What is single sign on (SSO)
Once a user has authenticated to the SAP EP, he doesn't need to enter his credentials again to access all the systems and backends (SAP and Non-SAP, ESS, MSS and services) integrated into the EP. SSO can be achieved in 3 ways:JSESSIONID: The JSESSIONID cookie is used for achieving SSO on the Server Node.
User Mapping: The user or administrator assign for a specific backend system the userid and password. These settings will be used to achieve SSO to the specified backend. If the user is using a different userid for a backend, this is the prefered solution to achieve SSO.
SAP Logon Ticket: This is a session cookie named MYSAPSSO2 stored in the browser cache and is used to achive SSO to the backends, using the same userid for every backend system.
When talking about SSO, normally the SAP Logon Ticket is meant.
What is the SAP Logon Ticket?
SAP Logon Ticket (token) is a session cookie, stored inside the browsers cache. It get's permanently deleted from the cache after the user logs out or the token is expired. The Logon Ticket contains:- Highest Authentication Scheme
- Validity
- Issuing System
- Digital Signature
- One Mapped ABAP User ID
- User ID
What are the types of SSO?
- SSO with SAP Logon Ticket
- SSO with User ID and password (User Mapping)
- SSO using a 3rd party system (Microsoft Active Directory, Kerberos, etc, but the Issuing System for the SAP Logon Ticket is an SAP NetWeaver AS!)
- Create RFC destination in SM59
- Create JCO-RFC destination in Visual admin
- Maintain the profile parameters for single sign on in RZ10
- login/create_sso2_ticket=2
- login/accept_sso2_ticket=1
5.Import Portal certificate in STRUSTSSO2
6.Export R/3 certificate in STRUSTSSO2
7.Import R/3 certificate in keystore administration
8.Create system alias in portal
9.Check the SAPJSF user in ABAP system
10.Map the ABAP user to Portal user if it is required.
No comments:
Post a Comment