实用云,提供最全最实时的云市场资讯

手机站:/m

百度云_数据库删除表语句_9元

时间:2021-07-23 05:03编辑:实用云来源:实用云当前位置:主页 > 服务器 >

This blog will introduce the steps necessary to configure SAP Work Manager (6.4.1) to accept SSO login tickets generated by SMP server to access SAP Backend server.

LDAP server and OpenSSL tool are used as example in this blog.

SAP Work Manager installed and connection to both SMP server and SAP Backend are accessible. LDAP Server and Client installed. Certificate Generation tool is available.

smp_keystore.jks trusts PKCS #12 certificates for technical user back-end connections SMP SSO Generator restriction: Only 1024 bit DSA certificates that use SHA1 as the signature algorithm are supported.

1). openssl dsaparam -out dsaparam.pem 1024

2). openssl gendsa -out smp3sso.pem dsaparam.pem

3). openssl req -x509 -days 3650 -new -key smp3sso.pem –sha1 -out smp3sso.cer

4). openssl pkcs12 -export -in smp3sso.cer -inkey smp3sso.pem -out smp3sso.p12

a). Import smp3sso.p12 to SAP Mobile Platform Server

b). Install smp3sso.cer on SAP Backend

Run transaction STRUSTSSO2

Note: SAPSSO2 Generator enables single sign-on (SSO) access to back-end resources. Before you can establish SSO connections, an authentication provider must first authenticate the client.

a). Create the new Security Profile to Authenticate

b). Make sure the users’ search base and Root DN from LDAP Client side

Sample user "admin"

DN: uid=admin,ou=smp,dc=maxcrc,dc=com

Root DN can be found at "C:\OpenLDAP\Sldap.conf"

Root DN: cn=Manager,dc=maxcrc,dc=com

c). Input the settings per your environment and click Save

Server Type =

Provider URL = ldap://{your ldap host}:389 Bind DN – The user DN to bind when building the initial LDAP connection. Bind Password = {password for your bind user referenced in the Bind DN}

Authentication Filter =

Authentication Scope – May need to switch to subtree depending on your LDAP setup

Authentication Search Base – The search base used to authenticate users. If this property is not configured, the value for Default Search Base is used, then you need to make sure Default Search Base has correct value. Skip Role Lookup – Checked

Above values will make sure my user ‘admin’ maintained in LDAP server has access to SMP server.

More details please refer to Directory Service (LDAP/AD) Configuration Properties

d). Configure SAPSSO2 Generator by clicking Add and select SAPSSO2 Generator

IssuerSID = SMP IssuerClient = 000 RecipientSID – The SID of the SAP Backend system you are connecting to RecipientClient – The client number within the SAP Backend system CertificateAlias = {alias from .p12 import}

[LOGON_METHOD]

LOGON_METHOD=USER_AUTH_SSO SERVICE_USER_LOGON_METHOD=USER_AUTH PUSH_USER_LOGON_METHOD=USER_AUTH

[USER_AUTH_SSO]

BYPASS_USERID_CHECK=true SSOCLIENT_CLASS=com.syclo.sap.auth.sso.SMPSSOClient

Note: the users in LDAP server should exist in SAP Backend server.

Login Work Manager Client with LDAP user and password.

If you are using Work Manager 6.3, you will need additional jar file, please refer to SAP Note 2367419 For diagnostic reasons, you can adjust security log to debug level to capture more information in SMP server log. Directory Service (LDAP/AD) Configuration Properties

,手机免费建站,云购网,返利公众号,海淘返利,淘客公众号

上一篇腾讯云_双程电影百度云_精选特惠

下一篇分布式存储_ntp校时服务器_优惠券

世界之最排行

世界之最精选