SAPSSO2 For SMP 3.0
- Log in to you SAP GUI and run the transaction STRUST.
Select the SNC note and download the SAP ECC Systems Certificate
Export the file by clicking on “Export Certificate”, click on “Base 64” to save the certificate file on a directory and copy the same on the SMP Server Console
2. Import certificate in key store
Once you have the certificate file exported, log in to the SMP Server Console and copy this file on that machine. Download Portecle from this site. We will use Portecle to import the above exported certificate into our SMP Key Store. Once downloaded , launch Portecle(its just a jar file so no need for installation) and open the SMP Keystore file.
File–>Open KeyStore File
Go the SMP KeyStore path. Its located in ~Installation Directory/SAP/MobilePlatform3/Server/configuration with the name smp_keystore.jks. It will prompt you for a password. Give the password that you used during installation of SMP Server or use the default password changeit.
Once you log in you would see something like this.
Go to Tools–>Import Trusted Certificate to import the SAP ECC Certificate we exported using STRUST.
Click on Import. It will show you the details of the certificate and then click on Next. Give an Alias for the Certificate and click on Finish.
So we have added the SAP ECC Certificate to SMP Key Store.
3. Create Backend Authentication
Enter the gateway URL and set the SSO Mechanisms as SSO2.
4. Create Authentication Profile
Next Thing that we would be doing is to configure an Application on Management Cockpit and then give it an Authentication Mechanism.
Login to the Management Cockpit using http://localhost:8083/Admin
Click on the Settings Tab and click Security Profiles
Click on New to create a new Security Profile.
We will name it as SAP_SSO2
Give the Authentication Provider as HTTP/HTTPS Authentication and provide the same URL that we used while defining the Gateway Destination
For the Cookie Name give it as MYSAPSSO2
Click Save to save this security Config. We will assign the same security config to our application connection.
Create a new application connection by clicking on new under the Application Tab
Under Backend Connection give the URL of the Service Document of your Deployed Application on Gateway.
It would be something like http://localhost:8060/sap/opu/odata/sap/ZTEST_NEW_CRV_SRV/ Check the Internal checkbox.
Go to the Authentication Tab and Select the authentication mechanism we just created SAP_SSO2
Click on Save to save all the configuration.
Now we are all done with our configuration.
You can use the Advanced Rest Client Extension of Google Chrome for this. You can use any other rest client for this purpose.
Go the the rest client and give the url for registration of user
URL : http://<hostaddress>:8080/odata/applications/latest/<applicationid we created>/Connections
Give the Headers
Content Type : application/xml
Operation : POST
And post this under the Request Body
<?xml version=’1.0′ encoding=’utf-8′?>
<d:DeviceModel m:null=”true” />
It should look something like this
Click on Send to post it. It will prompt you for credentials. Give the credentials to authenticate you against the URL that we configured for the security configuation. It will return with a status 201 which will create your user in Admin cockpit. You can check it against the application id that you should now have one registration.
Things to note are the cookies that are returned back. We have a cookie by the name X-SMP-APPCID.
Next we will test if we can now retrieve the data against that user to check if SSO is configured and SAP Returns on data for this user
With the same Rest Client give the below addres
URL : http://localhost:8080/<applicationid>/<AnyEntitySet>
In the header specify the cookie
X-SMP-APPCID and the value you got from the previous registration call
Operation : GET
Note : user GET if you entityset is used for reading operation. If there is a post operation involved you would also need an additional token of x-csrf-token.
Click on Send and you should receive Data for that particular user itself.