cancel
Showing results for 
Search instead for 
Did you mean: 

Setting up SSO with EP6 and EBP 3.0

Former Member
0 Kudos

I have setup our SRM pilot system for EP6 and SRM (SUS 4.0 and EBP 3.0). Everything is working fine except the SSO connection with EBP 3.0. SSO with SUS is working.

I've uploaded the verify.der using the STRUSTSSO2 transaction in EBP. The System connection in portal checks out OK on the connection tests to ITS and WAS. The system alias is set properly.

When ever I try to access the EBP screens I get the ITS logon screen. I can logon with my EBP credentials, so I know the connection works.

Is there something I've missed? Do I need to do something with ITS for SSO?

Thanks in advance.

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hello David,

First, check EBP system parameter (RZ10) login/accept_sso2_ticket = 1.

Then maintain global.srvc service parameters in your standalone ITS:

~cookies 1 Enable the storage of the cookies.

~mysapcomgetsso2cookie 1 Use the value 1 so that the ITS will request the ticket creation from the application server.

~mysapcomusesso2cookie 1 Use the value 1 so that the ITS will pass an existing logon ticket to the application server.

~mysapcomnosso1cookie 0 Use the value 0 if you have to use SSO cookies in addition to logon tickets for SSO (for example, to SAP systems with release 3.1). Otherwise, use the value 1.

~mysapcomssonoits 1 Use the value 1 if the logon ticket will be used across different SAP system clients. Otherwise, the ticket contains the SAP system client and cannot be used to access a system with a different client.

This was my configuration to enable SSO, but not with EP.

Check needed value for each parameter.

Rgds

Christophe

Former Member
0 Kudos

Christophe,

Thanks for the reply.

I checked RZ10 as you suggested and login/accept_sso2_ticket is set to 1.

Pardon my lack of knowledge, but where and how do I maintain global.srvc in ITS?

Thanks,

David

Former Member
0 Kudos

You need to logon into ITS admin service.

Ask your basis guy.

This is a special ADM ITS instance. Its URL is similar to the one you use to acces ../scripts/wgate/bbpstart/!

You just have to change the port number (ask your basis guy), and the service name to "admin" instead of "bbpstart".

Default admin user is "itsadmin", and password could be "init" (if not changed by your admin).

Otherwise, ask you admin or basis collegues, or have a look at ITS admin guide.

Rgds

Christophe

Former Member
0 Kudos

Christophe,

I showed what you sent me to our BASIS guys.

The only line he changed was:

~mysapcomusesso2cookie 1 Missing / Added. Used for both R/3 and EBP.

SSO is now working with EBP. Thank you very much for your help!

Can you recommend any book or document on optimal Portal/EBP, particularly using EBP with portal?

Thanks again.

David

Former Member
0 Kudos

David,

You can find EP SSO documentation in many installation guides.

For example, in SAP online help:

help.sap.com/nw2004s --> SAP NetWeaver Library --> Technology Consultants Guide --> Authentication and Single Sign-On --> Authentication Using a Directory with SSO Integration Using Logo --> Configuring AS-ABAP to Accept and Verify Logon Tickets --> Configuring SAP Systems to Accept and Verify SAP Logon Tickets

Direct access:

http://help.sap.com/saphelp_nw04s/helpdata/en/d3/41c8ecb31d11d5993800508b6b8b11/content.htm

The other parameters I gave you can be found in ITS admin guide.

We can use them for special configurations. Ex: you logon to SRM via ITS (SRM Server is generating the same logon ticket), and want to access to BSP or ITS services from other SAP systems from your menu launchpad (ITS acts as a "mini" portal).

Rgds

Christophe

Answers (1)

Answers (1)

diegohs
Active Participant
0 Kudos

If you're implementing SSO with SAP Logon tickets, you should take care of the following things:

- user login should be identical in both systems

- EP: the system properties should be well defined and configured (permissions, alias, attributes, etc)