how to configure sso between abap and portal
DESCRIPTION
SSO Configuration ABAP and PortalTRANSCRIPT
![Page 1: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/1.jpg)
How to configure SSO between ABAP and portal, Create an iview, open ABAP GUI using portal
ABAP-JAVA SSO Configuration &LDAP Authentication to ABAP using portal
ContentsABG BSLI SSO Configuration
SAP Server details
SAP System installation
Configure portal
Direct iview links to open the SAP system based on the AD user ID and password
Unlocking users on Java
Starting/Stopping server
![Page 2: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/2.jpg)
Scenario We have an existing ERP system where users login with their current SAP ID and password. They would like to be able to login with their LDAP ID and password to SAP, however, would like the password to be provided at least once. Hence they do not want an SSO using SNC or windows authentication.
SolutionSince the SSO shouldn’t happen and they should still be able to logon with their LDAP ID and password. One of the solution is to have a Portal installed where users can use their LDAP ID and password to logon and configure SSO between Portal and ABAP server. So the solution steps are as below –
1) Install Java engine/Portal2) Configure portal to be authenticated using LDAP (e.g. LDAP UME datasource
configuration)3) Configure SSO between ABAP and Portal4) Create Iviews to call ABAP Gui5) Provide link to users to access ABAP Gui while providing their LDAP ID and
password on the portal.
Portal installation (Windows/SQL Server)
1) Install SQL Server E:Software51044827x86-x64-IA64EnterpriseEdition execute setup.exe
![Page 3: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/3.jpg)
Complete pre-requisite check -
Provide Product key - GYF3T-H2V88-XXXXX-XXXXX-QRTYB
![Page 4: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/4.jpg)
![Page 5: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/5.jpg)
![Page 6: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/6.jpg)
![Page 7: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/7.jpg)
![Page 8: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/8.jpg)
2) Install Portal
![Page 9: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/9.jpg)
![Page 10: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/10.jpg)
![Page 11: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/11.jpg)
![Page 12: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/12.jpg)
Swap size should be of at least 20 GB
![Page 13: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/13.jpg)
Changed the swap size
![Page 14: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/14.jpg)
![Page 15: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/15.jpg)
![Page 16: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/16.jpg)
![Page 17: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/17.jpg)
![Page 18: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/18.jpg)
Password set to - pass1234
![Page 19: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/19.jpg)
![Page 20: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/20.jpg)
![Page 21: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/21.jpg)
![Page 22: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/22.jpg)
![Page 23: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/23.jpg)
![Page 24: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/24.jpg)
![Page 25: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/25.jpg)
![Page 26: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/26.jpg)
Password is set to - pass1234!
![Page 27: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/27.jpg)
![Page 28: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/28.jpg)
![Page 29: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/29.jpg)
Configure portal
Configure the UME –Open url –http://XXXXX:50000/useradmin
And click on the configuration button and set the values as per the screenshot below –
![Page 30: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/30.jpg)
![Page 31: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/31.jpg)
Create System under system management –
1) Start the wizard
2) Provide necessary values to the wizard and continue
![Page 32: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/32.jpg)
![Page 33: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/33.jpg)
Create Necessary iviews –
![Page 34: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/34.jpg)
1) Start the iview
wizard
2) Provide the system details and the transaction details and click go –
![Page 35: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/35.jpg)
3) Choose the transaction and click on “start upload” –
4) Click Finish upon successful upload –
5) Change the ID of object as per the required naming convention – here AXD_SYSTEM_SHORT
![Page 36: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/36.jpg)
Click Next on the ID change wizard
Provide the required details and click Finish –
![Page 37: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/37.jpg)
6) The iView is renamed as required –
Set the permissions for system and iviews –
1) Uner the permissions section of all the above created obejcts, add additional role “everyone” as per the screenshots below –
![Page 38: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/38.jpg)
![Page 39: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/39.jpg)
Configure ABAP & Java System Certificates –
1) Logon to Netweavar administrator using url – http://XXXX.com:50000/nwa
2) Under configuration tab choose “Certification and Keys”
3) Choose “TicketKeystore”
4) Choose Certificate pair and click
export
5) Download the file to desired location
![Page 40: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/40.jpg)
6) Export ABAP certificatie by logging on to 000 client and running transaction code Strustsso2
7) Choose the system certificate and click export
8) Save the file to desired locaiton
![Page 41: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/41.jpg)
9) Import the Java certificate by choosing the file
10) Add the Java certificate to certificate list and ACL by clicking the respective
buttons -
![Page 42: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/42.jpg)
11) Add the Java certificate to ACL in other clients e.g. 100, 110, 120
![Page 43: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/43.jpg)
12) Import ABAP Certificate into Java system under Configuration -> Certificate & Keys -> Ticket Store
Direct iview links to open the SAP system based on the AD user ID and password Sample -http://XXXXXX:50000/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fXXX!
2fSESSION_MANAGER_AXD_SHORT?sap-config-mode=true
![Page 44: How to Configure SSO Between ABAP and Portal](https://reader034.vdocument.in/reader034/viewer/2022052209/577cc1971a28aba71193642d/html5/thumbnails/44.jpg)
Portal Side: dowload certificate you need to select from Ticketkeystore by login to SAP Netweaver Administrator
ABAP Side : Create SNC SAPCryptolib PSE with STRUST TCode in 000 ClientUpdate below profile paramterslogin/create_sso2_ticket=2login/accept_sso2_ticket=1icm/host_name_full=
Check Single Sign-On. Go to http://:/irj/portal
Click on System Administration �> Support ->Application Integration and Session Management -> Test and Configuration tools
Click on Tool -> Select Transaction and Click on run
Click System -> Select System that you created earlier and Enter any transaction code it should display ABAP Screen