Verify the SAP EIS is configured correctly to accept SSO connections from Unwired Server.
The general steps for enabling SAP systems to communicate over HTTPS
are:
- Install the SAP Cryptographic library.
- Set all credential parameters for the type of credentials accepted by the server:
- SSO2 token – verify everything is set properly with SSO2 transaction.
- X.509 certificate – set up, import, and verify the certificates using the trust manager (transaction STRUST).
- Use the ICM configuration utility to enable the ICM HTTPS port.
- Set the type of authentication to enable over HTTPS:
- Server authentication only – the server does not expect the client to authenticate itself using SSL, only basic authentication
- Client authentication only – the server requires the client to send authentication information only via SSL certificates. The ABAP stack supports both options.
Configure the server to use SSL with client authentication by setting the parameter (ICM/HTTPS/verify_client):
- 0 – do not use certificates.
- 1 – allow certificates (default).
- 2 – require certificates.
- Use the trust manager (transaction STRUST) for each PSE (SSL server PSE and SSL client PSE) to make the server's digitally signed public-key certificates available. Use a public key infrastructure (PKI) to get the certificates signed and in the SAP system.
There are no SSO access restrictions for MBO data that spans multiple SAP servers.
- Unwired Server must possess a valid CA X.509 certificate exported from SAP. Deploy these certificates, which are used during SSL handshake with the SAP server into the Unwired Server trust store.
- The user identification (distinguished name), specified in the certificate must map to a valid user ID in the AS ABAP, which is maintained by the SM30 view (VUSREXTID).
See Configuring the AS ABAP for Supporting SSL at http://help.sap.com/saphelp_aii710/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm