XI Tips and Tricks

Enterprise Resource Planning Portal

ERPGenie.COM -> NetWeaver -> Process Integration -> XI (Exchange Infrastructure) -> XI Tips and Tricks

These 17 rich-media demos cover a broad range of topics relevant to SAP NetWeaver Exchange Infrastructure (SAP NetWeaver XI).

XI Demos

Enabling SSO for XI

Pre-requisites

How to Enable Single-Sign-On for SAP Exchange Infrastructure
Visual Admin access to Java Instance
Access to STRUSTSSO2 transaction
OSS Note 757373 – Single Sign-On for Runtime Workbench

Enable SAP Logon Ticket for J2EE	1. Launch Visual Admin and go to Server >> Services >> Security Provider >> Runtime >> Policy Configurations. 2. Under Components, modify the Authentication template to ticket for: sap.com/com.sap.xi.repositoryrep sap.com/com.sap.xi.directorydir sap.com/com.sap.xi.servicesrun sap.com/com.sap.xi.rwbrwb_mdt sap.com/com.sap.xi.mdtmdt sap.com/com.sap.xi.rwbrwb sap.com/com.sap.lcrsld sap.com/com.sap.rprof.remoteProfileexchangeProfile sap.com/com.sap.aii.af.app*AdapterFramework
Enable SSO for Integration Builder Web Start Applications	3. Launch Internet Explorer and go to URL http://<XI hostname server>:<XI port#>/exchangeProfile 4. Expand IntegrationBuilder and click on com.sap.aii.ib.core.sso.enabled. 5. Ensure the value is true and save your change. 6. Launch Internet Explorer and go to URL http://<XI hostname server>:<XI port#>/rep. to go to the Exchange Infrastructure tools page. 7. Go to Administration, Under the Repository tab, click All Properties and click Refresh to ensure the value created in above step is set to true.
Ensuring Fully qualified hostname is used	Note: The SAP Logon Ticket is issued to the domain of the web application. Therefore, it is mandatory that the full qualified hostname is used for accessing the SAP XI applications. 8. Launch Internet Explorer and go to URL http://<XI hostname server>:<XI port#>/exchangeProfile 9. Browse the parameters on the left and ensure the below values have a fully qualified hostname and save your changes if you made changes. com.sap.aii.connect.cr.name com.sap.aii.connect.directory.name com.sap.aii.connect.integrationserver.name com.sap.aii.connect.landscape.name com.sap.aii.connect.repository.name com.sap.aii.connect.rwb.name com.sap.aii.ib.server.connect.webas.r3.ashost com.sap.aii.rwb.server.centralmonitoring.r3.ashost 10. Launch Internet Explorer and go to URL http://<XI hostname server>:<XI port#>/rep to go to the Exchange Infrastructure tools page. 11. Go to Administration, Under the Repository tab, click All Properties and click Refresh to ensure the values modified in above step is set to fully qualified hostname. 12. Launch Visual Administrator >> Server >> Services >> SAP AF CPA Cache 13. Enter the appropriate values for: SLD.selfregistration.hostname (Use fully qualified hostname) SLD.selfregistration.httpPort (e.g. 50000) SLD.selfregistration.httpsPort (e.g. 50001) 14. Save the changes and restart the service. 15. In Visual Administrator >> Server >> Services >> Deploy >> Application restart the applications below: com.sap.aii.af.cpa.app com.sap.aii.af.app
Verify the SLD has the fully qualified hostnames	16. Launch Internet Explorer and go to URL http://<XI hostname server>:<XI port#>/sld to go to the Exchange Infrastructure tools page. 17. Go to Content Maintenance, select ‘XI Adapter Framework’ . 18. Click on the Assoc’s link for the XI Adapter Framework 19. Click on the ‘XI Adapter Hosted HTTP Service Port’ and click on the link ‘Basic URLs of Adapter Engine on….’ and validate that SecureURL and URL are using the fully qualified hostname.
Enable SSO from the J2EE into the ABAP	20. Modify and activate the Instance profile for the below parameters: login/accept_sso2_ticket = 1 login/create_sso2_ticket = 1 SAPLOCALHOSTFULL = <fully qualified hostname> 21. Launch Visual Administrator >> Server >> Services >> Configuration Adapter. 22. On the right, go to Cluster Data >> server >> cfg >> services >> double click in Propertysheet com.sap.security.core.ume.service and change the value of the parameter ‘login.ticket.client’ to a client that does not exist (e.g. 001) and restart J2EE. 23. Restart the Instance.
Create new J2EE Engine SAPLogonTicketKeyPair	24. Launch Visual Administrator >> Server >> Services >> Key Storage. 25. Select ‘TicketKeystore’ in the Runtime tab and delete both SAPLogonTicketKeyPair and SAPLogonTicketKeypair_Cert. 26. Create a new entry called ‘SAPLogonTicketKeypair’ with the following values: Entry Name = SAPLogonTicketKeypair Country Name = <COUNTRY CODE> State = <STATE> Locality Name = <CITY> Organization Name = <ORG NAME> Organization Unit Name = <SID Name> Common Name = <SID Name> Check store certificate Key length = 1024 Algorithm = DSA Then click Generate.
Export the J2EE SAPLogonTicketKeypair Certificate	27. Launch Visual Administrator >> Server >> Services >> Key Storage. 28. Select ‘TicketKeystore’ in the Runtime tab and highlight SAPLogonTicketKeypair_Cert and click Export with X.509 format on to the XI server with filename <SID>_J2EE_XISSO
Import the J2EE Certificate to the SAP ABAP	29. FTP the exported J2EE SSO certificate to your machine. 30. Login to SAP and go to STRUSTSSO2, in the Certificate section click on Import Certificate and browse to the J2EE SSO certificate file to import the certificate with Binary format. 31. Click Add to Certificate List. 32. Click Add to ACL and enter System ID = <Command Name> and client 001.

All product names are trademarks of their respective companies. ERPGenie.COM, Inc. is in no way affiliated with SAP AG.
SAP, SAP R/3, R/3 software, mySAP, ABAP, BAPI, xApps, SAP NetWeaver, and and any other SAP trademarks are registered trademarks of SAP AG in Germany and in several other countries.
Every effort is made to ensure content integrity. Use information on this site at your own risk.