Skip to Content
Author's profile photo Former Member

SSO configuration between SAP Portal 7.3 and ECC 6.0 Ehp 6

Initially when I wanted to work on SAP Portal 7.3 integration with SAP ECC 6.0 Ehp 6 ,I hardly could find material in SCN. There was a site in http://help.sap.com, but it did not had sufficient useful information with step by step Configuration (work instruction). So I thought to share in detail about the settings required for SSO between portal and ecc systems for this Blog.

In this blog, I am explaining about system object configuration in portal, SSO configuration from portal end. Just for understanding I have taken a Scenario, which I have stated below.

Generally many SAP systems will be there in the landscape like ECC,BW,SRM,CRM and Portal, then a single sign-on (SSO) environment can help to reduce the number of passwords that users have to remember in their daily routine life.

In the portal environment, SSO eases user interaction with the many systems, components, and applications available to the user. Once the user is authenticated to the portal, he or she can use the portal to access the different SAP systems without having to repeatedly enter his or her user information for authentication

1) Creation of System object in SAP Portal

System Object is a set of connection properties to represent an external or SAP systems (SAP ECC/SRM/BW) used to retrieve data into portal iViews.

Create System Object using Template. Choose system object template as per the requirement. In my case, I selected system template- SAP system using dedicated application server.

Enter System Name, System ID, Description

connector.JPG

2) Add System alias on system object

System alias.JPG

3) Download certificate of Portal system through NW adminnwa.JPG

4) To dowload certificate you need to select Ticketkeystore

Ticket.JPG

5) Then click on export key button to get required certificate from portal server

certificate file.JPG

6) You have import portal certificate into ECC server using Transaction -strustsso2. In the certificate area click on import certificate button (green color) then browse the file which you have downloaded earlier from Portal server. Then click on add to certificate list button after that click the button Add to ACL, here you need to provide SID of portal in system ID text field and 000 as client text field.

strustsso2.JPG

7) Add profile parameters in ECC server using RZ10, it is

a) login/create_sso2_ticket=2

b) login/accept_sso2_ticket=1

c) icm/host_name_full= <FQDN>

Profile parameters.JPG

8) Check Single Sign-On. Go to http://<server>:<port>/irj/portal

a) System Administration – Support- Application Integration and Session Management- Test and Configuration tools

b) Under Tool, Select Transaction and Click on run.

c) Under System, Select System that you created earlier and Enter any transaction code SU3. And click on Go.

d) It should login to your backend As ABAP system without asking password.

support.JPG

9) Also you can verify it in system administration ,System configuration, System Landscape, then check the status

system status.JPG

Assigned Tags

      18 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Excellent blog sir

      Keep coming like these more.

      Cheers 😉

      Pradyp

      Author's profile photo Former Member
      Former Member

      Sir,

      excellent information you provided related to portal in a simple way ....

      Author's profile photo Former Member
      Former Member

      Hi Rajesh,

      Good document, Keep posting ....

      It will give picture for Basis consultant also.

      Author's profile photo Raghav Rathor
      Raghav Rathor

      Nice Blog sir, you have explain this in a simple steps, keep posting blogs , this is very helpful for freshers like us

      Author's profile photo Former Member
      Former Member

      Thanks ,this is very informative.... 🙂

      Author's profile photo Avinash Barat
      Avinash Barat

      Hi - Unfortunately, this method did not work for us.  Specifically, we received the "Cannot analyze certificate" STRUST000 error message in Step 6 when trying to import the portal certficate into the AS ABAP system using the STRUSTSSO2 transaction.

      We were able to get SSO to work by creating a Trusted System in the Portal and then creating a corresponding SAP Logon Ticket Key Pair.  We used the following link to blog which gave us the correct steps:

      http://scn.sap.com/people/sunny.pahuja2/blog/2012/01/04/single-sign-on-with-sap-netweaver-73

      Author's profile photo Former Member
      Former Member

      Hello Sir,

         I followed your steps for SSO configuration in portal. I logged into portal as admin and checked below link.

          8.a) System Administration – Support- Application Integration and Session Management-           Test and Configuration tools

      I am not getting SAP Logical system name in System drop down.Please check my screen and give solution for this./wp-content/uploads/2015/03/sso_661792.png


      Author's profile photo Raghav Rathor
      Raghav Rathor

      Hi Muthuraja,

      For getting the SAP logical system name, first you need to create the systems in your portal than only these systems will reflect here.

      Let me know for any other help.

      Regards,

      Raghav Rathor

      Author's profile photo Former Member
      Former Member

      Hi rathor

      I am new in EP . and I know that My question is also simple, but give me simple steps to resolve it. "how can i create system in portal?"

      Author's profile photo Raghav Rathor
      Raghav Rathor

      OK, you can create the System objects again.

      Cheers!!!

      Raghav 

      Author's profile photo Former Member
      Former Member

      Awesome blog !!! can you also please post how can we enable sso for SRM webservices to be consumed in a mobile application?

      Author's profile photo Former Member
      Former Member

      Magnificent blog.

      A very Detail explanation which can be understandable by a NON- SAP guy too.

      Author's profile photo Former Member
      Former Member

      IS there an update for SAP Portal 7.40?

      Cheers,

      Dan Mead

      Author's profile photo Antonin Cihlar
      Antonin Cihlar

      Great blog. Thanks. I'm wondering if I need any additional licence for SSO using CommonCryptoLIB for this solution. Antonin

      Author's profile photo Former Member
      Former Member

      Hi

      Thanks A lot Sir.

      May Allah increase your life and you would be posting knowledge as same above.

      regards,

      sufiyan

      Author's profile photo Hemanth Kumar
      Hemanth Kumar

      Hi,

      Just wanted to add the below guide that has a comprehensive analysis of any SSO issues, best practices and further troubleshooting recommendations:

      <http://scn.sap.com/community/netweaver-administrator/blog/2015/03/19/common-single-sign-on-j2ee-to-abap-issues-solutions-and-further-troubleshooting>

      _ _ _ _ _ _ _ __ _ _

      Kind Regards,

      Hemanth

      SAP Product Support

      _ _ _ _ _ _ _ _ _ _ _

      Join me online: http://scn.sap.com/people/hemanth.kumar/content

      Author's profile photo Andres Morales
      Andres Morales

      Hi, thanks for sharing the knowledge.

      I have a problem with sap-portal. In my company they have portal for some functionalities like PM-notifications (maintenance). I had to do a customization for the screen templates for the notification type (in my case type Z3) to remove the screen area (area 015). The problem is Portal because the customization does not apply. The screen area (015) still appears on the Portal screen.

      What should I do to have the screen customization changes in Portal?

      Are they two separate configurations? ERP and PORTAL

      Thanks for your help in advance.

      Author's profile photo Solution Manager
      Solution Manager

      Nice blog