on 04-20-2009 7:34 PM
Hi,
I've done quite a lot of research on the SSO but still need some advice:
Our environment is NW7 with EP7 and ECC6. There is an ITS in the ECC6 system.
The SSO was setup and worked properly when the iViews were configured as "SAP GUI for WINDOWS". I also double checked the following parameters and they were OK
"login/create_sso2_ticket" is set to "2"
"login/accepte_sso2_ticket" set to "1"
Also SSO tickets/certificates have been added into both NW7 and ECC6.
The only thing that not works properly with the iView is the "SAP GUI for HTML", and everytime it pops up an ITS login screen. The 'system configuration -> ITS session' in the Portal we set it as an HTTP but not HTTPS.
I looked into some documents and it was saying the parameter "~mysapcomusesso2cookie 1" in the global.srvc file in the ITS need to be setup. However that was an older version(standalone) of ITS
So, now my question is simple: In the new version of ITS, which parameter(I assume it's in RZ11 or SICF) need to be setup to support SSO?
Appreciate your help!
Adam
Edited by: Adam Li on Apr 20, 2009 8:34 PM
be careful about ~nosplash =1.
We found that it broke single sign-on for us. It did remove the SAP splash screen banner, but in it's place we got a login prompt.
After some additional research we were able to hack the unsupported substituion of the standard "spinning wheel" animated gif.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Make sure the hostname you enter in the ITS parameters of the system definition in the portal has a fully qualified name. It needs to match the domain of the portal (portal.aaa.bb.ccc -> its.aaa.bb.ccc)
Post the ITS settings from the portal system landscape if you want.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Mike....The hostname has been a fully qualified name already which matches the settings in SMICM. I also tested the Webgui alone which works if I input the correct username/password.
But the 'Webgui for HTML' is still not working from the Portal...So I think there could something need to be setup for the SSO?
Talking about "cookie handler", is it related to the service: /default_host/sap/public/myssocntl? That service is ON.
In the /default_host/sap/bc/gui/sap/its/webgui, I notice the tab 'Handler List' only has 'CL_HTTP_EXT_ITS'. Is it enough? Shall I add additional handler in such as 'CL_HTTP_EXT_MYSSOCNTL'?
Thanks again!
Edited by: Adam Li on Apr 20, 2009 10:51 PM
Don't make any changes to the ITS settings in ABAP! It should work out of the box. If it isn't then it will be because the cookie is not being sent. The most common reason is that you are not connecting to the portal and ITS in the same domain. So if you connect to portal.aaa.bb.ccc then the ITS hostname must be something.aaa.bb.ccc.
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.