Skip to end of metadata
Go to start of metadata

Logon tickets are a fundamental part of SSO (Single Sign On) between the portal and an SAP backend system.
The tickets are generated by the portal and need to be matched by the SAP backend system.

The tickets are based on a key pair certificate. The certificate is stored in the portal server and is validated by the backend system. The certificate has a lifetime, and once the lifetime has expired, the tickets are basically useless. The Java Visual Administrator is used to manage the key pair certificate and transaction STRUST (or STRUSTSSO2) is used in the backend system to upload the certificate.

It is important that the certificate matches between the issuer (the portal) and the backend system. Certificates have a starting and ending date and time, which means they will not be valid before the first date/time or after the last date/time.

This is what you might see in Visual Administrator:

For the same certificate, this is what you should see in the portal through System Admin -> System Confi -> Keystore Admin:

Note that the validity date and time are the same. That is because the portal is just reading the details from the keystore area.

In the backend SAP system, transaction STRUST would show this for the same certificate:

In this case, the valid from and to dates/times are actually the same, but the timezone of the backend system means they are shown with 1 hour's difference.