SAP How-to Guide
Sybase Unwired Platform
How To... SSO with SAP token for MBO-based apps
Applicable Releases:
Sybase Unwired Platform 2.1
Version 1.0
March 2012
All other prod uct and service nam es m entio ned are the tradem arks of their respective com panies. Data contained in this d ocument serves inform atio nal purpose s only. N atio nal product specifications may vary.
The information in this document is proprietary to SAP. N o part of this docum ent may be reproduce d, copied, or transm itted in any form or for any purpose without the express pri or written perm ission of SAP AG.
This document is a preliminary versio n and not subj ect to your license agreem ent or any ot her agreem ent with S AP. Thi s docume nt contains only inten ded strate gies, developm ents, an d functionalities of the SAP® pro duct and is n ot intended to be bi ndin g up on S AP to any particular course of busin ess, pro duct strategy, an d/or developm ent. Please note th at this docum e nt is subj ect to change and m ay be change d by SAP at any tim e without n otice.
SAP assum es no respo nsibility for errors or om issi ons in this docum ent. SAP d oes not warrant the accuracy or com pleteness of the information, text, grap hics, links, or ot her items containe d within this m aterial. T his docume nt is provided without a warranty of any kind, eith er express or implied, including b ut not lim ited to the implied warranties of m erchantability, fitness for a particular purpos e, or non-infringem ent.
SAP shall have n o liability for dam ages of any kind includin g without lim itation direct, special, indirect, or consequential dam a ges that m ay result from the use of thes e m aterials. This lim itation shall n ot apply in cases of intent or gross negligence.
The statutory liability for personal injury an d defective products is n ot affected. SAP has n o control over the inform ation that you m ay access through the us e of hot links contai ned in the se m aterials and d oes n ot end orse yo ur use of third-party Web page s nor provide any warranty whatsoever relating to third-party Web pa ges .
© Copyright 2012 SAP AG. All rights reserved.
No part of this publication m ay be repro duce d or transmitted in any form or for any purpo se without the express perm ission of SAP AG. T he inform atio n containe d herein m ay be chan ged with out prior notice.
Som e software products marketed by SAP AG an d its distrib utors contain proprietary software com po nent s of other software vend ors.
Microsoft, Window s, Excel, Outlo ok, an d PowerPoint are registered trademarks of Microsoft Corporation.
IBM , DB2, DB2 Universal Data base, System i, Syst em i5, System p, Sy stem p5, System x, System z, System z10, System z9, z10, z9, iSeries, p Series , xSeries, zSerie s, eServer, z/VM, z/OS, i5/O S, S/390, O S/39 0, OS/ 400, AS/ 400, S/390 Parallel Enter prise Server, PowerVM, Power Architecture, POWER6 +, POWER6, POW ER5+, POW ER5, POWER, OpenPower, PowerPC, BatchPipes , BladeCenter, System Stora ge, GPF S, HACMP, RETAIN, DB2 Con nect, RACF, Red book s, OS /2, Parallel Syspl ex, MVS/ES A, AIX, Intellige nt M iner, Web Sphere, N etfinity, Tivoli and I nform ix are
tradem arks or registered trademark s of IBM Corporation.
Linux is the registere d tradem ark of Linus Torvald s in the U. S. an d other countries.
Ado be, the Adobe logo, Acrobat, Post Script, and Rea der are either tradem arks or registered trademark s of Ado be System s Incorporated in the United States and /or oth er countries.
Oracle is a registered tradem ark of Oracle Corporation.
UNIX, X/Open , OSF/1, a nd M otif are registered tradem arks of the Ope n Group.
Citrix, ICA, Program Neighborhood , M etaFrame, WinFram e, Vide oFrame, an d MultiWin are tradem arks or registered trademarks of Citrix Systems, Inc.
HTM L , XM L, XHTM L and W3C are trademarks or registered trademarks of W3C®, World Wid e Web Co nsortium , Massachu setts Instit ute of Techn ology.
