Professional Documents
Culture Documents
How-To... Import A Portal Public Key Into An ECC Client
How-To... Import A Portal Public Key Into An ECC Client
Guide
Table
of
Contents
Table
of
Contents......................................................................................................................................... 2 Synopsis ....................................................................................................................................................... 3 Scope
&
Related
Documents ....................................................................................................................... 4 Intended
Audiences ................................................................................................................................. 4 Assumptions ............................................................................................................................................ 4 Scope
exclusions ...................................................................................................................................... 4 Related
Documents.................................................................................................................................. 4 Implementation ........................................................................................................................................... 5 Execution ..................................................................................................................................................... 6 Extracting
the
Key .................................................................................................................................... 6 Importing
the
Public
Key.......................................................................................................................... 6 Appendix.................................................................................................................................................... 14
Synopsis
Icon
Meaning
Caution Example Note Recommendation Syntax
Intended
Audiences
This
document
is
intended
for
SAP
BASIS
administrators
and
related
support
groups.
It
does
not
provide
assistance
to
inexperienced
personal.
Assumptions
This
document
is
based
on
the
following
assumptions:
The
user
has
administrative
access
to
the
instance
clients
including
client
000.
SSO
between
the
SAP
EP
and
ECC
is
to
be
implemented
The
user
is
able
to
initiate
operating
system
calls
Scope
exclusions
This
document
does
not
cover
all
procedures
required
to
implement
SSO.
Related
Documents
How-To...
Generate
a
Portal
Public
Key
Certificate.doc
Implementation
The
SAP
Portal
public
key
certificate
is
required
to
enable
single
sign
on
using
SAP
logon
tickets.
The
key
is
used
to
verify
a
logon
ticket
that
is
presented
to
an
ECC
client
for
logon
in
lieu
of
a
user
name
and
password
a
user
normally
has
to
provide.
The
public
key
is
generated
by
the
portal,
stored
in
a
security
certificate
and
imported
into
the
SAP
R/3
client
by
means
of
transaction
STRUSTSSO2.
After
a
successful
import
the
user
may
be
signed
on
to
the
SAP
client
without
the
need
to
provide
a
user
name
and
password,
instead
a
signed
SAP
logon
ticket
is
presented,
verified
against
the
public
key
and
if
valid
the
user
is
logged
on.
This
document
shows
how
to
correctly
import
the
key
and
prepare
the
client(s)
to
accept
user
logon.
Execution
Before
the
portal
key
security
certificate
can
be
imported,
it
must
be
extracted
from
the
compressed
ZIP
file.
Once
extracted
the
portal
key
security
certificate
must
be
imported
into
the
client
000
of
the
instance
where
it
is
to
be
used.
This
ensures
the
certificate
can
be
used
in
all
clients
that
may
exist
in
the
instance.
Single
sign
on
access
to
an
ECC
client
using
the
logon
ticket
is
granted
through
the
ACL
of
each
client
and
is
client
specific.
For
this
reason
the
certificate
is
then
loaded
from
the
certificate
list
of
the
instance
and
added
to
the
ACL
of
the
selected
client.
2. Extract the file verify.der contained in the archive. You have now extracted and stored the portal key certificate.
4. To import the certificate verify.der click on the import button under the section Certificate
Select the file by clicking the drop down button File Path and select the file. Then click on the green check button to import the certificate. The details of the public key certificate will appear in the section Certificate as shown in the next step
5. To add the certificate to the certificate list, click on the button Add to Certificate List
In our example we have two certificates, one from the instance LPD and one from the instance LXD. 6. When you leave the transaction, you will be prompted to save your certificate.
7. Now log off client 000. At this point we only have imported the certificate. We have not yet granted single sign on access to any client. 8. Log on to the client where you want to provide single sign on to using the key certificate. In our example we will be providing single sign on to client 200 using the key certificate we have just imported. 9. Run transaction strustsso2.
10. Access to the client is granted through the ACL (Access control list), therefore you will first need to select the certificate from the certificate list by double clicking on it.
13. In the popup window enter the details of the system where the ticket is from
1 2
In our example the selected key certificate was issued by the workplace system LPQ (a J2EE system). Since this comes from the J2EE Instance the client number is usually (by default) client 000. You should verify the source client number of the J2EE instance by using the Visual Administrator and navigating to the services tree. Once there, select the service UME Provider and check the entry login.ticket_client. Whatever this client number is, this is the one you need to use as the entry in the Workplace client ID as seen in the following diagram.
14. Once you have entered all the details, click on the green check button
15. The certificate will now have been added to the ACL as shown in the following diagram
16. Again, save the changes. You will be prompted to save the changes once you leave the transaction.
We have now allowed for single sign on access from system LPQ client 000 to client 200 of the instance we have imported the key into.
Though we have loaded the public keys of Instances LPD and LXD as well (see pt.1 in the above diagram), we have not granted single sign on access of these instances to our client 200. Only the certificate from instance LPQ provides SSO access to our system client 200 (see pt. 2 in the above diagram) You will need to repeat the procedure Importing the Public Key steps 8 to 16 for every client you want to provide single sign on access to. Of course you can repeat the procedure for all public keys if so required.
Appendix