When you open the PI start page and click 'Enterprise Services Builder', and logon.
And then there is a logon window again.
I'm tired of it. Why not Single Sign-On? Just follow the steps to make it happen.
Modify Instance Profile
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 2
icm/host_name_full = hostname.domain
Add Login Module to J2EE Engine
NetWeaver Administrator, Configuration Management, Security, Authentication:
Click Edit, add EvaluateTicketLoginModule and save.
Change Authentication template for the Web components
NetWeaver Administrator, Configuration Management, Security, Authentication:
Select each component and change the referenced authentication template from basic to ticket.
- sap.com/com.sap.xi.repository*rep
- sap.com/com.sap.xi.directory*dir
- sap.com/com.sap.xi.services*run
- sap.com/com.sap.xi.mdt2*mdt
- sap.com/com.sap.xi.rwb*rwb
- sap.com/com.sap.lcr*sld
- sap.com/com.sap.aii.ib.rprof.app*exchangeProfile
- sap.com/com.sap.aii.af.app*AdapterFramework
Modify PI Exchange Profile
Note: After changed the Exchange Profile, you don't need to restart system for PI 7.1.
Application like Alert Configuration in Runtime Workbench is based on the ABAP application server. We need to configure sso between ABAP AS and J2EE stack. There are some additional steps:
- Export ABAP certification, and import it to J2EE.
- Export Java certification, and import it to ABAP.
NetWeaver Administrator, Configuration Management, Security, Certificates and Keys:
At last, restart the PI system and SSO will work.
If you didn't change the instance profile, and didn't perform the additional steps, SSO will become effective immediately, without restart. I have double check in my systems, you can trust me.