SAP Community Network Wiki - Portal - SSO to BW in EP 6.

http://wiki.sdn.sap.com/wiki/display/EP/SSO+to+BW+in+EP+6.0

Welcome, Guest Login Register Getting Started Newsletters Store

Solutions SAP Services & Support About SCN Downloads Industries Training & Education Partnership Developer Center Lines of Business University Alliances Events & Webinars Innovation

SSO to BW in EP 6.0
Added by Anil Dichpally, last edited by Michael Nicholls on Apr 07, 2007
Describes the steps to setup SSO between BW and EP6.0 1.Create RFC Destinations in J2EE Engines in SAP EP 6.0 2.Create RFC Destinations for SAP EP 6.0 in SAP BW 3.Maintain Portal Server Settings for SAP EP 6.0 in SAP BW 4.Maintain Single Sign-On in SAP BW 5.Export the BW Certificate in SAP BW 6.Import the BW Certificate into SAP EP 6.0 7.Create BW Systems in SAP EP 6.0 8.Configure User Management in SAP EP 6.0 9.Export the Portal Certificate into SAP EP 6.0 10.Import the Portal Certificate into SAP BW 11.Import the SAP Basis Plug-In into SAP BW Create RFC Destinations in J2EE Engines in SAP EP 1.Start the SAP J2EE Engine Administrator with go.bat 2.Connect to the Portal Server. 3.Select <SID>/Server<...>/Services/Jco RFC Provider. 4.Maintain an RFC destination: Program ID: <PORTAL_HOSTNAME> Gateway host: <GATEWAY_HOST> Application server host: Same as Gateway host System number: <SYSTEM_NUMBER> Client: <BW_CLIENT> User: <USER> (User in the BW system) Password: <PASSWORD>

5.Transfer the RFC destination to the available RFC destinations with the Set button. 6.Start the RFC server with the Start button. Create RFC Destinations for SAP EP 6.0 in SAP BW Display and Maintenance of RFC Destinations (SM59). 2.Choose Create. 3.Maintain the RFC destination: RFC destination: <RFC_DESTINATION>

1 of 4

09-Oct-12 11:25 PM

SAP Community Network Wiki - Portal - SSO to BW in EP 6.0

http://wiki.sdn.sap.com/wiki/display/EP/SSO+to+BW+in+EP+6.0

Connection type: T for TCP/IP connection Technical settings Activation type: Registered server program Program ID: PORTAL_HOSTNAME> Gateway host: <GATEWAY_HOST> Gateway service: sapgw<SYSTEM_NUMBER> Logon/security Send SAP logon ticket: Activate 4.Save your entries. Maintain Portal Server Settings for SAP EP in BW Start the transaction Table View Maintenance ( SM30). 2.Enter RSPOR_T_PORTAL as the table. 3.Choose Maintain. 4. choose New Entries. 5.Maintain the connected portal: RFC destination: <RFC_DESTINATION> Name of the system: <SYSTEMALIAS> Portal URL Prefix: <PORTAL_URL_PREFIX>, for example, http://<portalserver><domain>:<port> 6. Save your entries.

Maintain Single Sign-On in SAP BW 1.Set the following profile parameter using the Maintaining Profiles transaction (transaction code RZ10): login/create_sso2_ticket=1 or login/create_sso2_ticket=2 The value 1 means that the certificate is signed by SAP CA. The value 2 means that the certificate is self-signed. Set login/accept_sso2_ticket=1 Export the BW Certificate in SAP BW 1.Start the transaction Trust Manager for Single Sign-On with Logon Ticket (transaction STRUSTSSO2). 2.Select your own certificate by double clicking on the system name. 3.In the menu, choose Certificate - Export. 4.Enter the file path <BW_SID>_certificate.crt (<BW_SID> is the system ID of the BW system). 5.Choose Binary as the file format. Import the BW Certificate into SAP EP 6.0 1.Start the SAP J2EE Engine Administrator with go.bat 2.choose <SID>/Server<...>/Services/Key Storage. 3.Select the view TicketKeystore under Views. 4.Under Entry, click on Load. 5.Open the file <BW_SID>_certificate.crt. SAP J2EE Engine accepts the SAP Logon Tickets from the BW system. 1.Start the SAP J2EE Engine Administrator with go.bat 2.Choose <SID>/Server<...>/Services/Security Provider. 3.Choose Ticket as Application. 4.Choose the Authentication tab page. 5.Change the options for com.sap.security.core.server.jaas.EvaluateTicketLoginModule and insert the following values: trustedsys<Number>=<BW_SID>, <BW_CLIENT> (z. B. BWP, 000) perform the following steps to use the option Send SAP Logon Ticket 1.Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%\admin\go. 3.In the tree, choose <SID>/Server<...>/Services/Security Provider.

