Skip to Content
Author's profile photo Former Member

Enabling cookie based SSO Authentication for BEP (Exposed as OData services) using integration gateway in SMP 3.0

Use Case:

To access SAP Gateway exposed services via SMP 3.0 using SSO Cookie based authentication


SAP Gateway system is capable of handling cookies eg: MYSAPSSO2

Steps to Create MYSAPSSO2 Scenario

I) Enable SMP to access the backend https url:

  1. Open File->Open Keystor fFile in portecle
    Tool and go the Location where the smp_keystore.jks file is Located. i.e. SMP
    server->Configurations  and click ok to open the
    Keystore.jks, Password for the keystore is “changeit”.


   2)  Go to Tools-> Import Trusted Certificate
and select the Back End System’s Certificate from your system and click on


   3)  Click on the ok and yes buttons as shown below.



4) Enter the Alias Name for the
Certificate which is getting imported

5) Save the Keystore in the
portecle Tools once the certificate is imported. Otherwise the imported
certificate will not be Reflected in SMP server’s Configurations.


II) SMP Gateway Cockpit Steps:

  1. Log on to the SMP Admin Cockpit https://<host>:8083/gateway/cockpit and go to the Destinations-> New

           Provide the Destination Name, select destination type as HTTP, provide Destination URL, and Select Authentication
      Type as SSO Mechanism


Click on Add button to select from various SSO Mechanisms.

Select Technical User(Basic) authentication as authentication mechanism,
and click on Save button.


Different SSO Mechanisms at the Gateway cockpit is mainly used to test the destination connection and to initially test
the services in the cockpit.

The security profile created at the SMP Admin will overwrite the destination configurations created at the gateway

In a productive scenario we need to consume the services exposed in gateway cockpit through SMP.

For different SSO Mechanisms refer to the link

Once the destination is created, in the https://<host>:8083/gateway/cockpit Click on register button,
provide the destination created and search for the service required to be



   With this we have registered the service in gateway cockpit. If we need to access this service by cookie based SSO
mechanism through SMP follow the steps mentioned in the next section.

III) SMP ADMIN Cockpit Steps

1. Log on to the SMP Admin Cockpit https://<host>:8083/Admin and go to the Settings-> Security
Profile tab.

2.  Create a security profile with HTTP/HTTPS Authentication and provide the URL of the Back end System from where odata
service is hosted and MYSAPSSO2 Cookie is enabled. Click on Save as Shown Below.



3. In the SMP Admin Cockpit https://<host>:8083/Admin create the application for the service

document url exposed in gateway cockpit as shown in screen shots below:



Provide the odata service exposed through gateway cockpit, and mark the service as internal.



Once this is done, application is ready to be consumed.

IV) Onboarding through REST CLIENT

Onboard to the created application in the REST client/Mobile Application though a

     Onboarding URL:


          http://<host>:8080/odata/applications/latest/<application id created in SMP>/Connections     

     Onboarding Headers:

          Content-Type: application/xml

          x-smp-appcid: <application1>

     Onboarding Post Body:

     <?xml version=’1.0′ encoding=’utf-8′?>

     <entry xmlns=”



     <title type=”text”/>






     <content type=”application/xml”>



     <d:DeviceModel m:null=”true” />





     Onboarding Operation: POST

          While onboarding it will initially ask for the user details, and for the subsequent requests it will use the Cookie we have configured.

After onboarding the entities of the application can be accessed via the url

http://<host>:8080/ <application id created in SMP>/<entites>


  Content-Type: application/xml

  x-smp-appcid: <application1>


Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Rakshit Doshi
      Rakshit Doshi

      Dear Suma,

      I tried your blog post but it doesnt seem to work the way it is expected to work.

      You mentioned that in the gateway cockpit we need to configure it as Technical User(Basic) under SSO Mechanism but we have to enter the value of a valid user over there.

      The request we make from the Rest client on any of the entities doesnt go thru the user we pass. It brings data for the user that is configured in the destination.

      Can you please add some more screenshots on how you got it working.


      Rakshit Doshi