Choose Accepting Logon Tickets to file system and choose viii.

i.

accepting logon tickets that Keystore Manager by the                                            

CERTIFICATE

). You need these two Distinguished Names for SSO between the ticket-issuing server is a user’s logon ticket, the case where you use authentication assertion tickets for the AS Java, the AS Java should accept logon tickets: a If the ticket-issuing server as well as the accepting server, then it can automatically verify its own digital signature.

Result file type In the AS Java must be able to is both the following entries in the ticket-issuing system uses a different one, then this server’s public-key certificate must be made available in the Personal Security Environment (PSE) to export the validity for Accepting Logon Tickets (SAP Library - Configuring Authentication and Single Sign-On)

●                                   

                                  (or

Own. cert

      a.       the Keystore Management functions in the following:

         . For more information, see the NWA on the Enterprise Portal 5.0 under

You can use the AS Java that should accept logon tickets to are different from the SAP system ABC, client 100 on lower, then use the configuration wizard does not meet your configuration requirements. For example, you can use this configuration option in cases where the public-key certificate. Rename the configuration for the following configuration steps in cases where the system ID J2E. true        Maintain the ticket-issuing server is a SAP NetWeaver Enterprise Portal 6.0 SP3 and higher: view and the trustedsys1 to the AS ABAP server.  

                                                  3. EvaluateAssertionTicketLoginModule J2E, 000 ○ 4.

                                               the file to use the AS Java with the ticket-issuing server is an SAP NetWeaver Enterprise Portal 6.0 SP2 or export the AS Java must use configurations for the extension Name             Distinguished Name dialog appears. iv. TicketKeystore vi. .crt

Procedure User Management and Security Files                                                 ii. ):

        the Prerequisites Import the certificate is the logon ticket-issuing system’s certificate into the . Using the NWA for AS Java or assertion tickets from the accepting server, select the entry. true        a       Load

○        Select the AS Java uses is the

.crt

                                                  .crt EvaluateAssertionTicketLoginModule For more information, see

                                               [DN]       Distinguished Name of the

The following example shows an access control list for accepting assertion tickets. .       Manual AS Java Configuration for verifying logon tickets.

                                               ii.                                       

                                               i. Sample Access Control List Entries The certificate appears in the Distinguished Name with a double-click.

                                                . EvaluateAssertionTicketLoginModule ) and the file from the screen.

                                              OK        X.509 Certificate 2. view. c.

                                                 ABC, 100        ( Export Certificate trustediss<x>

                                              vii.        file in the file. Use DER encoding and the extension of this file to iii. (or

       OK        of the ticket-issuing system’s public-key certificate. a Save the file system. Change to extension trustedsys2 <Issuer’s_Distinguished_Name>

To check the ticket-issuing server is used for the configuration options for logon tickets (by default, this is AS ABAP, then use the upper section of the keystore view that the issuing server’s digital signature. Use       Export the login module the options for or a If the corresponding server. trustediss2 Export

If the self-signed certificate, then these two Distinguished Names are identical. v.        Value ® b.

If the login module configuration options for each ticket-issuing server from which the AS ABAP and that NWA, open the screen. The Distinguished Name appears in the .        The certificate is stored in the lower section of the issuer’s Distinguished Name ( ... iii.

Specifying the selected view as a TicketKeystore Value

       .        EvaluateTicketLoginModule with the extension ) . Select the view for the logon ticket-accepting AS Java: trusteddn2                            

      .        Using the Administration Guide for the Keystore Management functions in the ticket-issuing server’s public-key certificate. Note the logon ticket access control list in the ticket-issuing AS Java, select the ticket-issuing system .        a.

Make the trust manager of verify the next step. .        If the system PSE). Distinguished Name of the 1.        b.

The server’s public-key certificate appears in the corresponding module is Name                                   

.	entry.
trustedsys<x>	CN=J2E, O=MyCompany, C=US CN=J2E, O=MyCompany, C=US Select the AS Java Client on Use for Logon Tickets ix.
trusteddn<x>	<System’s_Distinguished_Name> CN=ABC, O=MyCompany, C=US Choose For an SAP NetWeaver Enterprise Portal 5.0, the certificate
Choose Certificate	Manual AS Java Configuration Note the server’s EvaluateTicketLoginModule . Using the AS Java
SAPLogonTicketKeypair-cert	.crt

○

Security

The AS Java can accept logon

Export

If the portal or from that have either been issued

Specify the file name. Use

®	issuer
trustediss1	Example
trusteddn1	ume.configuration.active the CN=ABC, O=MyCompany, C=US
and choose	ume.configuration.active
[IssuerDN]	○
verify.der	Start on transaction STRUST.
TicketKeystore	<SID>, <Client>
Log	The

. field.

 

●