When you open the PI start page and click 'Enterprise Services Builder', and logon.

And then there is a logon window again.

I'm tired of it. Why not Single Sign-On? Just follow the steps to make it happen.

Modify Instance Profile

login/accept_sso2_ticket = 1

login/create_sso2_ticket = 2

icm/host_name_full = hostname.domain

Add Login Module to J2EE Engine

NetWeaver Administrator, Configuration Management, Security, Authentication:

Click Edit, add EvaluateTicketLoginModule and save.

Change Authentication template for the Web components

NetWeaver Administrator, Configuration Management, Security, Authentication:

Select each component and change the referenced authentication template from basic to ticket.

• sap.com/com.sap.xi.repository*rep
• sap.com/com.sap.xi.directory*dir
• sap.com/com.sap.xi.services*run
• sap.com/com.sap.xi.mdt2*mdt
• sap.com/com.sap.xi.rwb*rwb
• sap.com/com.sap.lcr*sld
• sap.com/com.sap.aii.ib.rprof.app*exchangeProfile
• sap.com/com.sap.aii.af.app*AdapterFramework

Modify PI Exchange Profile 

Note: After changed the Exchange Profile, you don't need to restart system for PI 7.1.

Application like Alert Configuration  in Runtime Workbench is based on the ABAP application server. We need to configure sso between ABAP AS and J2EE stack. There are some additional steps:

1. Export ABAP certification, and import it to J2EE.
2. Export Java certification, and import it to ABAP.

NetWeaver Administrator, Configuration Management, Security, Certificates and Keys: 

At last, restart the PI system and SSO will work. 

If you didn't change the instance profile, and didn't perform the additional steps, SSO will become effective immediately, without restart. I have double check in my systems, you can trust me.