5 points you must not miss about SSO
There are just much too content available for SSO and how should it be configured. However, few discuss about those golden points that are considered suicidal for SSO. These are the points that, you, as a SAP Netweaver Portal expert, should know. These points are very trivial yet extremely important. More often than not, companies ask question on SSO in their interviews. You, as a Portal consultant, having 2 or 3 years of experience, would be sure to tackle these questions. If you consider these points before configuring SSO, you would avoid raising an OSS note to SAP for troubleshooting. Well, I am writing this post from my own experience and mistakes that I made during SSO configuration. So I can boast of this post. 
Point 1 Remember, SSO is domain dependent. That means, the cookie that is stored while establishing a connection with SSO, is specific to the domain you are in. For e.g. if you are accessing the portal using http://<host>.<mycompany.com>:<port>/irj/portal then the cookies is set for mydomain.com. If you do not put a FQDN (Fully Qualified Domain Name) SSO wont exchange the cookie containing the user id. So result is SSO doesn’t not happen
Point 2 If you have created a system to connect to SSO, don’t test it with Admin Id. Yes, this is the most common mistake we do. We configure SSO perfectly but forget that SSO needs existence of the same user id in both portal and R/3. So do not test the system with Admin Id
Point 3 Even if your system is showing error and telling you to check SSO configuration, you can still make sure if SSO is working. Yes it happens most of the times that System test gets failed but SSO still works. How to check this? Create a SAP Transaction iView and run it. It can still take you without asking for logon if SSO is configured correctly. Else, go to System Administration –> Support –> Admin Console –>SAP Application –> SAP Transaction. Put any transaction code here to test the SSO.
Point 4 Check if SSO ticket receiving parameter is set in R/3. Use transaction RZ 10 for check this parameter and its value
Point 5 Import .der file and not the .PSE file in STRUSTSSO2 transaction. Also remember to set import type as binary.
I hope this post helps you keep SSO configuration simple and quick. If you feel there is something else or more points about SSO, feel free to share them in the comments.Also let me know what you would like to read more from portal side. I will certainly try to write about it.
Ameya
Comment with Facebook or go to end of page to comment regularly
Powered by Facebook Comments
Filed Under: Netweaver Portal
i liked you blog about 5 points you must not miss about SSO. i feel one more point is of utmost importance to be included is the time factor, i.e. the time of the ticket issuing system and the ticket receiving system.
Like or Dislike:
0 
0
Indeed, time symcronization of two systems matter a lot. I have faced this problem once. You keep on guessing what’s wrong with configuration but issue lies in system time.
Thank you Santosh for valuable tip.
Ameya
Like or Dislike:
0 
0
Hi,
with mdc(multi domain controller) parameter, the SSO can be made to work for other domains as well.
Regards,
Isvarya
Like or Dislike:
0 
0
Hello Isvarya,
That is one of the great points you’ve shared. Could you also please tell us where can we set this parameter?
Many Thanks,
Ameya
Like or Dislike:
0 
0