Pages

Thursday, May 14, 2020

Configure the SSO based Authentication between Netweaver Portal and ABAP System


Procedure :


1.  Update the system parameter in Instance Profile / Default Profile in RZ10

                      icm/host_name_full = <FQDN>
                      login/accept_sso2_ticket = 1
                      login/create_sso2_ticket = 2


2. Create user in Netweaver Portal and ABAP system with same name and admin authorization

             ABAP:
                    Username : admin
                     Profile : SAP_ALL and SAP_NEW


             Netweaver Portal :
                     Username : admin
                     Assigned Roles : Super Admin , NWA Admin. Content Administrator
                     Assigned Groups: Administrator


3. Download  the system pse of the Portal and ABAP System

          ABAP:
                   Tcode : STRUSTSSO2
                   Download Path:
                   System PSE --> Own Certificate --> Export Certificate -> Save As (base64) ABAP.cert

           Netweaver Portal :
                   Path : NWA --> Configuration --> Security --> Certificates and Keys --> Key Storage (TicketKeyStore)
                   Select SAPLogonTicketKeypair-cert --> Export -->Select Export format (base64) --> Click Download

4. Import the downloaded certificates of ABAP  and Portal

         ABAP :
                 Tcode : STRUSTSSO2
                 Import Path: Certificate --> Import certificate -> Select Certificate (SAPLogonTicketKeypair-cert) --> Add to Certificate list and Add to ACL --> Give Client 000 and SID of Portal --> Save
                 
         Netweaver Portal :
                  Path : NWA --> Configuration --> Security --> Certificates and Keys --> Key Storage (TicketKeyStore)
                   Click Import --> Select 509.X --> Select ABAP.cert --> Import

5. Add ABAP Certificate to Trusted System

         Netweaver Portal :
                 Path : NWA --> Configuration --> Security --> Trusted System --> Add Trusted System --> By Uploading Certificate Manually
                 Import the ABAP Certificate and give the ABAP System Client

6. Create the Backend Entry in System Landcape of Portal

          Netweaver Portal:
                 Path : System Administration --> System Landscape --> System Landscape Overview
               
                Create the Backend System Entry :
   
                 New --> SAP System Using Dedicated Application Server
                 SYSTEM NAME: <SID>CLNT<ClientNO>
                 ADD Alias : <AID>CLNT<ClientNO> --> Finish
             
                 Configure the Backend System :
                 Choose System Alias --> Configure --> Modify Properties


                 Connector
                          Application Host : FQDN of ABAP
                          Gateway Host : FQDN of ABAP
                          Gateway Service : Gateway Service Port of ABAP
                          Logical System Name : <SID>CLNT<ClientNo>
                          SAP Client : ABAP Productive Client
                          SAP System ID (SID) : ABAP SID
                          SAP System Number : ABAP Instance No.
                          Server Port : ABAP Message Server port
                          System Type : SAP_R3

                 Information
                         System Name : <SYSTEM ALIAS>

                 Internet Transaction Server (ITS)
                          ITS Description : ABAP ITS
                          ITS Host Name : <ABAP FQDN>:<ICM PORT>
                          ITS Path : /sap/bc/gui/sap/its/webgui
                          ITS Protocol : http/https

                 User Management
                          Logon Method: SAPLOGONTICKET
                          User Mapping Fields
                          User Mapping Type : admin,user

                 Web Application Server (Web AS)
                          ICM Host Name : <ABAP FQDN>:<ICM PORT>
                          ICM Protocol : http/https
                          ICM URL Prefix : /sap/bc/webdynpro/sap
                          SAP NetWeaver
                          AS Description : ABAP WEB AS

7. Restart the Application Server of ABAP and Portal System.

8. Now login with the admin user created in Step 2 and do the connection test of System Alias.

9. Select the System Alias and Click Established trust and provide the admin user credentials.

10. Test the SSO configuration

                   Netweaver Portal :
                          Path: System Administration --> Support --> Application Integration and Session Management --> Test and Configuration Tools --> Tools (Transaction) --> RUN
                          SYSTEM :  System Alias
                          Transaction : SM59/SM50 --> GO

No comments:

Post a Comment