1. Log in to you SAP GUI and run the transaction STRUST.

Select the SNC note and download the SAP ECC Systems Certificate

Export the file by clicking on “Export Certificate”, click on “Base 64” to save the certificate file on a directory and copy the same on the SMP Server Console


2. Import certificate in key store

Once you have the certificate file exported, log in to the SMP Server Console and copy this file on that machine. Download Portecle from this site. We will use Portecle to import the above exported certificate into our SMP Key Store. Once downloaded , launch Portecle(its just a jar file so no need for installation) and open the SMP Keystore file.

File–>Open KeyStore File

Go the SMP KeyStore path. Its located in ~Installation Directory/SAP/MobilePlatform3/Server/configuration with the name smp_keystore.jks. It will prompt you for a password. Give the password that you used during installation of SMP Server or use the default password changeit.

Once you log in you would see something like this.

Go to Tools–>Import Trusted Certificate to import the SAP ECC Certificate we exported using STRUST.

Click on Import. It will show you the details of the certificate and then click on Next. Give an Alias for the Certificate and click on Finish.

So we have added the SAP ECC Certificate to SMP Key Store.

3. Create Backend Authentication

Enter the gateway URL and set the SSO Mechanisms as SSO2.

4. Create Authentication Profile

Next Thing that we would be doing is to configure an Application on Management Cockpit and then give it an Authentication Mechanism.

Login to the Management Cockpit using http://localhost:8083/Admin

Click on the Settings Tab and click Security Profiles

Click on New to create a new Security Profile.

We will name it as SAP_SSO2

Give the Authentication Provider as HTTP/HTTPS Authentication and provide the same URL that we used while defining the Gateway Destination

For the Cookie Name give it as MYSAPSSO2

Click Save to save this security Config. We will assign the same security config to our application connection.

Create a new application connection by clicking on new under the Application Tab

Under Backend Connection give the URL of the Service Document of your Deployed Application on Gateway.

It would be something like http://localhost:8060/sap/opu/odata/sap/ZTEST_NEW_CRV_SRV/ Check the Internal checkbox.

Go to the Authentication Tab and Select the authentication mechanism we just created SAP_SSO2

Click on Save to save all the configuration.

Now we are all done with our configuration.

5. Testing

You can use the Advanced Rest Client Extension of Google Chrome for this. You can use any other rest client for this purpose.

Go the the rest client and give the url for registration of user

URL : http://<hostaddress>:8080/odata/applications/latest/<applicationid we created>/Connections

Give the Headers

Content Type : application/xml

Operation : POST

And post this under the Request Body

<?xml version=’1.0′ encoding=’utf-8′?>

<entry xmlns=”http://www.w3.org/2005/Atom



     <title type=”text”/>






     <content type=”application/xml”>



     <d:DeviceModel m:null=”true” />




It should look something like this

Click on Send to post it. It will prompt you for credentials. Give the credentials to authenticate you against the URL that we configured for the security configuation. It will return with a status 201 which will create your user in Admin cockpit. You can check it against the application id that you should now have one registration.

Things to note are the cookies that are returned back. We have a cookie by the name X-SMP-APPCID.

Next we will test if we can now retrieve the data against that user to check if SSO is configured and SAP Returns on data for this user

With the same Rest Client give the below addres

URL : http://localhost:8080/<applicationid>/<AnyEntitySet>

In the header specify the cookie

X-SMP-APPCID and the value you got from the previous registration call

Operation : GET

Note : user GET if you entityset is used for reading operation. If there is a post operation involved you would also need an additional token of x-csrf-token.

Click on Send and you should receive Data for that particular user itself.

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply