Skip to Content
SUP 2.0 onwards, we can setup Single sign on for Mobile Applications with SAP EIS backend. This blog will help beginner to quickly setup their SUP environment to enable SSO using SSO2 method.   *Prerequisites* Before we start we need following things: * SAP certificate of EIS system   *Installing and Configuring Certificates on Unwired Server* Use the Java keytool command to import SAP certificates into the Unwired Server truststore. 1. Shut down Unwired Server and all services. 2. Import the SAP system’s certificate into the Unwired Server truststore:  0.1. Open up a command window : <*Start*> -> <*Run*> and type “*cmd*” and click *OK*0.1.  then navigate to your java bin directory in the command window eg type “+cd C:\Program Files\Java\jre1.6.0_07\bin+” (This may be different to your setup) 0.1. Use Keytool command to add certificate to server’s trust store  0.2. keytool -importcert -keystore c:/Sybase/UnwiredPlatform/Servers/UnwiredServer/Repository/Security/truststore.jks -file C:\Temp\SAPBACKENDCERT.crt 0.3. When prompted for password  Enter keystore password: changeit 0.4. Trust this certificate? (no): y add certificate to server *Installing the SAP SSO2Token Files on Unwired Server Hosts* Unzip and install the contents of the latest SSO2Token zip file in all nodes of your Unwired Server cluster. This library is only required if you use single sign-on with SSO2 tokens *and* want to enable persisted token caching. 1. Go to the SAP Web site at http://service.sap.com/patches (http://service.sap.com/patches), select *Browse our Download Catalog*. 0.1. Select *Additional Components* and select *SAPSSOEXT*. 0.1. Select and download the latest *SAPSSOEXT* library for your platform. *Creating and Assigning a Security Configuration That Uses SSO2 Tokens* Create a new security configuration, assign the SAPSSOTokenLoginModule authentication provider to it, and assign the security configuration to an Unwired Server domain. The SAPSSOTokenLoginModule authentication provider supports SSO2 token logins to SAP systems through both JCo and DOE-C connections. You can assign security configurations to domains or packages. 1. Log in to Sybase Control Center. Navigate to and select *Security*. 0.1. Select the *General* tab, then *New*. 0.1. Name the secrurity configuration, for example SAPSSOSECADMIN, and click *OK*. 0.1. Select the *SAPSSOSECADMIN* security configuration. 0.1. Select the *Authentication* tab. 0.1. Click *New* and select *com.sybase.security.sap.SAPSSOTokenLoginModule* as the Authentication provider. Enter SAP server URL, certificate name, and password values appropriate for your SAP system and click *OK*. For example:0.1. SAP Server URL: http://sap-doe-vm1.sybase.com:8000/sap/bc/ping?sap-client=200 0.2. SAP Server Certificate: ${djc.home}/Repository/CSI/conf/SNCTEST.pse 0.3. //full path with server-specific environment variable set to root of imported SAP PSE certificate 0.4. SAP Server Certificate Password: password 0.5. *Note:* The SAP Server URL should match that of the deployed ESDMA.0.1. Select *com.sybase.security.core.NoSecLoginModule* and click *Delete*.0.1. Select the *General* tab, select *Validate* then *Apply*.0.1. Navigate to the domain to which you are assigning a security configuration, and select the *Security Configurations* tab.0.1. Click *Assign*,and select *SAPSSOSECADMIN* to assign the security configuration to the domain.0.1. Select the *Security Configurations* tab, and remove any other security configurations for the domain, if configured.I recommend to create a new domain with EIS server id, so that we can use SSO on this new domain and default domain can be still used for applications which use SUP LDAP for authentication. SAPSSOTokenLoginModule   *Configure SAP MBOs for SSO for SAP* Configure SAP MBOs so they can be used in device applications that implement SSO. To implement single sign-on for SAP in the development environment, you must: 0.1. Bind your MBO to the SAP data source or bind your MBO to a exposed BAPI. 0.2. *Propagate the client’s credentials to the back-end data source using the username and password personalization keys. *   MBO Runtime credentials
To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

  1. tulasidhar vasa
    Hi,

    I am trying to create crt file using Keytool.

    gave command like

    C:\Program Files\Java\jre6\bin>keytool -importcert -keystore C:/Sybase/UnwiredPlatform/Servers/UnwiredServer/Repository/Security/
    truststore.jks -file C:\SAPSSO\SAPBACKENDCERT.crt

    its showing following error.
    keytool error: java.io.FileNotFoundException: C:\SAPSSO\SAPBACKENDCERT.crt (The
    system cannot find the file specified)

    I could not able find out what was wrong. could you help on this regard.

    (0) 
    1. Nitesh Shelar Post author
      Make sure your certificate file exists at specified location:
      C:\SAPSSO\SAPBACKENDCERT.crt
      Make sure certificate file’s name is SAPBACKENDCERT.crt or change keytool command accordingly?
      (0) 

Leave a Reply