SSO configuration between SAP Portal 7.3 and ECC 6.0 Ehp 6
Initially when I wanted to work on SAP Portal 7.3 integration with SAP ECC 6.0 Ehp 6 ,I hardly could find material in SCN. There was a site in http://help.sap.com, but it did not had sufficient useful information with step by step Configuration (work instruction). So I thought to share in detail about the settings required for SSO between portal and ecc systems for this Blog.
In this blog, I am explaining about system object configuration in portal, SSO configuration from portal end. Just for understanding I have taken a Scenario, which I have stated below.
Generally many SAP systems will be there in the landscape like ECC,BW,SRM,CRM and Portal, then a single sign-on (SSO) environment can help to reduce the number of passwords that users have to remember in their daily routine life.
In the portal environment, SSO eases user interaction with the many systems, components, and applications available to the user. Once the user is authenticated to the portal, he or she can use the portal to access the different SAP systems without having to repeatedly enter his or her user information for authentication
1) Creation of System object in SAP Portal
System Object is a set of connection properties to represent an external or SAP systems (SAP ECC/SRM/BW) used to retrieve data into portal iViews.
Create System Object using Template. Choose system object template as per the requirement. In my case, I selected system template- SAP system using dedicated application server.
Enter System Name, System ID, Description
2) Add System alias on system object
3) Download certificate of Portal system through NW admin
4) To dowload certificate you need to select Ticketkeystore
5) Then click on export key button to get required certificate from portal server
6) You have import portal certificate into ECC server using Transaction -strustsso2. In the certificate area click on import certificate button (green color) then browse the file which you have downloaded earlier from Portal server. Then click on add to certificate list button after that click the button Add to ACL, here you need to provide SID of portal in system ID text field and 000 as client text field.
7) Add profile parameters in ECC server using RZ10, it is
a) login/create_sso2_ticket=2
b) login/accept_sso2_ticket=1
c) icm/host_name_full= <FQDN>
8) Check Single Sign-On. Go to http://<server>:<port>/irj/portal
a) System Administration – Support- Application Integration and Session Management- Test and Configuration tools
b) Under Tool, Select Transaction and Click on run.
c) Under System, Select System that you created earlier and Enter any transaction code SU3. And click on Go.
d) It should login to your backend As ABAP system without asking password.
9) Also you can verify it in system administration ,System configuration, System Landscape, then check the status
Excellent blog sir
Keep coming like these more.
Cheers 😉
Pradyp
Sir,
excellent information you provided related to portal in a simple way ....
Hi Rajesh,
Good document, Keep posting ....
It will give picture for Basis consultant also.
Nice Blog sir, you have explain this in a simple steps, keep posting blogs , this is very helpful for freshers like us
Thanks ,this is very informative.... 🙂
Hi - Unfortunately, this method did not work for us. Specifically, we received the "Cannot analyze certificate" STRUST000 error message in Step 6 when trying to import the portal certficate into the AS ABAP system using the STRUSTSSO2 transaction.
We were able to get SSO to work by creating a Trusted System in the Portal and then creating a corresponding SAP Logon Ticket Key Pair. We used the following link to blog which gave us the correct steps:
http://scn.sap.com/people/sunny.pahuja2/blog/2012/01/04/single-sign-on-with-sap-netweaver-73
Hello Sir,
I followed your steps for SSO configuration in portal. I logged into portal as admin and checked below link.
8.a) System Administration – Support- Application Integration and Session Management- Test and Configuration tools
I am not getting SAP Logical system name in System drop down.Please check my screen and give solution for this.
Hi Muthuraja,
For getting the SAP logical system name, first you need to create the systems in your portal than only these systems will reflect here.
Let me know for any other help.
Regards,
Raghav Rathor
Hi rathor
I am new in EP . and I know that My question is also simple, but give me simple steps to resolve it. "how can i create system in portal?"
OK, you can create the System objects again.
Cheers!!!
Raghav
Awesome blog !!! can you also please post how can we enable sso for SRM webservices to be consumed in a mobile application?
Magnificent blog.
A very Detail explanation which can be understandable by a NON- SAP guy too.
IS there an update for SAP Portal 7.40?
Cheers,
Dan Mead
Great blog. Thanks. I'm wondering if I need any additional licence for SSO using CommonCryptoLIB for this solution. Antonin
Hi
Thanks A lot Sir.
May Allah increase your life and you would be posting knowledge as same above.
regards,
sufiyan
Hi,
Just wanted to add the below guide that has a comprehensive analysis of any SSO issues, best practices and further troubleshooting recommendations:
<http://scn.sap.com/community/netweaver-administrator/blog/2015/03/19/common-single-sign-on-j2ee-to-abap-issues-solutions-and-further-troubleshooting>
_ _ _ _ _ _ _ __ _ _
Kind Regards,
Hemanth
SAP Product Support
_ _ _ _ _ _ _ _ _ _ _
Join me online: http://scn.sap.com/people/hemanth.kumar/content
Hi, thanks for sharing the knowledge.
I have a problem with sap-portal. In my company they have portal for some functionalities like PM-notifications (maintenance). I had to do a customization for the screen templates for the notification type (in my case type Z3) to remove the screen area (area 015). The problem is Portal because the customization does not apply. The screen area (015) still appears on the Portal screen.
What should I do to have the screen customization changes in Portal?
Are they two separate configurations? ERP and PORTAL
Thanks for your help in advance.
Nice blog