Setting up SAP SSO using the Security Token Service (STS)
But
using SAP Single Sign-On (SSO) through the Security Token Service
(STS), you can schedule reports that use SSO connections to an SAP data
source.
Workflow
- Create the certificate and keystore files.
- Add the certificate to the Business Warehouse system.
- Configure the CMC to use the SAP SSO Service.
To create the certificate and keystore files
- Log in to the machine with administrative permissions, and use a command prompt window to go to
C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin
.
- Type and run the following command:
java
-jar "C:\Program files (x86)\SAP BusinessObjects\SAP BusinessObjects
Enterprise XI 4.0\java\lib\PKCS12Tool.jar" -alias PATTERNSTS -storepass
pattern123 -dname CN=PATTERNSTS
.
- Type and run the following command:
keytool -exportcert -keystore keystore.p12 -storetype pkcs12 -file cert.der -alias PATTERNSTS
.
- When prompted to enter the keystore password, type
pattern123
.
- To view the newly created files, in Windows Explorer browse to
C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin
.
To add the certificate to the BW system
- Open a SAPGUI connection to the BW server you will be connecting to, and log in with an administrator account.
- Run the transaction
/nstrustsso2
.
- On the menu bar, click Certificate – Import.
- Next to the File path box, click the Browse icon, find the file
cert.der
(created in the previous task), and click Open.
- Ensure the Binary format is selected.
- Click the green check box.
- Verify the certificate is loaded on the screen as shown here:
- To add the certificate to the BW servers Certificate List, click Add to Certificate List.
- Click Add to ACL.
The "Add Entry to Single Sign-On Access Control List" dialog box opens,
- In the System ID box, type
PATTERN
.
- In the Client box, type
000
.
- To return to Trust Manager, select the green check box (execute).
“Trust Manager” displays both keystore entries.
- To save the entries, on the toolbar click the Save icon.
- In the "Authentication" management area of the CMC, double-click SAP.
- On the Options tab, select the default system.
- In the SAP SSO Service area, in the System ID box type
PATTERN
.
- In the Key Store Password box, type
pattern123
.
- In the Private Key Password box, type
pattern123
.
- In the *Private Key Alias*box, type
PATTERNSTS
.
Note that the system indicates the following: "No key store file has been uploaded".
- Click Browse, find the file
keystore.p12
, and click Open.
- Click Update to commit the settings.
Note that the system indicates the following: "A key store file has been uploaded".
- Restart the SIA.