Single Sign-On (SSO) is one of the key concepts that allow you to log into one system and you can access multiple systems in the backend. SSO allows users to access software resources through the SAP system in the backend.
SSO platform using NetWeaver provides user authentication and helps system administrators manage users loaded in complex SAP system landscape. SSO configuration simplifies user login to SAP systems and applications by enhancing security measures and reducing password management tasks for multiple systems the process of.
SSO helps organizations reduce operational costs by reducing the number of helpdesk calls related to password issues, thereby increasing the productivity of business users. The SAP NetWeaver integration mechanism allows you to easily integrate SAP NetWeaver systems into the SSO concept and integrate them in the SAP System Easy access to backend systems is provided in the Landscape Environment.
SAP single sign-on concept
Single sign-on can be configured with mySAP Workplace, allowing users to log in to mySAP Workplace on a daily basis and they can access the application without having to repeatedly enter their username and password.
You can configure SSO with mySAP Workplace using the following authentication methods
-
user name and password
-
SAP login ticket
-
X.509 client certificate
Integration in single sign-on
SSO using the NetWeaver platform provides user authentication and helps system administrators manage user load in complex SAP system environments. SSO configuration simplifies user login to SAP systems and applications by enhancing security measures and reducing password management tasks for multiple systems the process of.
Using SAP NetWeaver different mechanisms can be configured to authorize users to access the NetWeaver system using SSO method. The login mechanism in the system depends on the technology of the SAP NetWeaver system and the different communication channels used to access these systems.
Configure single sign-on in SAP GUI
To configure single sign-on, you need access to the following T-codes
-
RZ10
-
STRUST
Once you have these T-codes, you should follow the steps given below to subtract;
Step 1 Login to any SAP ECC system using SAP GUI, go to T-code RZ10 .
After step 2 select default profile and extension maintenance.
Step 3 Click Change and you will see the list of parameters for the configuration file.
Step 4 Change the following configuration file parameters
-
login/create_sso2_ticket = 1
-
login/accept_sso2_ticket = 1
Step 5 Save and activate the profile. It will generate a new profile.
Step 6 Export R3SSO certificate from trust manager , go to transaction STRUST .
Step 7 Double -click the text box to the right of "Own Certificate". The certificate information is displayed. Please note the value of this certificate, because you will need to enter the value.
Step 8 Click the icon to export the certificate.
Step 9 Save the file as <R3_Name>-<Client>.crt.
ExampleEBS -300.crt
Step 10 Click on the checkbox to create the file in the parent directory.
Step 11 Import the R3 SSO certificate to the Java engine using the administrator tool .
Take care to make sure the Java engine is started.
Step 12 Open the Java Management Tool.
Step 13 Enter the Java Engine administrator password and click Connect.
Step 14 Select Server → Service Key → Storage.
Step 15 Click on Ticket Keystore in the View panel.
Step 16 Click Load in the Entry group box. Select the .crt file you exported in the previous step.
Step 17 Configure Security Provider Service in SAP Java Engine using administrator tools.
Step 18 Select Server Service Security Provider.
Step 19 Select the ticket in the Components panel and go to the Validation tab.
Step 20 Modify the options for evaluating the ticket login module and add the following properties to each backend system where SSO is to be configured.
Single sign-on for web-based access
You can configure several options using SSO to access the SAP NetWeaver system. You can also access the SAP NetWeaver System through a web browser or other web clients. Using SSO, users can access back-end systems and other secure information located in the corporate network.
SSO allows you to integrate web-based user access on a NetWeaver application server using multiple secure authentication methods. You can also implement various network communication security methods, such as encryption, to send information over the network.
The following authentication methods can be configured using SSO to access data through the application server
-
Authenticate with User ID and Password
-
Use login tickets
-
Using X.509 client certificates
-
Using SAML Browser Artifacts
-
Use SAML 2.0
-
Use Kerberos authentication
When accessing data over the Internet, you can also use security mechanisms in the network and transport layers.