SSO2 Single Sign-On Administration Server.Purpose
Wizard for connecting component systems to the Workplace Server.
Features
Selection
Enter the RFC destination or the host and system number of theWorkplace Server (WPS).
Output
Displays Workplace Server data
- System ID and client
- Certificate (with information on whether the certificate is containedin the public key list and access control list (ACL))
- Profile parameter login/create_sso2_ticket
- Evaluation whether the certificate needs to be added to the publickey list.
Displays component system data
- System ID and client
- Profile parameter login/accept_sso2_ticket
- Public key list (with information on whether the Workplace Servercertificate is in the list)
- Access control list (with information on whether the Workplace Servercertificate is in the list)
Activities
Main function: the 'Activate Workplace' button
The system adds the Workplace Server to the access control list. Ifnecessary, it adds the Workplace Server certificate to the public keylist.
Expert functions (in the menu)
- Add SAP-CA certificate to the public key list
- Add Workplace Server certificate to the public key list
- Remove certificate from public key list (put the cursor on therelevant entry)
- Add Workplace Server to the Access Control List
- Remove entry from the Access Control List (put the cursor on therelevant entry)
Example
Technical details
A Workplace Server must have at least release level >= 4.6C.
A Workplace Server can be activated any number of times.
If you do not enter any connection data for a Workplace Server, thesystem displays just the status of the local system.
If you enter the host and system number instead of the RFC destinationin the selection screen, the system creates and uses an RFC destinationcalled _.
The system checks whether the Workplace Server certificate is signed bySAP-CA by comparing the name of its issuer with the name of the issuerof the SAP-CA certificate (it does not call a verify function).
All changes are saved immediately (this includes distributing the filecontaining the public key list (Personal Security Environment, PSE) toall active application servers).
As of 4.6C the system PSE is processed locally. Up to 4.6B a new PSEwith the file name SAPSSO2.pse in directory DIR_GLOBAL is used.
For PSE management, the system calls functions in function group SSFPthat can be called by RFC in the Workplace Server (if the release ofthe current system is < 4.6C) or locally (if the release of the currentsystem is >= 4.6C).