Java is a registered trademark of Sun M icrosystem s, Inc.
JavaScript is a registered trademark of Sun M icrosystems, Inc., u sed u nder license for technol ogy inve nted an d im plem ente d by Netscape.
SAP, R/3, SAP N etWeaver, D uet, PartnerEd ge, ByDesig n, SAP Bu sinessObjects Explorer, Stream Work, and other SAP products a nd services m entio ned h erein as well as their respective logos are tradem arks or registered trad emarks of SAP AG in Germ any and other countries .
SAP “How-to” Guides are intended to simplify the product implementtation.
While specific product features and procedures typically are explained in a
Business Objects and the Business Objects logo, BusinessObjects, Crystal
practical business context, it is not implied that those features and procedures are
Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects
the only approach in solving a specific business problem using SAP NetWeaver.
products and services mentioned herein as well as their respective logos are
Should you wish to receive additional information, clarification or support, please
trademarks or registered trademarks of Business Objects Software Ltd. Business
refer to SAP Consulting.
Objects is an SAP company.
Any software coding and/or code lines / strings (“Code”) included in this
Syba se and A daptive Server, iAnyw here, Sy base 365, SQL A nywhere, an d other Sybas e prod ucts and services m enti oned herein as well as their respective log os are tradem arks or registere d tradem arks of Syba se, Inc. Sy base is an SAP compa ny.
documentation are only examples and are not intended to be used in a productive
system environment. The Code is only intended better explain and visualize the
syntax and phrasing rules of certain coding. SAP does not warrant the correctness
and completeness of the Code given herein, and SAP shall not be liable for errors
or damages caused by the usage of the Code, except if such damages were
caused by SAP intentionally or grossly negligent.
Disclaimer
Some components of this product are based on Java™. Any code change in these
components may cause unpredictable and severe malfunctions and is therefore
expressively prohibited, as is any decompilation of these components.
Any Java™ Source Code delivered with this product is only to be used by SAP’s
Support Services and may not be modified or altered in any way.
Document History
Document Version
Description
1.00
First official release of this guide
Typographic Conventions
Icons
Type Style
Description
Icon
Example Text
Words or characters quoted
from the screen. These include
field names, screen titles,
pushbuttons labels, menu
names, menu paths, and menu
options.
Cross-references to other
documentation
Example text
Emphasized words or phrases in
body text, graphic titles, and
table titles
Example text
File and directory names and
their paths, messages, names of
variables and parameters,
source text, and names of
installation, upgrade and
database tools.
Example text
User entry texts. These are
words or characters that you
enter in the system exactly as
they appear in the
documentation.
<Example
text>
Variable user entry. Angle
brackets indicate that you
replace these words and
characters with appropriate
entries to make entries in the
system.
EXAMPLE TEXT
Keys on the keyboard, for
example, F2 or ENTER.
Description
Caution
Note or Important
Example
Recommendation or Tip
Table of Contents
1.
Business Scenario ............................................................................................................... 1
2.
Background Information ..................................................................................................... 1
3.
Prerequisites ...................................................................................................................... 1
4.
Step-by-Step Procedure ..................................................................................................... 1
4.1
4.2
Obtain/Install SAP Cryptographic Libraries ........................................................................... 1
Generating a PSE file for SUP Server .................................................................................... 3
4.3
4.4
Import the SUP PSE certificate into the SAP EIS .................................................................. 4
Import the SAP EIS certificate into SUP PSE ......................................................................... 7
4.5
4.6
Create a “Connections” profile for SUP ................................................................................ 9
Token provider URL ............................................................................................................ 12
4.7
4.8
Steps for Token provider URL with SSL/HTTPS .................................................................. 14
Simple Connection Test for the SSO Landscape ................................................................. 15
4.9 Create a SUP Security Profile.............................................................................................. 17
4.10 Assigning the Security Profile to a Domain/Package ........................................................... 19
4.11 SUP Workspace .................................................................................................................. 21
5.
