Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://scn.sap.com
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata

Prior to beginning the process of setting up SAP SSO ensure you have followed the steps for Setting up the SAP plug-in.

Page Contents

Setting up SAP SSO using the Security Token Service (STS)

By using SAP Single Sign-On (SSO) through the Security Token Service (STS), you can schedule reports that use SSO connections to an SAP data source.

Workflow

  • Create the certificate and keystore files.
  • Add the certificate to the Business Warehouse system.
  • Configure the CMC to use the SAP SSO Service.

To create the certificate and keystore files

  1. Log in to the machine with administrative permissions, and use a command prompt window to go to C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin.
  2. Type and run the following command: java -jar "C:\Program files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\java\lib\PKCS12Tool.jar" -alias PATTERNSTS -storepass pattern123 -dname CN=PATTERNSTS.
  3. Type and run the following command: keytool -exportcert -keystore keystore.p12 -storetype pkcs12 -file cert.der -alias PATTERNSTS.
  4. When prompted to enter the keystore password, type pattern123.



  5. To view the newly created files, in Windows Explorer browse to C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin.

To add the certificate to the BW system

  1. Open a SAPGUI connection to the BW server you will be connecting to, and log in with an administrator account.
  2. Run the transaction /nstrustsso2.
  3. On the menu bar, click Certificate – Import.
  4. Next to the File path box, click the Browse icon, find the file cert.der (created in the previous task), and click Open.
  5. Ensure the Binary format is selected.
  6. Click the green check box.
  7. Verify the certificate is loaded on the screen as shown here:


  8. To add the certificate to the BW servers Certificate List, click Add to Certificate List.
  9. Click Add to ACL.
    The "Add Entry to Single Sign-On Access Control List" dialog box opens,
  10. In the System ID box, type PATTERN.
  11. In the Client box, type 000.
  12. To return to Trust Manager, select the green check box (execute).
    “Trust Manager” displays both keystore entries.
  13. To save the entries, on the toolbar click the Save icon.

To configure the CMC to use the SAP SSO Service

  1. In the "Authentication" management area of the CMC, double-click SAP.
  2. On the Options tab, select the default system.
  3. In the SAP SSO Service area, in the System ID box type PATTERN.

    The System ID field is a single entry that identifies all nodes in the cluster. Multiple certificates should not be added to the BW system. Please refer to SAP Note 1695870 for further details.

  4. In the Key Store Password box, type pattern123.
  5. In the Private Key Password box, type pattern123.
  6. In the *Private Key Alias*box, type PATTERNSTS.

    Note that the system indicates the following: "No key store file has been uploaded".
     
  7. Click Browse, find the file keystore.p12, and click Open.


  8. Click Update to commit the settings.
    Note that the system indicates the following: "A key store file has been uploaded".


  9. Restart the SIA.

4 Comments

  1. Former Member

    "But" should be "Buy" under the section "Setting up SAP SSO using the Security Token Service (STS)"

  2. Former Member

    Hi Morgan,

    Is excellent, is very clear. Could you please create some informartion or tips for when BOBI is in cluster HighA DB have 2 nodes and 3 application server and BW system Have SCS and 2 application server,

    Best regards

    Carlos

  3. Former Member

    Hi Morgan,

     

    Which is the correct  In the SAP SSO Service area, in the System ID box type  PATTERN. Screenshot step 6

     The screenshot in step 8 appear  System ID box   PATTERNSTS.

    Best regards