Setting up SAP SSO using the Security Token Service (STS)

Setting up SAP SSO using the Security Token Service (STS)

But using SAP Single Sign-On (SSO) through the Security Token Service (STS), you can schedule reports that use SSO connections to an SAP data source.

Workflow

• Create the certificate and keystore files.
• Add the certificate to the Business Warehouse system.
• Configure the CMC to use the SAP SSO Service.

To create the certificate and keystore files

1. Log in to the machine with administrative permissions, and use a command prompt window to go to C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin.
2. Type and run the following command: java -jar "C:\Program files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\java\lib\PKCS12Tool.jar" -alias PATTERNSTS -storepass pattern123 -dname CN=PATTERNSTS.
3. Type and run the following command: keytool -exportcert -keystore keystore.p12 -storetype pkcs12 -file cert.der -alias PATTERNSTS.
4. When prompted to enter the keystore password, type pattern123.
   
5. To view the newly created files, in Windows Explorer browse to C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin.

To add the certificate to the BW system

1. Open a SAPGUI connection to the BW server you will be connecting to, and log in with an administrator account.
2. Run the transaction /nstrustsso2.
3. On the menu bar, click Certificate – Import.
4. Next to the File path box, click the Browse icon, find the file cert.der (created in the previous task), and click Open.
   
5. Ensure the Binary format is selected.
6. Click the green check box.
7. Verify the certificate is loaded on the screen as shown here:
   
8. To add the certificate to the BW servers Certificate List, click Add to Certificate List.
9. Click Add to ACL.
   The "Add Entry to Single Sign-On Access Control List" dialog box opens,
   
10. In the System ID box, type PATTERN.
11. In the Client box, type 000.
12. To return to Trust Manager, select the green check box (execute).
    “Trust Manager” displays both keystore entries.
    
13. To save the entries, on the toolbar click the Save icon.

To configure the CMC to use the SAP SSO Service

1. In the "Authentication" management area of the CMC, double-click SAP.
2. On the Options tab, select the default system.
   
3. In the SAP SSO Service area, in the System ID box type PATTERN.
   
   The System ID field is a single entry that identifies all nodes in the cluster. Multiple certificates should not be added to the BW system. Please refer to SAP Note 1695870 for further details.
   
4. In the Key Store Password box, type pattern123.
5. In the Private Key Password box, type pattern123.
6. In the *Private Key Alias*box, type PATTERNSTS.
   
   Note that the system indicates the following: "No key store file has been uploaded".
7. Click Browse, find the file keystore.p12, and click Open.
   
8. Click Update to commit the settings.
   Note that the system indicates the following: "A key store file has been uploaded".
   
9. Restart the SIA.