Single Sign-On for SAP Shortcuts

How to configure SAP NetWeaver Single Sign-On with certificates out-of-the box!

SAP NetWeaver lets you configure SSO to an AS ABAP system from the SAP NetWeaver Portal. You should utilize these features to allow built-in entry from the portal to ABAP transactions out there within the SAP GUI.

For this situation, the portal and the AS ABAP system use logon tickets to allow SSO. The logon ticket is handed to the SAP SSO shortcut utilizing a portal iView.

For an summary of the authentication course of stream, see the determine under.

SSO between portal and SAP Shortcut


  • Customers have the identical person ID in the entire methods they entry utilizing the logon ticket. Passwords should not have to be the identical in all methods.

  • The Internet browsers used for accessing the portal can settle for cookies. For instance, in Web Explorer you possibly can configure the Internet browser to just accept session cookies for the native intranet zone.

  • The ticket accepting AS ABAP system is situated in the identical DNS area because the ticket issuing server system.

  • The clocks of the ticket accepting and issuing methods have to be synchronized. If you don’t synchronize the clocks, then the accepting system might obtain a logon ticket that’s not but legitimate, leading to an authentication error.

  • The ticket issuing server should possess a public-key certificates and a private and non-private key pair to digitally signal the logon ticket.

  • The UME of the Portal and back-end AS Java methods use the identical person retailer because the AS ABAP system.


  1. Configure the AS ABAP to just accept and confirm logon tickets.

  2. Restart the AS ABAP.