Escolar Documentos
Profissional Documentos
Cultura Documentos
&
LDAP Authentication to ABAP using portal
ABAP-JAVA SSO Configuration
Contents
ABG BSLI SSO Configuration
SAP Server details
SAP System installation
Configure portal
Direct iview links to open the SAP system based on the AD user ID and password
Unlocking users on Java
Starting/Stopping server
Scenario
We have an existing ERP system where users login with their current SAP ID and
password.
They would like to be able to login with their LDAP ID and password to SAP, however,
would like the password to be provided at least once. Hence they do not want an SSO
using SNC or windows authentication.
Solution
Since the SSO shouldnt happen and they should still be able to logon with their LDAP
ID and password. One of the solution is to have a Portal installed where users can use
their LDAP ID and password to logon and configure SSO between Portal and ABAP
server. So the solution steps are as below
1) Install Java engine/Portal
2) Configure portal to be authenticated using LDAP (e.g. LDAP UME datasource
configuration)
3) Configure SSO between ABAP and Portal
4) Create Iviews to call ABAP Gui
5) Provide link to users to access ABAP Gui while providing their LDAP ID and
password on the portal.
Portal installation
(Windows/SQL Server)
2) Install Portal
Password is
set to pass1234!
Configure portal
wizard
2) Provide the system details and the transaction details and click go
3) Choose TicketKeystore
6) Export ABAP certificatie by logging on to 000 client and running transaction code
Strustsso2
7) Choose the system certificate and click export
10) Add the Java certificate to certificate list and ACL by clicking the respective
buttons -
11) Add the Java certificate to ACL in other clients e.g. 100, 110, 120
12) Import ABAP Certificate into Java system under Configuration -> Certificate &
Keys -> Ticket Store
Direct iview links to open the SAP system based on the AD user
ID and password
Sample http://XXXXXX:50000/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fXXX!2fSESSION_MANAGER_AXD_SHORT
?sap-config-mode=true
Portal Side: dowload certificate you need to select from Ticketkeystore by login to SAP Netweaver Administrator
ABAP Side : Create SNC SAPCryptolib PSE with STRUST TCode in 000 Client
Update below profile paramters
login/create_sso2_ticket=2
login/accept_sso2_ticket=1
icm/host_name_full=