SAP SRM - Configuring Single Sign-on

To configure single sign-on, you need to have access to these T-codes −

  • RZ10

Step 1 − Login to the SAP SRM system using SAP GUI, go to T-code RZ10.

T Code RZ10

Step 2 − Select the Default profile and Extended Maintenance after that.

Default Extended Maintenance

Step 3 − Click on Change and you will see the list of parameters for the profile.

Step 4 − Change the following profile parameters −

  • login/create_sso2_ticket = 1
  • login/accept_sso2_ticket = 1
Profile Parameters

Step 5 − Save and Activate the profile. It will generate a new profile.

Step 6 − Export the R3SSO certificate from the Trust Manager, go to transaction STRUST.

Trust Manager

Step 7 − Double-click the text box to the right of Own Certificate. The certificate information is displayed. Note down the values of certificate as you need to enter the values.

Step 8 − Click on icon Export Certificate.

Export Certificate

Step 9 − Save the file as <R3_Name>-<Client>.crt.



Save the File

Step 10 − Click on the tick mark to create the file in parent directory.

Step 11 − Import R3 SSO certificate to the Java engine using the administrator tool.

NOTE − Make sure the Java engine is started.

Step 12 − Open the Java Administration tool.

Step 13 − Enter the Java Engine Administrator password and click on Connect.

Step 14 − Choose Server → Services Key → Storage

Step 15 − Click on Ticket Key Store in the View panel.

Step 16 − Click on Load in the Entry group box. Select the .crt file you exported in the previous step.

Step 17 − Configure the Security Provider service in the SAP Java engine using the Administrator tool.

Step 18 − Choose Server Services Security Provider.

Step 19 − Choose ticket in the Component panel and go to the Authentication tab.

Step 20 − Modify the options of Evaluate Ticket Login Module and add the following properties to each backend system on which you want to configure SSO.

Kickstart Your Career

Get certified by completing the course

Get Started