Skip to Content

Initially when I wanted to work on SAP Portal 7.3 integration with SAP ECC 6.0 Ehp 6 ,I hardly could find material in SCN. There was a site in http://help.sap.com, but it did not had sufficient useful information with step by step Configuration (work instruction). So I thought to share in detail about the settings required for SSO between portal and ecc systems for this Blog.

In this blog, I am explaining about system object configuration in portal, SSO configuration from portal end. Just for understanding I have taken a Scenario, which I have stated below.

Generally many SAP systems will be there in the landscape like ECC,BW,SRM,CRM and Portal, then a single sign-on (SSO) environment can help to reduce the number of passwords that users have to remember in their daily routine life.

In the portal environment, SSO eases user interaction with the many systems, components, and applications available to the user. Once the user is authenticated to the portal, he or she can use the portal to access the different SAP systems without having to repeatedly enter his or her user information for authentication

1) Creation of System object in SAP Portal

System Object is a set of connection properties to represent an external or SAP systems (SAP ECC/SRM/BW) used to retrieve data into portal iViews.

Create System Object using Template. Choose system object template as per the requirement. In my case, I selected system template- SAP system using dedicated application server.

Enter System Name, System ID, Description

connector.JPG

2) Add System alias on system object

System alias.JPG

3) Download certificate of Portal system through NW adminnwa.JPG

4) To dowload certificate you need to select Ticketkeystore

Ticket.JPG

5) Then click on export key button to get required certificate from portal server

certificate file.JPG

6) You have import portal certificate into ECC server using Transaction -strustsso2. In the certificate area click on import certificate button (green color) then browse the file which you have downloaded earlier from Portal server. Then click on add to certificate list button after that click the button Add to ACL, here you need to provide SID of portal in system ID text field and 000 as client text field.

strustsso2.JPG

7) Add profile parameters in ECC server using RZ10, it is

a) login/create_sso2_ticket=2

b) login/accept_sso2_ticket=1

c) icm/host_name_full= <FQDN>

Profile parameters.JPG

8) Check Single Sign-On. Go to http://<server>:<port>/irj/portal

a) System Administration – Support- Application Integration and Session Management- Test and Configuration tools

b) Under Tool, Select Transaction and Click on run.

c) Under System, Select System that you created earlier and Enter any transaction code SU3. And click on Go.

d) It should login to your backend As ABAP system without asking password.

support.JPG

9) Also you can verify it in system administration ,System configuration, System Landscape, then check the status

system status.JPG

To report this post you need to login first.

16 Comments

You must be Logged on to comment or reply to a post.

  1. Avinash Barat

    Hi – Unfortunately, this method did not work for us.  Specifically, we received the “Cannot analyze certificate” STRUST000 error message in Step 6 when trying to import the portal certficate into the AS ABAP system using the STRUSTSSO2 transaction.

    We were able to get SSO to work by creating a Trusted System in the Portal and then creating a corresponding SAP Logon Ticket Key Pair.  We used the following link to blog which gave us the correct steps:

    http://scn.sap.com/people/sunny.pahuja2/blog/2012/01/04/single-sign-on-with-sap-netweaver-73

    (0) 
  2. MUTHURAJA PERIYASAMY

    Hello Sir,

       I followed your steps for SSO configuration in portal. I logged into portal as admin and checked below link.

        8.a) System Administration – Support- Application Integration and Session Management-           Test and Configuration tools

    I am not getting SAP Logical system name in System drop down.Please check my screen and give solution for this./wp-content/uploads/2015/03/sso_661792.png


    (0) 
    1. Raghav Rathor

      Hi Muthuraja,

      For getting the SAP logical system name, first you need to create the systems in your portal than only these systems will reflect here.

      Let me know for any other help.

      Regards,

      Raghav Rathor

      (0) 
      1. Sufiyan Thakur

        Hi rathor

        I am new in EP . and I know that My question is also simple, but give me simple steps to resolve it. “how can i create system in portal?”

        (0) 
  3. Hemanth Kumar

    Hi,

    Just wanted to add the below guide that has a comprehensive analysis of any SSO issues, best practices and further troubleshooting recommendations:

    <http://scn.sap.com/community/netweaver-administrator/blog/2015/03/19/common-single-sign-on-j2ee-to-abap-issues-solutions-and-further-troubleshooting>

    _ _ _ _ _ _ _ __ _ _

    Kind Regards,

    Hemanth

    SAP Product Support

    _ _ _ _ _ _ _ _ _ _ _

    Join me online: http://scn.sap.com/people/hemanth.kumar/content

    (0) 

Leave a Reply