1)Profile parameters.
2)Trust between SAP Enterprise Portal and SAP BW or SAP R/3.
2)Trust between SAP Enterprise Portal and SAP BW or SAP R/3.
1) Profile parameters.
Before you can enable ticket based single-sign-on between SAP and BusinessObjects Enterprise, you must set up your SAP system to accept and create logon tickets. This involves setting two related profile parameters on your SAP server:
login/accept_sso2_ticket
login/create_sso2_ticket
| Profile parameter | Value | Comment |
|---|---|---|
| login/create_sso2_ticket | 1 or 2 | Use the value 1 if the server possesses a public-key certificate signed by the SAP CA. Use the value 2 if the certificate is self-signed. If you are not sure, then use the value 2. |
| login/accept_sso2_ticket | 1 | Use the value 1 so that the system will also accept logon tickets. |
These settings require a restart of the SAP system.
To verify the profile parameters
1. Log onto the SAP server.
2. Start the profile maintenance with transaction RZ10 .
3. Select the instance profile for the SAP server.
4. Select Extended maintenance.
5. Click Display
2) Configure trust for the SAP Enterprise Portal
This step involves exporting an SAP Enterprise Portal certificate and importing it to the SAP server (SAP BW or SAP R/3) so that these two systems establish a trusted relationship.
To export the SAP Enterprise Portal certificate
1. Log onto the SAP Enterprise Portal.
2. Navigate to System Administration > System Configuration .
3. Click Keystore Administration .
4. Click Download verify.der File (EP1 in this case)
5. Save the file locally.
6. Unzip the file.
7. Log onto the SAP server (SAP BW or SAP R/3) (BW1 in this case).
8. Start transaction STRUSTSSO2 (Trust Manager).
9. Select the menu Certificate > Import .
10.Enter the path to the unzipped file into File path .
10.Enter the path to the unzipped file into File path .
11. Click Enter
12. Click Add to Certificate List .
13. Click Add to ACL .
14. Enter the System ID of the SAP Enterprise Portal server, e.g EP1 in the example above.
15. Enter 000 for the field Client
The Client number must be 000. The Portal server trust will fail with another client number.
16. Click Enter .
Chapter I) Need to have the SAP EP and ABAP and BOE XI3.1 Application Server in the same DNS domain.
The logon ticket issued by EP is stored as a cookie. Each cookie in a browser session has a specified domain. Due to security reasons, browsers only forward to a specific web site cookies which are in the same domain as the web site.
If you have multiple domains are involved SAP Logon Tickets for Multiple Domains
Chapter J) Install a BOE XI3.1 Server
See the official documentation or to the following link.
Chapter K) Install BOE XI3.1 SAP Integration Kit / Java Connector
Detailed steps on how to install SAP Integration Kit can be found here:
BusinessObjects Integration Kit for SAP - Installation and Configuration (prerequisites and Installation sections, page 4-15)
| SAP GUI | Java Connector |
|---|---|
 |  |
Chapter L) Configure the SAP ABAP system in CMC and import SAP roles
This is the SAP system that will be used to authenticate the users that logon the EP and view BOE reports. For steps on how to configure an entitlement system and import SAP roles to BOE:BusinessObjects Integration Kit for SAP - Installation and Configuration (prerequisites and Installation sections, page 16-24)
Chapter M) Check the BOE XI3.1 InfoView configuration to support single sign-on.
When installing BOE SAP KIT, the installer will modify the parameters of your web.xml/web.config files. However, to verify if InfoView is configured for single sign-on, open InfoView configuration fileweb.xml (Java InfoView) or web.config (.Net) and make sure the following properties have the values specified below:
| Parameter | Value |
|---|---|
| authentication.default | secSAPR3 |
| siteminder.enabled | false |
| sso.enabled | true |
| IIS | Tomcat |
|---|---|
| web.config is located by default in the following directory: | web.xml is located by default in the following directory: |
No comments:
Post a Comment