SAP Sourcing/EP SSO Configuration
SAP Sourcing/EP SSO Configuration
*SSO
configuration for same EP System(i.e. on which ESO is deployed)*
Pre-requisites before you start the SSO configuration
-
E-Sourcing release 5.1
-
User id’s between the Enterprise Portal and ESO are
identical.
-
Cookies are enabled within browser.
-
Internet browser must be IE6 or IE7 (also work fine
with firefox 3).
-
Jdk installed on Application server 1.4.2_*
Configuration on EP
0.1. Set the property in
visual admin or Configtool *“ume.logon.httponlycookie
= false”*
0.2. Restart java stack
0.3.
Check MySAPSSO2 Cookie value is retruned
in the browser
Configuration on ESO Application Server (This Step should be skipped if ESO patch is 07 or above)<br />
0.1.
Run ESO Configure tool from /<FCI_home>/bin!https://weblogs.sdn.sap.com/weblogs/images/252079302/Include_jar.JPG|height=158|alt=image|width=512|src=https://weblogs.sdn.sap.com/weblogs/images/252079302/Include_jar.JPG|border=0!
0.1.
Include custom JAR file “customauth.jar”
(Get it by raising OSS message)!https://weblogs.sdn.sap.com/weblogs/images/252079302/Customauth.JPG|height=82|alt=image|width=566|src=https://weblogs.sdn.sap.com/weblogs/images/252079302/Customauth.JPG|border=0!
0.1.
Regenrate EAR/WAR file
(Click on Install)0.1. Remove Fcsourcing
application from application server
0.2. Redeploy new Sourcing
EAR file on application Server
Configurationn on ESO Application
0.1.
Login with Enterprise user0.1.
Goto Directory Configuration0.1.
Click on Edit0.1.
Change “Driver” to “Basic”!https://weblogs.sdn.sap.com/weblogs/images/252079302/General_Dir_Info.JPG|height=176|alt=image|width=665|src=https://weblogs.sdn.sap.com/weblogs/images/252079302/General_Dir_Info.JPG|border=0!
0.1.
Enter authenticator Field “com.frictionless.security.auth.NetWeaverAuthenticator”!https://weblogs.sdn.sap.com/weblogs/images/252079302/driver_config.JPG|height=146|alt=image|width=671|src=https://weblogs.sdn.sap.com/weblogs/images/252079302/driver_config.JPG|border=0!</body>
Thanks for putting this up, am sure this will help a lot of people understand the end to end config elements of crafting the SSO.
Its short, sweet and communicates the message without getting lost into endless graffiti
Keep up the good work.
Cheers
Tridip
Thanks much Ankush.
Thanks for writing this much needed blog.
Lots of people are struggling with this SSO.
You have put a solution which is complex in nature in very simple and systematic steps.
Cheers,
Vaibhav
Thanks for this wonderful blog. Just what I was searching for.
Made the topic look so easy !!
Keep up the good work,
Poonam
This is simple and perfect solution, many people are strugging to find this solution.
Thanks for upgrading knowledge of entire community.
Thanks and Regards,
Pankaj Jadhav
we have requested file to SAP and they answer to us "If you are installing version 5.1 SP7 or higher you should not need any
.jar file for this implementation".
we have E-Sourcing version 5.1 SP08 and portal 7.0 EHP 1 SP6.
how is the process in this case?
I hope may you help us.
thank you very much.
Regards Juan.
Process will same as above, you can skip jar file upload step.
SAP has included same jar file from patch 07.
Regards
~Ankush
thanks. Best regards.
Thanks for the useful blog. I have a doubt here, My questions is, with the below configuration, can we do SSO between Portal and E-Sourcing.
Our landscape is,
1. E-Sourcing is deployed on JBoss Application stack
2. E-Sourcing version eSO 5.1 SP08
3. Portal is on EHP1 SP06
While following the blog, Can we skip the Driver Configuration --> Authenticator Field. Will this work, because "com.frictionless.security.auth.NetWeaverAuthenticator", seems to be a custom Jar File.
