Preparing Your SAP Environment for Single Sign-on

Verify that the SAP® enterprise information system (EIS) is configured correctly to accept SSO connections from Unwired Server.

  1. Set all parameters for the type of credentials accepted by the server:
    • SSO2 token – verify everything is set properly with the SSO2 transaction.
    • X.509 certificate – set up, import, and verify certificates using the Trust Manager (transaction STRUST).
  2. Use the ICM configuration utility to enable the ICM HTTPS port.
  3. Set the type of authentication to enable communication over HTTPS.
    • Server authentication only – the server expects the client to authenticate itself using basic authentication, not SSL
    • Client authentication only – the server requires the client to send authentication information using SSL certificates. The ABAP stack supports both options. Configure the server to use SSL with client authentication by setting the ICM/HTTPS/verify_client parameter:
      • 0 – do not use certificates.
      • 1 – allow certificates (default).
      • 2 – require certificates.
  4. Use the Trust Manager (transaction STRUST) for each PSE (SSL server PSE and SSL client PSE) to make the server's digitally signed public key certificates available. Use a public key infrastructure (PKI) to get the certificates signed and into the SAP system.

    There are no SSO access restrictions for MBO data that span multiple SAP servers.

    See SAP product documentation at http://help.sap.com/saphelp_aii710/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm for information about the SAP Trust Manager.

  5. To enable secure communication, Unwired Server and the SAP server that it communicates with must exchange valid CA X.509 certificates. Deploy these certificates, which are used during the SSL handshake with the SAP server into the Unwired Server truststore.
  6. The user identification (distinguished name), specified in the certificate must map to a valid user ID in the AS ABAP, which is maintained by the transaction SM30 using table view (VUSREXTID).

See Configuring the AS ABAP for Supporting SSL at http://help.sap.com/saphelp_aii710/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm

Parent topic: Single Sign-on for SAP