Appendix ......................................................................................................................... 23
How To... SSO with SAP token for MBO
MBO-based apps
1.
Business Scenario
In a modern enterprise landscape, it makes sense to implement Single Sign-On
Sign
(SSO) to help reduce
complexity, TCO and increase user productivity. In a mobile environment, it is especially important to reduce
the number of times a user has to ente
enter his or her credentials – small keyboards slow users down and can lead
to an increase in thee number of attempts at entering usernames and passwords.
The Sybase Unwired Platform (SUP) provides
provide you with various options to help enable the SSO solution. This
document will help you to understand the necessary sequences on how to setup Single Sign-On
On (SSO) for SUP
2.1 using SAP SSO2 token.
2.
Background Information
For this scenario, we will be using the following landscape.
TRUST
SYSTEM
(SSO)
ABAP System (dual stack): usphlrig1
This system will be the business data
Java System: usphrlig18
This system will be the authenticating system and
SAP SSO2 token issuing server
SUP Server: usphrlig12
Note
We could have just use the Java stack on the ABAP system to be the SAP SSO2 issuing server as well here
3.
Prerequisites
For this guide, we will assume the following:
•
•
•
•
•
•
4.
A working landscape (SUP and EIS)
EIS (backend) system is fully configured
configure for SSO and SNC
OS access to the SUP server with admin
administrative privileges to install security modules
Access to the SSC for SUP with admin
administrative privileges to configure the landscape for SSO
Access to SAP Service Marketplace (SMP) to obtain the SAP cryptographic libraries
Access to obtain certificate
ertificate of the SAP EIS
Step-by-Step
Step Procedure
Below are sequence of steps that one would need to follow to implement SSO with SAP token/ticket.
token/ticket Some of
the initial steps can be skipped if SUP has already been configured for SAP EIS.
4.1
Obtain/Install SAP Cryptographic L
Libraries
...
•
If you don’t have the SAPCAR executable already then perform these tasks: Login to SAP Service
Marketplace (SMP) (http://service.sap.com/swdc
http://service.sap.com/swdc)
•
Navigate to “Support
Support Packages and Patches”
Patches “Additional Components” “SAPCAR
SAPCAR” select any
version select your OS download the executable
•
Navigate to “Installations
Installations and Upgrades
Upgrades” “Browse our Download Catalog” “SAP
SAP Cryptographic
Software” “SAP Cryptographic Software”
•
Select and download the platform specific file for your SUP OS
•
Create a directory
ry in which you can unpack the cryptographic file. For example: D:
D:\sapcryptolib
sapcryptolib
•
Extract the SAP Cryptographic SAR file. For example:
April 2012
1
How To... SSO with SAP token for MBO
MBO-based apps
SAPCAR.EXE -xvf < SAP
AP Cryptographic SAR file> -R d:\sapcryptolib
•
Open the “D:\sapcryptolib”
tolib” in Windows Explorer
•
Copy the content in the sub directory for the SUP OS to “D:
“D:\sapcryptolib”.
tolib”. For this example the SUP
OS is x86 architecture:
•
Add the SECUDIR environment variable to the user environment batch file:
<UnwiredPlatform_InstallDir>
<UnwiredPlatform_InstallDir>\UnwiredPlatform\Servers\UnwiredServer\bin\usersetenv.bat.
usersetenv.bat.
April 2012
2
How To... SSO with SAP token for MBO
MBO-based apps
•
Set the system environment SECUDIR variable to the SAP Cryptographic installation path. For
example:
•
If you have installed Unwired WorkSpace, you must add the SECUDIR variable to the WorkSpace
batch file: <UnwiredPlatform_InstallDir>
UnwiredPlatform_InstallDir>\UnwiredPlatform\Eclipse\UnwiredWorkspace.bat.
UnwiredWorkspace.bat.
4.2
Generating a PSE file for SUP Server
This section only applies if your organization does not have a method to create your own X.509 certificate for
the SUP server. If your organization already has a PKI environment then you can ask the administrator of that
system to create a X.509 certificate for your
you SUP server and the steps might be different to convert that file
into a PSE file.. We will be using what we have in
installed in
n the previous section for the tasks below.
