Purpose:
Trust can be established between LUI Server and SAP ERP Server by utilizing the appropriate certificates and private key.
This trust relationship enables LUI Server to log into SAP ERP, thereby enabling the use of a common user database, such as Microsoft Active Directory or an LDAP Server.
Additionally, it is required to support new features of Liquid UI such as fingerprint and retina scan login from the Mobile devices.
Prerequisites:
Liquid UI Server Version 3.5.561.0 and above
Synssl.dll Version 2.0.0.0 and above
Need administrative access to Transaction "STRUSTSSO2" in SAPgui to import certificate
NOTE:
The following components are necessary to establish proper working trust for SSO.
1. Configuration in sapproxy.ini
2. Certificate in .DER format to be imported into SAP ERP
3. Private key and Certificate in .p12 to be configured in sapproxy.ini
4. Configuration in SSTRUSTSSO2 transaction in SAP ERP to import the certificate and set up the ACL
Setup on sapproy.ini:
Set up in sapproxy of trust is activated with this key, strustsso2, like:
[proxy1]
ListenPort=3200
TargetServer=juneau
TargetServerPort=3200
GuiXT = 10
strustsso2=msad,388,LUX,r:\synactive\sapproxy\LuiKeyPair.p12,p12password
defaultdomain=syndom
NOTE:
The above "strustsso2" option is specified with-
1. Msad - to signify authentication through Microsoft Active Directory. (Future versions may support LDAP)
2. 000 - is the client number of this Liquid UI Server. It can be any 3 digit number, but this same number must be used to set up in the ACL in the ERP transaction.
3. LUX - a 3 character system ID of this Liquid UI Server.
4. The encrypted p12 file, containing the private key (this can be exported from a Portal that has an existing trust). This will be set up in the ACL of STRUSTSSO2 transaction.
5. The password for the p12 file.
Confirming that SSO is turned on and configured properly:
r:\SYNACTIVE\sapproxy\x64\Debug>sapproxy -debug
GuiXT Server x64 Version 3.5 (Build 561).
Debugging Synactive R/3 Proxy.
RPC Server listening ..
LFH NOT TURNED ON!
SSO function retrieved.
Creating certificates:
1. Place the "Synssl.dll", "openssl.exe" and "openssl.cnf" in the Liquid UI Server folder.
2. Run command prompt as administrator.
3. Certificate can be generated with the online openssl.exe tool, with the following commands-
(Replace path to the file location):
>>set OPENSSL_CONF=C:\Program Files\Synactive Inc\GuiXTServer\openssl.cnf
>>openssl dsaparam -noout -out luikey.pem -genkey 1024
>>openssl req -x509 -new -sha1 -days 7300 -key luikey.pem -out luicert.pem
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Liquid UI Server
Organizational Unit Name (eg, section) []:LUX
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
>>C:\Users\te\sec\setup>openssl pkcs12 -export -inkey luikey.pem -in luicert.pem -out LuiKeyPair.p12
Enter Export Password:
Verifying - Enter Export Password:
Installation in SAP ERP:
1. Go to transaction STRUSTSSO2, and select Import Certificate.
2. You will see the details appear in "Certificate" section.
3. Now, click on "Add to Certificate List" and click on "Add to ACL"
4. When selecting "Add to ACL", you will be presented with a dialog, enter the client number and system ID of the Liquid UI Server.
5. Verify that your certificate is appearing in the ACL. Setup for SAP ERP is now complete.
6. Click on Save.
Once this is all set up, now connect your Liquid UI client to the Liquid UI Server, and enter "domain\username", and enter your domain password.
Once you are authenticated, make sure that your username matches the SAP username, and you will be logged in.
Check attached document with screenshots!
