Procedure :
1. Update the system parameter in Instance Profile / Default Profile in RZ10
icm/host_name_full = <FQDN>
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 2
2. Create user in Netweaver Portal and ABAP system with same name and admin authorization
ABAP:
Username : admin
Profile : SAP_ALL and SAP_NEW
Netweaver Portal :
Username : admin
Assigned Roles : Super Admin , NWA Admin. Content Administrator
Assigned Groups: Administrator
3. Download the system pse of the Portal and ABAP System
ABAP:
Tcode : STRUSTSSO2
Download Path:
System PSE --> Own Certificate --> Export Certificate -> Save As (base64) ABAP.cert
Netweaver Portal :
Path : NWA --> Configuration --> Security --> Certificates and Keys --> Key Storage (TicketKeyStore)
Select SAPLogonTicketKeypair-cert --> Export -->Select Export format (base64) --> Click Download
4. Import the downloaded certificates of ABAP and Portal
ABAP :
Tcode : STRUSTSSO2
Import Path: Certificate --> Import certificate -> Select Certificate (SAPLogonTicketKeypair-cert) --> Add to Certificate list and Add to ACL --> Give Client 000 and SID of Portal --> Save
Netweaver Portal :
Path : NWA --> Configuration --> Security --> Certificates and Keys --> Key Storage (TicketKeyStore)
Click Import --> Select 509.X --> Select ABAP.cert --> Import
5. Add ABAP Certificate to Trusted System
Netweaver Portal :
Path : NWA --> Configuration --> Security --> Trusted System --> Add Trusted System --> By Uploading Certificate Manually
Import the ABAP Certificate and give the ABAP System Client
6. Create the Backend Entry in System Landcape of Portal
Netweaver Portal:
Path : System Administration --> System Landscape --> System Landscape Overview
Create the Backend System Entry :
New --> SAP System Using Dedicated Application Server
SYSTEM NAME: <SID>CLNT<ClientNO>
ADD Alias : <AID>CLNT<ClientNO> --> Finish
Configure the Backend System :
Choose System Alias --> Configure --> Modify Properties
Connector
Application Host : FQDN of ABAP
Gateway Host : FQDN of ABAP
Gateway Service : Gateway Service Port of ABAP
Logical System Name : <SID>CLNT<ClientNo>
SAP Client : ABAP Productive Client
SAP System ID (SID) : ABAP SID
SAP System Number : ABAP Instance No.
Server Port : ABAP Message Server port
System Type : SAP_R3
Information
System Name : <SYSTEM ALIAS>
Internet Transaction Server (ITS)
ITS Description : ABAP ITS
ITS Host Name : <ABAP FQDN>:<ICM PORT>
ITS Path : /sap/bc/gui/sap/its/webgui
ITS Protocol : http/https
User Management
Logon Method: SAPLOGONTICKET
User Mapping Fields
User Mapping Type : admin,user
Web Application Server (Web AS)
ICM Host Name : <ABAP FQDN>:<ICM PORT>
ICM Protocol : http/https
ICM URL Prefix : /sap/bc/webdynpro/sap
SAP NetWeaver
AS Description : ABAP WEB AS
7. Restart the Application Server of ABAP and Portal System.
8. Now login with the admin user created in Step 2 and do the connection test of System Alias.
9. Select the System Alias and Click Established trust and provide the admin user credentials.
10. Test the SSO configuration
Netweaver Portal :
Path: System Administration --> Support --> Application Integration and Session Management --> Test and Configuration Tools --> Tools (Transaction) --> RUN
SYSTEM : System Alias
Transaction : SM59/SM50 --> GO
No comments:
Post a Comment