•
Open a DOS console
•
Change to the directory where you extract the SAP cryptographic file. For example: d::\sapcryptolib
•
Generate the certificate with the command below:
Syntax: sapgenpse get_pse <additional_options
<additional_options> -p <PSE_Name> –rr <cert_req_file_name> -x
<PIN> <Distinguished_Name>
Example: sapgenpse get_pse –p SNCTEST.pse –r abc.req –x abcpin
"CN=host123.mycompany.com, OU=I1234567890-MyCompany,
OU=I1234567890 MyCompany, OU=SAP Web AS, O=SAP Trust
Community, C=DE"
April 2012
3
How To... SSO with SAP token for MBO
MBO-based apps
Note
For the Distinguished Name, please use fully qualified domain name (FQDN). Remember the
PIN/password for later usage.
•
Generate a credential file to initialize a new keystore
keyst
for usage
Syntax: sapgenpse seclogin -p <PSE file> -O DOMAIN\your_name_here -x password
sword
Example: sapgenpse seclogin -p SNCTEST.pse -O SYSTEM -x abcd1234
Note
The user generating the certificate must have the same user
user name as the process (mlserv##.dll
(mlserv## or
eclipse.exe) under which the Unwired Platform service runs.
•
If the command is successful then you should see folder and a file similar to the screen shot below
4.3
•
•
•
Import the SUP PSE certificate into the SAP EIS
On the SUP system, export the certificate from the PSE that was just created
created.. Example:
Example: sapgenpse.exe export_own_cert
export_own_cer -v -p SNCTEST.pse -x abcd1234 -o
o SUP
SUP.crt
Login to the SAP EIS via the SAP GUI
Start the transaction “STRUST
STRUST”
April 2012
4
How To... SSO with SAP token for MBO
MBO-based apps
•
Click on the “SNC SAPCryptolib”
tolib” node or some similar node that hold the SNC certificate. You will
need to provide the password that as created with it.
•
Now we can import the SUP PSE into this system to setup a trust, click on “Import certificate” while in
the SNC node
April 2012
5
How To... SSO with SAP token for MBO
MBO-based apps
•
On the “Import Certificate” screen, switch to “Base64” for the file for
format
mat and navigate to the
exported certificate of the SUP server that was done earlier then hit “Enter”
•
Click on “Add to Certificate List” for the next screen
April 2012
6
How To... SSO with SAP token for MBO
MBO-based apps
•
If everything is successful then the screen would look something like below.
4.4
•
•
Import the SAP EIS certificate into SUP PSE
You still should be in the SAP GUI from exporting the SAP EIS SNC certificate
Double
ouble click on the “Owner” certificate so that the certificate is displayed
display
April 2012
7
How To... SSO with SAP token for MBO
MBO-based apps
•
Click on “Export certificate”,, click on “Base64” for the file format and give it a path to export the
certificate
•
•
Now, we need to back on the SUP server for the following tasks
Start a DOS console and import the SAP EIS certificate into the SUP PSE. Example:
Example: sapgenpse.exe maintain_pk -v -p SNCTEST.pse -x abcd1234 -a SAP_EIS.crt
.crt
April 2012
8
How To... SSO with SAP token for MBO
MBO-based apps
•
A SUP application restart will be needed here
4.5
Create a “Connections” profile for SUP
•
•
Login into SUP SCC with an administrative account. Example: https://<SUP host>:8283/scc/#
:8283/scc/#
Navigate to “Connections” node
•
Create a new connection by clicking on the “New…”
April 2012
9
How To... SSO with SAP token for MBO
MBO-based apps
•
Input the necessary value for the variable
•
The default template does not have all the fields that you would need to setup the connection so we
will need to add them by click on the “ADD NEW PROPERTY” field.
