Activating Logon Ticket Integration

Use

Perform the steps in this procedure so that logon tickets that have been issued by the SAP J2EE Engine can be verified by the UME and vice versa.

Procedure

Using the Visual Administrator:

...

       1.      Select the Configuration Adapter from the server’s list of services.

       2.      Expand Configurations ® cluster_data ® server ® persistent ® com.sap.security.core.ume.service.

       3.      Select sapum.properties.

       4.      Download and edit the file. Set the following properties:

ume.logonAuthenticationFactory=
   com.sap.security.core.logon.imp.SAPJ2EEAuthenticator

ume.authenticationFactory=
   com.sap.security.core.logon.imp.SAPJ2EEAuthenticator

       5.      Adjust the login module stacks that are to use logon tickets (for example, the client_cert template). Include the modules in the following order:

¡        EvaluateTicketLoginModule with flag SUFFICIENT

¡        BasicPasswordLoginModule with flag REQUISITE

¡        CreateTicketLoginModule with flag OPTIONAL

       6.      If you do not use client_cert for the logon ticket module stack, then also set the following properties in sapum.properties:

ume.login.context=<new_value>
ume.login.context.default=<new_value>

Both values should be the same.

       7.      Restart the SAP J2EE Engine.

Result

Logon tickets issued by the SAP J2EE Engine can be verified by the UME. You do still have to set up the SAP J2EE Engine for issuing and accepting logon tickets. For more information, see Using Logon Tickets for Single Sign-On.