Configure Single Sign-On (SSO) on the Portal and the ERP

Recently I’ve concluded successfully a full installation of the SAP Netweaver Developer Workplace on a local laptop. This installation was tricky and to work properly and as I expected, I also had to perform additional configurations, like the Single Sign-On (SSO), to connect it to the existing ERP system. Please note that this configuration worked for me and I did it in the sequence of installing a local portal on my laptop.

Assuming that you have full control over your systems, i.e., you’re an Administrator for your local Netweaver Portal and have SAP_ALL and SAP_NEW profiles in your backend user, here are the steps necessary to enable the SSO:

1. I started by exporting the Portal’s digital certificate, to later import it in the backend system. Logon to the Visual Administrator tool and browse to Server > Services > Key Storage;

2.    Choose Ticket Store > SAPLogonTicketKeypair-cert and click on Export to save the certificate locally:

3. Save the certificate (.CRT) locally on a directory that you can easily find:

4. Logon the ERP backend system and execute transaction code strustsso2;

5. On the main screen, double click on the “Owner” own certificate and on the “Certificate” block, choose the “Import Certificate” option:

6. Browse for the previously saved certificate (.CRT):

7. After the certificate is imported, it has to be added to the “Certificate list” and the “ACL list”. Click on “Add to certificate list” and “Add to ACL”

8. When adding to the certificate list, the following message should appear:

9. When adding to the ACL list, you need to fill in the following data:

Note that for this installation, the system ID is defined as “N21″.

10. Click on “Save” to commit your changes

11. Next we must export the ERP backend certificate, in order to import it in the Visual Administrator. Double click the “Own Certificate – Owner” to display the details below the “Certificate” section:

12. Click on the “Export Certificate” button, choose the path and CRT filename to save it locally;

13. Go back to the Visual Administrator tool and click on the “Load” button:

14. Choose the exported CRT file. The certificate details will appear:

The Single Sign-On should now be enabled, which means that you can now create the necessary Java Connectors (JCO), using as the logon method “SAPLogonTicket”.