Kindly let us know and help on the same.
Regards,
Souza.
Above configuration is valid only for..ESO deployed on same portal.
In your case...you can follow the steps provided in the guide..as ESO is deployed on jboss and EP is on different server.
Do not maintain ext_login_page property in this configuration also.
~Ankush
can anybody guide me that how to rever the above changes. i did according to above steps. but it is not working. so i need to rever back it now.
please help.
To revert the changes..follow the steps below
1) Login with "Enterprise" user ID
2) Goto Directory configuration
3) Make driver to "Local"
4) Make authentication field blank.
It will revert all your settings done for SSO.
~Ankush
To revert the changes..follow the steps below
1) Login with "Enterprise" user ID
2) Goto Directory configuration
3) Make driver to "Local"
4) Make authentication field blank.
It will revert all your settings done for SSO.
~Ankush
it is not allowing me to login to e-sourcing application. it is redirecting to portal link.
Please suggest.
Regards,
Mahendra
I guess you have maintain *ext_login_page* property.
Please call me. I need to have better understanding what exactly you have done.
~Ankush
Thanks for the useful blog. We have problem and we are stuck up since long with out any help.
We are trying to integrate E-Sourcing(Running in JBOSS) in Enterprise Portal. We have followed the below steps:
1. Deploy the E-SOURCING SINGLE-SIGN-ON SCA file
2. Import/Export the Certificate in SAP CLM
3. Import the NetWeaver certificate for the specific system into the SAP E-Sourcing server key store
4. Activate SSO in SAP CLM
5. To configure the local buy-side (internal) directory to activate the SSO, launch SAP E-Sourcing and did Directory Configuration.
6. In the Authenticator field, we put com.frictionless.usermgmt.security.ExtSAPNetWeaverAuthentication
8. Changed bypass_error_block to TRUE.
9. Configured ext_login_page according to the given format.
We have the below problem:
1. When we try to login into portal, we are redirected to e-sourcing page, where it asks us for username and password.
2. At the same time, when we are unable try to login directly into E-sourcing to0.
We are not sure, what is missing, where to check and completly clue less.
Kindly help us on this.
Thanks in Advance.
Regards,
Venkatesh
Please provide me following details
1. JDK version you are using for ESO/CLM,
2. ESO/CLM version
3. JDK version for EP
Mark me a mail. will revert you soon
Regards
~Ankush
If i have SAP EP on a SAP WebApplication server A. and SAP ESO on other SAP WebApplication server B. then what all steps will be different for SSO configuration?
Regards,
Ashish Shah
Please let me know your OS, jdk and ESO versions
Mark me a mail...I will revert you soon.
Regards
Ankush Mittal
In my system I configure the driver authenticator as: com.frictionless.usermgmt.security.ExtSAPNetWeaverAuthentication
Nothing was working everytime I tried to set thi up until I found that you have to restart the fcsourcing application in visual admin or restart the whole j2ee admin.
After the restart. everything start to work perfectly.
This was my 2 cents
Andre Lachapelle
We have configured SSO between E-Sourcing with Portal. We are having problem with some userids.
Configuration:
1. E-Sourcing is deployed on JBoss Application stack
2. E-Sourcing version eSO 5.1 SP08
3. Portal is at version 7.0 EHP1 SP6
We are facing problem in SSO with few userids. Below is the case:
1. ESO --> User exists with UPPER CASE, where as in AD it is in LOWER CASE:
2. ESO --> everything is fine, if ESO=AD=Lowercase.
we tried the below settings,
SETUP SYSTEM PROPERTY upp.extservletauthenticator.username_regex
s/\S+\\(\S+)/\L$1/
but nothing worked.
Any solution or ideas are most welcome.
Regards,
Venkatesh
I am trying to create SSO between Non-Java application and E sourcing Application.Can you please help me to provide any resources in this respect.