- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- SSO - Through abap
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SSO - Through abap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2012 10:31 AM
Hi Geeks,
I am new to SSO .
My requirement is that , we have certain SAP systems in our landscape .
We create users in those systems and communicate the user credentials to the respective users.
Now we thought of implementing SSO in those systems .
So instead of sending the user credentials .
Our Aim is to send the user id and SAP passport , so that the user can configure the same in their systems and use .
And we also need to create a program which will allow us to generate a certificate for a particular user.
Is this possible ?
Because in X.509 certificates should be got from Trust center ,
And SAP logon tickets are got from portal .
We are going to create passport to log in into SAP Gui through HTML.
What should i do now ?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2012 1:23 PM
HI Hima,
Yes it is possible. You don't have to create any program. SAP already has standard SSO configurations.
pre-requisites
1. Issuer Portal and target systems has to be in the same Domain (*.xxx.com)
2.Usernames of employees are the same in SAP Portal and SAP Backend
3.Trust configured between Issuer Portal and SAP Backend Systems
just do little search, you will find configuration details..
Regards
Imran
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2012 1:23 PM
HI Hima,
Yes it is possible. You don't have to create any program. SAP already has standard SSO configurations.
pre-requisites
1. Issuer Portal and target systems has to be in the same Domain (*.xxx.com)
2.Usernames of employees are the same in SAP Portal and SAP Backend
3.Trust configured between Issuer Portal and SAP Backend Systems
just do little search, you will find configuration details..
Regards
Imran
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 6:00 AM
Hi Imran ,
Thanks a lot for the reply .
We will try to do the configurations and check .
I will get back if i have any doubts .
Thanks a lot .
Will these configurations generate the passports ?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 8:27 AM
Hi Hima,
there are certain profile parameters for SSO configurations to set for passwords (not passport )
1) login/password_change_for_SSO=0
The obligation to change the password is ignored. No password change dialog box is displayed.
2) login/password_change_for_SSO=1 (default setting)
The password must be changed or deleted. The password change dialog box appears with an additional delete button.
3) login/password_change_for_SSO=2
The password change dialog box appears and the password must be changed (input: old and new password).
4) login/password_change_for_SSO=3
The password can only be deactivated. The password is automatically deactivated and no dialog box appears.
Best Regards
Imran
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 11:00 AM
Hi Imran ,
I am talking about SAP passport which contains the certificate for sso .
These SAP Passports we configure in the browser to activate SSO .
Is there a possibility to get this locally without contacting the trust center ?
The method which you mentioned is not using these X509 certificates right ?
which is the easier method to do this
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 12:16 PM
HI Hima,
Sorry I got you wrong, i usually use certificate word instead of passport.
Anyway, I was talking about SAPLGON cert. which we import in SAP backend via SSTRUSTO2. But your requirement is diffrent.
check out below link, http://help.sap.com/saphelp_nw04s/helpdata/en/b1/07dd3aeedb7445e10000000a114084/content.htm
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 12:48 PM
Hi Imran ,
Thanks for the reply .
Actually my requirement does not constrict me to X509 certificate .
I can use any method to implement the SSO .
But i need a easier method for the same to do it locally .
I understood that there are 2 easier methods
Can you tell me which is the easier way to do that ?
And also it will be nice if you tell me how to do that ?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 1:04 PM
Hi Hima,
We have implemented SSO with logon tickets and i felt is easier method.
Please follow , http://help.sap.com/saphelp_nw2004s/helpdata/en/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2012 4:42 AM
Hello Hima,
If you are going to use logon tickets then you need few more settings which are not indicated in the link which you have picked up :-
- Configuring the Login Module Stacks to Issue Logon Tickets on AS Java.
- Configuring the Portal for SSO with Logon Tickets.
- You need to exchange the certificates from both the systems.
- in ABAP you can run sso2 tcode to check if all the settings are fine.
Hope this helps.
Thanks,
Dev
- SAP Managed Tags:
- Security