2 of 4

09-Oct-12 11:25 PM

SAP Community Network Wiki - Portal - SSO to BW in EP 6.0

http://wiki.sdn.sap.com/wiki/display/EP/SSO+to+BW+in+EP+6.0

4.Choose evaluate_assertion_ticket as Application. 5.Choose the Authentication tab page. 6.Change the options for com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule and insert the following values: Create BW Systems in SAP EP 6.0 1.Start the iView System Administration - System Configuration- System Landscape. 2.Choose New- System 3.choose either the R/3 with Dedicated Application Server for R/3-System as a template. Logon method: SAPLOGONTICKET or UIDPW Type of user assignment: admin,user Logical system name: <SID>CLNT<MANDANT> SAP client: <CLIENT> SAP system ID (SID) (R/3 name): <SID> System type: SAP_BW System name: <SID>CLNT>

WAS host name: <HOSTNAME>:<PORT> WAS path: /sap/bw/bex WAS protocol: http or https 4. Maintain an alias for the system in the System Aliases view. A system alias in the format <SID>CLNT<CLIENT> must exist, where <SID> is the system ID and <CLIENT> is the client for the system. CLNT is predefined. In addition to the system alias in the format above, you can also maintain other system aliases. In order to use the example role Business Explorer an alias must be maintained in SAP_BW. Multiple system aliases can be defined for a BW system. 5.Save your entries. Export the Portal Certificate into SAP EP 6.0 To export the portal certificate from the J2EE engine, follow these steps: 1. 2. 3. 4. 5. Start the SAP J2EE Engine Administrator with <PORTAL_DIRECTORY>\admin\go.bat. Connect to the portal server. Choose <SID>/Server<...>/Services/Key storage from the tree. Select the view TicketKeystore under Views. If the SAPLogonTicketKeypair-cert is not available under Entries, generate a portal certificate

6. Under Entry, choose Create. Enter the following values in Key and Certificate Generation: The value CN=Common Name is displayed as the owner in transaction STRUSTSSO2 and serves to identify the certificate. SAP recommends that you use <HOSTNAME_PORT> from the portal server. Entry name: SAPLogonTicketKeypair (the entry SAPLogonTicketKeypair-cert is generated automatically) Store certificate: X 7. Choose Generate to generate the certificate. 8. Highlight SAPLogonTicketKeypair-cert under Entries. 9. Under Entry, choose Export. 10. Export the portal certificate as <PORTAL_SID>_certificate.crt in file format X.509 Certificate (.crt). Import the Portal Certificate into SAP BW 1.Choose the menu command Certificate - Import in the transaction STRUSTSS02 and import the file PORTAL_SID>_certificate.crt in binary format. 2.In order to adopt the certificate into the SSO access control list (ACL), in the menu, choose Edit- Certificate in ACL. In the SAP Enterprise Portal 6.0 you can specify the system ID of the portal as the system and the value 000 as the client. 3.In order to adopt the certificate into SSO access control list (ACL), in the menu, choose Edit- Adopt Certificate. 4.If you want to distribute the settings to multiple application servers, select Distribute in the context menu for the tree on the left side. 5.Save your entries. Maintain User Assignments in SAP EP 6.0 1.Start the iView System Administration - System Configuration - System Landscape. 2.Navigate to the previously created system, open the context menu and choose Open -Authorizations.

3 of 4

09-Oct-12 11:25 PM

SAP Community Network Wiki - Portal - SSO to BW in EP 6.0

http://wiki.sdn.sap.com/wiki/display/EP/SSO+to+BW+in+EP+6.0

3.Search for the user or the user group or role, add it and issue read authorization.

Import the SAP Basis Plug-In into SAP BW 1. 2. 3. Download the SAP Basis Plug-In (PI_BASIS) from the SAP Software Distribution Center in the SAP Service Marketplace (quick link SWDC). Start the Transport Management System (transaction code STMS). Import the SAP Basis Plug-In into the BW system.

Labels
ep_conn

Follow SCN Contact Us SAP Help Portal Privacy Terms of Use Legal Disclosure Copyright

4 of 4

09-Oct-12 11:25 PM