to configure single sign-on, you need to have access to these t-codes −

• rz10
• strust

step 1 − login to the sap srm system using sap gui, go to t-code rz10.

step 2 − select the default profile and extended maintenance after that.

step 3 − click on change and you will see the list of parameters for the profile.

step 4 − change the following profile parameters −

• login/create_sso2_ticket = 1
• login/accept_sso2_ticket = 1

step 5 − save and activate the profile. it will generate a new profile.

step 6 − export the r3sso certificate from the trust manager, go to transaction strust.

step 7 − double-click the text box to the right of own certificate. the certificate information is displayed. note down the values of certificate as you need to enter the values.

step 8 − click on icon export certificate.

step 9 − save the file as <r3_name>-<client>.crt.

example

ebs-300.crt

step 10 − click on the tick mark to create the file in parent directory.

step 11 − import r3 sso certificate to the java engine using the administrator tool.

note − make sure the java engine is started.

step 12 − open the java administration tool.

step 13 − enter the java engine administrator password and click on connect.

step 14 − choose server → services key → storage

step 15 − click on ticket key store in the view panel.

step 16 − click on load in the entry group box. select the .crt file you exported in the previous step.

step 17 − configure the security provider service in the sap java engine using the administrator tool.

step 18 − choose server services security provider.

step 19 − choose ticket in the component panel and go to the authentication tab.

step 20 − modify the options of evaluate ticket login module and add the following properties to each backend system on which you want to configure sso.