Purpose: Set up Single Sign- On between SAP NW ABAP and Java Application Systems.
Prerequisites: Set the following parameters in instance profile:
i. login/create_sso2_ticket = 2
ii. login/accept_sso2_ticket = 1
Export Portal Private Certificate (JAVA AS) from Visual Administrator
Choose Server –> Services –> KeyStorage –> TicketKeystore
Import Portal Private Certificate into backend ABAP AS system.
Execute transaction STRUSTSSO2 in client 000
Choose System PSE from left navigation and Certificate–> Import
Specify the location of portal private certificate where you saved it in step 2
Click button “Add to Certificate List” button (Button in the Certificate box) to add the portal certificate to Certificate list
Then click “Add to ACL” button to add the certificate in Access Control List. Click SAVE
Note: We have to perform above in production client, example 100, otherwise SSO won’t work
Once it’s added to ACL, you should be able to see the entry in Login Ticket box as shown in the screenshot
Note: System ID must be Java Portal SID and client must be 000 always for Java system
Export the backend ABAP private certificate and import into Java Portal System
Execute transaction STRUSTSSO2 in client 000. Choose System PSE from left navigation and double click the Owner Certificate and choose Certificate –> Export to save the certificate with .crt extension.
Log into Visual Administrator Choose Server –> Services –> KeyStorage –> TicketKeystore and click Load button and choose the ABAP owner certificate.
Make an entry of Backend System in “ACL” in the Portal
Choose Server –> Services –> Security Provider –> Ticket
Go to change mode, select com.sap.security.core.server.jaas.EvaluateTicketLoginModule and click on Modify button.
Add the following if does not exist already:
ume.configuration.active = true
trustedsys<n>= <ABAP SID>, <Prod. Client>
trustediss<n>= CN=<ABAP SID>
trusteddn<n>= CN=<ABAP SID>
Note: One set for client 000 and other one for production client.