Nakisa SSO using SAP Logon Ticket
Nakisa Single Sign On (SSO) using Logon Ticket Option – Netweaver 7.3 and Nakisa 3.0 SPS03 Onward
Nakisa SSO using SAP Logon Ticket: Nakisa SSO using SAP Logon TicketWith Nakisa 3.0 SPS03 onwards SSO integration using SAP Logon ticket Configuration has been simplified (with less steps compared to previous releases) and with Netweaver 7.3 it has become little easy further.
With NW 7.3 you can execute all SSO Steps from Netweaver. (This means no need to execute STRUSTSSO2 on ABAP stack or log into ABAP systems).
SSO Configuration Steps on Nakisa side:
Refer to instructions in Nakisa Admin guide on How to set Authentication Settings to SAP Logon Ticket option on Nakisa.
Please log on to Nakisa admin console of respective Nakisa application.
Configure it in the application AdminConsole. Go to Security Settings > Authentication Settings. Select Single Sign-on with Logon Tickets and click Next twice.
Enter the details of the SAP system and client where a copy of the Portal ticket is stored (note: this will not be client 000).
Click Next and then click Finish and Submit. Then click Save and Publish
Single Sign On (SSO) Configuration On Netweaver 7.3:
- Navigate to Certification Administration Page on NW 7.3 (àhttps://<hostname>:/sso2))
With Certification Administration You can manage certificates exchange between following systems
- Java <–> Java
- ABAP <–> Java (you can avoid STRUSTSSO2)
- ABAP <–> ABAP
This means even if Nakisa runs on NW 7.1 or 7.2 you can configure SSO with a Central Portal (7.3) in your landscape using Netweaver 7.3 Portal.
Import ABAP certificate into NW7.3 Java System
Go to URL on NW 7.3 System https://:/sso2
- Click on Add Trusted Systemà
Enter (Nakisa Backend ABAP system, ECC) details
Click on Next
Click on Finish:
Import JAVA Certificate into ABAP System:
Save and publish the Nakisa Application Build.
Restart the Nakisa Application
Follow these steps to stop and start (restart) Nakisa applications
- 1. In the SAP NetWeaver Administrator, choose Operation Management Systems Start & Stop.
- 2. Choose the Java Applications tab.
All available applications are displayed in a table format with the corresponding name, vendor, status and functionality.
- 3. Select an application.
On a Side Note (though it’s not needed for 3.0 SPS03 onwards),
Missing Config files Issue: if for some reason SSO Configuration still doesn’t work, then follow these additional steps
- Navigate to the path as described here (substitute with your build related location details).
- Create folder with name root
- And under root folder create XML subfolder.
- Copy LoginConfiguration_SAP_SSO folder (and all its content) onto newly created XML folder.
- Save and publish the building.
- Restart the Nakisa Application. (go to NWAàselect the application and restart).
SSO Log Off Issue:
Issue: Sometimes when you log on with different user ids, you will see the first user data on Nakisa applications.
Solution: The browser stores the OrgChart session (Cookie), so if you don’t close your browser then when you log back in with SSO it continues to use the session stored in your browser.
One of the suggestions (Implementation Option) is to change the URL you use in your iView from https://server:port/OrgChart/default.jsp to https://server:port/OrgChart/logout.jsp.
Upon launching the iView this will log out of the application and then log back into the application, thus authenticating the user.