cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO between SAP EP 7.4(Workgroup) to ECC 6.0(Domain)

S0024670220
Explorer

on ‎09-02-2016 6:03 AM

0 Kudos

Dear Experts,

     We are trying to establish Single sign on between sap Portal 7.4, which is in local workgroup and ECC which is present in domain.

     I have followed the possible ways mentioned below but ended up unsuccessfully.

https://help.sap.com/saphelp_nw74/helpdata/en/a0/88a340fa432b54e10000000a1550b0/frameset.htm

     Kindly guide me the relevant solution for this requirement. Also suggest if you have steps for the same.

Thanks& Regards,

Sakthi Kumar

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

nickrankin
Contributor
‎09-06-2016 1:40 PM
0 Kudos

Hi Sakthi,

Are you trying to configure a Kerberos based authentication (e.g: SPNego) or is the problem with the ECC system not accepting Portal logon ticket? Your description isn't to clear to me.

If you are having an issue with SSO between Java and ABAP check:

- Trusted certificates are maintained under trust systems in Java and strustsso2 on abap correctly

- you are accessing both via same domain and protocol, no mixing http:// and https:// and also domain ends the same on ECC and Portal i.e: mycorp.com

If the problem remains capture a Fiddler trace and see if backend is getting MYSAPSSO2 cookie (ie logon ticket).

If it is getting logon ticket check log traces for work process ABAP side why it is not getting accepted.

Best regards,

Nick Rankin

Show replies
Show replies
S0024670220
Explorer
‎09-06-2016 2:07 PM
0 Kudos

Hi Nick,

I am not following kerberos. I have tried normal way of sso through Portal logon ticket.

I m just asking a suggested way of achieving SSO between Workgroup(EP) and Domain(ECC) .

nickrankin
Contributor
‎09-06-2016 4:05 PM
0 Kudos

Hi Sakthi,

I'd suggest downloading fiddler, doing a trace and seeing if the mysapsso2 cookie is getting received by backend. You could even use browser F12 tools for this if installation of software is not allowed because of policy.

You can see below for details (this test system I have up isn't connected to backend, but in your case you can check for cookie on ECC request):

If you are seeing backend is getting cookie check the WP traces on the backend to see why logon ticket is failing. (TCode AL11 can be used for e.g to get R3 work directory)

Best regards,

Nick

S0024670220
Explorer
‎09-07-2016 6:39 AM
0 Kudos

Nick,

I could see Mysapsso2 cookie in portal browser.

Struggling with AL11 authorization. Also there is another concern for me. Whenever I import my SAPLogonTicketKeypair-cert certificate into SAP R3(STRUSTSSO2), I get the below error.

Just for information. Whenever I run STRUSTSSO2 transaction, immediately I get the below message.

Currently I am importing the SAPLogonTicketKeypair-cert certificate in our client 120. Should I import in 000 client?

nickrankin
Contributor
‎09-07-2016 9:28 AM
0 Kudos

Hi Sakthi,

Logon ticket is getting to backend so this is good.. For Java system client should always be 000. Please delete cert under strustsso2 and reimport using client 000 for the Java keypair cert. no need to do this under client 000 logon, but you'll get option to specify client importing cert. it must be 000.

This should sort it. If not check the dev_wpXX log files under al11 as these should give some clue as to why the failure is still occurring.

Best regards,

Nick

Ask a Question