appreciated.

Thanks and Regards

Bharathwaj

athavanraja
Active Contributor
‎01-21-2006 12:57 PM
0 Kudos

3. Raised a OSS note.

whats the response, probably you should wait to see what they come up with.

the advantage they have is that they can request a remote log on to your system and that makes the job easier.

Sorry couldnt help much.

Regards

Raja

Former Member
‎01-21-2006 3:32 PM
0 Kudos

Hi Durairaj,

Hmmm.Probably the remote connection is the last option.

Till now they were also not able to solve this issue..

Looking forward to solve this somehow.. !

The only problem is i have done the same settings for another system in the customer landscape.. which had an add-in installation.. that worked..

I guess there is some issue while connecting across different physical systems

Regards

Bharathwaj

Former Member
‎02-16-2006 11:29 PM
0 Kudos

Hello Bharthwaj,

Did you find any solution for this as i'm also facing the same problem and have published all the services and login parameters are already there.

Please help me in configuring this.

Vaib

Answers (0)

Ask a Question