Importing the BW Certificate

The BW certificate must be imported into the portal so that content from the portal can be displayed in SAP BW, such as the portal roles in the BEx Web Application Designer, for example.

Prerequisites

Before the BW certificate can be imported into the portal, it has to be exported from the BW system. For more information, see Exporting the BW Certificate.

Procedure

Follow these steps to import the BW certificate into the J2EE engine:

1. Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%\admin\go.

2. Connect to the portal server.

3. In the tree, choose /Server<…>/Services/Key Storage.

4. Select the view TicketKeystore under Views.

5. Under Entry, click Load.

6. Open the file _certificate.crt.

Perform the following steps so that the SAP J2EE Engine accepts the SAP Logon Tickets from the BW system as an external system.

...

1. Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%\admin\go.

2. Connect to the portal server.

3. In the tree, choose /Server<…>/Services/Security Provider.

4. Choose Ticket as Component.

5. Choose the Authentication tab page.

6. Change the options for the com.sap.security.core.server.jaas.EvaluateTicketLoginModule parameter and insert the following values:

○ trustedsys=, (for example, BWP, 000)

○ trustediss= (for example, CN= BWP, OU=I0020114583, OU=SAP Web AS, O=SAP Trust Community, C=DE)

○ trusteddn= (for example, CN= BWP, OU=I0020114583, OU=SAP Web AS, O=SAP Trust Community, C=DE)

is a number for all three entries, but must be incremented by one for every external system.

and are the system ID and the client of the BW system.

and correspond to the Own Certificate value in the transaction Trust Manager for Single Sign-On with Logon Ticket (transaction code STRUSTSSO2). The value trustediss corresponds to the value Issuer; the value trusteddn corresponds to the value Owner.

As of SAP BW 3.5 SP 11 in SAP NetWeaver SP Stack 11, you have to perform the following steps to use the Send SAP Logon Ticket option (see Creating an RFC Destination for SAP EP 6.0):

...

1. Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%\admin\go.

2. Connect to the portal server.

3. In the tree, choose /Server<…>/Services/Security Provider.

4. Choose evaluate_assertion_ticket as Component.

5. Choose the Authentication tab page.

6. Change the options for the com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule parameter and insert the following values:

○ trustedsys=, (for example, BWP, 000)

○ trustediss= (for example, CN= BWP, OU=I0020114583, OU=SAP Web AS, O=SAP Trust Community, C=DE)

○ trusteddn= (for example, CN= BWP, OU=I0020114583, OU=SAP Web AS, O=SAP Trust Community, C=DE)

The values correspond to the above values under Component Ticket.