Let's Begin-

 This is my second Blog on SAP Netweaver 7.3. In this blog, I will discuss about how to configure Single Sign-on between SAP Business Suite 7 & above system with SAP Netweaver 7.3 systems.  In my below example my As ABAP system is on SAP ERP 6.0 EHP5 and As Java system on SAP Netweaver 7.3.

Profile Parameters-

Set below parameters in As ABAP system in instance profile-

1)       login/create_sso2_ticket=2

2)      login/accept_sso2_ticket=1

3)      login/password_change_for_SSO=0 (Optional) (The obligation to change the password is ignored)

4)      icm/host_name_full= <FQDN>

5)       SAPFQDN=<domain name> (Set this parameter in Default Profile)

Set below parameters in As Java in default profile-

1)       SAPFQDN=<domain name>

Note: After all the parameters are set, restart your system.

Process-

1)       Go to URL

http://<server>:<port>/sso2

 

 

Click on Add Trusted system – By Querying Trusted System

Select system Type- ABAP (In case of single sign-on between 2 As Java systems, select Java)

On next screen, enter details of As ABAP system

 

 

If you are not using SNC then keep option Disable in SNC Protection.

On next screen, click Finish.

 

 

Now system will be visible as trusted system.

 

 

2) Go to nwa of As Java (http://<server>:<port>/nwa)

Navigate to Configuration – Authentication and Single Sign-ON

Then select Authentication – Components. Select Policy Configuration Name- ticket.

a. Under authentication stack, select EvaluateTicketLoginModule Template, as a result of step 1, your called system will be automatically populated there.

 

 

Click on Edit.

b. Select Module CreateTicketLoginModule and Make its Flag as SUFFICIENT.

c. For CreateTicketLoginModule, Add following properties under Options of login module “CreateTicketLoginModule”

Name                                                  Value

trusteddn1                                        CN=<SID>

trustedss1                                        CN=<SID>

trustedsys1                                       <SID>,<Client>

ume.configuration.active                      true

 

 

Save.

3)      Go to nwa (http://<server>:<port>/nwa)

1. Go to Configuration- Certificates and Keys
2. Select TicketKeystore key storage views
3. Make sure that entry of your As ABAP system should be there.
4. Delete SAPLogonTicketKeypair and SAPLogonTicketKeypair-cert under Details of view “TicketKeystore.
5. Click on Create Entry.

 

 

Enter below details here-

Entry Name- SAPLogonTicketKeypair

Algorithm- DSA

Key Length- 1024

Select Store Certificate Option. And click next.

 

 

Enter below details-

SateOrProvinceName

OrganizationName

localityName

organizationalUnitName

commonName=<SID>

Click on Finish. After that, SAPLogonTicketKeypair and SAPLogonTicketKeypair-cert entries will populate.

 

 

4)      Download certificate of As Java system and upload it on As ABAP system.

1. Go to nwa http://<server>:<port>/nwa
2. Go to Configuration- Certificates and Keys
3. Select TicketKeystore key storage views
4. Export SAPLogonTicketKeypair-cert certificate.
5. Select export format as Base64X.509

 

 

Download it.

6. Import this portal certificate in As ABAP system in t-code strustsso2.

7. Add this portal certificate to Add to Certificate list  and Add to ACL (while adding to ACL list, Enter SID of As Java system and client as 000.

 

 

Restart the As Java system.

5)       Go to http://<server>:<port>/irj/portal

1. Go to System Administration- System Landscape- System Landscape Overview- System Landscape
2. Click on New.
3. Create System Object using Template. Please choose system template as per your requirement. In my case, I selected system template- SAP system using dedicated application server.

 

  

4. Enter details as belo

System Name, System ID & Description

 

 

 Enter Alias Name and click on Add.

 

 

On Next screen, enter details for Connector, ITS and Web Application Server.

1.         Connector

 

 

Enter all details (Under application host, please enter FQDN)

2. ITS

 

 

Enter all details (Under ITS Host Name, please enter FQDN)

ITS Host Name- <FQDN>:<ITS Port>

ITS Path-  /sap/bc/gui/sap/its//webgui

ITS Protocal- HTTP (In case, HTTPS is activates then select HTTPS)

3. User Management

 

 

4. Web Application Server (Web AS)

 

 

Enter all details (Under ITS Host Name, please enter FQDN)

ICM Host Name- <FQDN>:<As ABAP port>

ICM Protocol- HTTP (In case, HTTPS is activates then select HTTPS)

Under Additional Wizard Steps, unmark checkbox. And click on Finish.

Click on Connection Test for this object and perform connection test for Connector, ICM & Web AS. And all tests should be successful.

6. Check Single Sign-On. Go to http://<server>:<port>/irj/portal

1. System Administration – Support- Application Integration and Session Management- Test and Configuration tools
2. Under Tool, Select Transaction and Click on run.
3. Under System, Select System that you created in step 5 and Enter any transaction code of your As ABAP system. And click on Go.
4. It should login to your backend As ABAP system without asking password.

By this way, Single Sign-On between your As ABAP and As Java system is configured.

In case, you face any problem during this test, then please refer to SAP note 495911 to activate trace and then analyze logs.

Cheers !!!