•
Update the connection template so that it contain the followings fields:
Language (jco.client.lang) = EN
Host name (jco.client.ashost)
ashost) = <SAP EIS host>
April 2012
10
How To... SSO with SAP token for MBO
MBO-based apps
System
m number (jco.client.sysnr) = <SAP EIS system number>
SNC mode (jco.client.snc_mode) = 1
SNC name (jco.snc_myname) = p:
p:<SUP DN for the PSE file>
SNC service library path (jco.client.snc_lib) = <path>/sapcrypto.dll
/sapcrypto.dll (the location of the
cryptographic library)
Client number (jco.client.client) = <SAP EIS client number>
SNC partner (jco.client.snc_partnern
(jco.client.snc_partnername) = p:<SAP EIS DN>
SNC level (jco.client.snc_qop) = 1
Note
For the normal operation, you should not use the userID/password field for the connection profile
•
For testing the connection profile, we will need to temporary update the profile to include the
userID/password.
•
Once the userID/password field has been setup, click on the “Test Connection” to see if the certificate
exchange between the two systems is properly setup.
April 2012
11
How To... SSO with SAP token for MBO
MBO-based apps
•
If the test is successful then you can remove the “Logon User” and “Password” field from the profile
and save it.
4.6
Token provider URL
In order to use the SSO token for the MBO
MBO-based
based app, you would need to setup the security profile in SUP to
use the “HttpAuthenticationLoginModule” and with this module the SAP SSO2 token can be obtain.
obtain There a
couple of methods of obtaining the token and it will be cover below but the trick to this module is that the
endpoint URL must issue a “401 Unauthorized”
Unauthorized response when not presented with credentials and accept
basic authentication.
April 2012
12
How To... SSO with SAP token for MBO
MBO-based apps
For this scenario, we will be assuming the issuing/authentication system is a SAP JAVA system of some sort.
One method is to use an existing applic
application in the java system but this would required some minor
modification to the “basic” login stack to force the app to issue a SAP SSO2 token since the default does not
not.
Another method is to create/deploy
deploy a simple portal aapp that can issue a token for the system.
1.
2.
Using an existing app within the java system. Example (the URL below is just one example within
the Java): http://<host>:<port>/sec_basic/basicprotected/index.jsp
o With this method, the issuing system login stack would need to be update achieve what we
want here. You can do this either at the app level or the entire stack but the screen shot
below is for the entire stack
stack.
o Login to your “Visual Administrator” on the java system and update the “basic” stack so that
it would contain the following:
EvaluateTicketLogin
EvaluateTicketLoginModule SUFFICIENT
ClientCertLoginModule
tLoginModule
OPTIONAL
CreateTicketLoginModule
TicketLoginModule
SUFFICIENT
BasicPasswordLoginModule
icPasswordLoginModule REQUISITE
CreateTicketLoginModule
TicketLoginModule
OPTIONAL
o Once the login stack has been updated, an application restart will be need here.
Create a simple app for the portal.
portal Example:
http://<host>:<port>/irj/servlet/prt/portal/prtroot/HelloWorld.HelloWorld
o We won’t be covering on how to create the HelloWorld servlet here but you can find various
guides on the SCN to help with this.
April 2012
13
How To... SSO with SAP token for MBO
MBO-based apps
4.7
Steps for Token provider URL with SSL/HTTPS
This section of the guide will cover the basic of what you will need to do if the token provider URL is using a
SSL/HTTPS. You can skip this step if the URL from the previous section
section finding is using the plain HTTP. Base
on our finding from the previous section, we will be using the following URL:
https://<host>:<SSL_port>/irj/servlet/prt/portal/prtroot/HelloWorld.HelloWorld
•
Get the certificate from SAP EIS that is being use for the encryption communication or the certificate
that was used to sign the SSL certificate. Example:
o This authentication server has the following SSL certificate that is signed by “SSL CA SAP
Security”
April 2012
o
The “SSL CA SAP Security” certificate is signed by “Root CA SAP Security”
o
The “Root CA SAP Security” is the last certificate in the chain
o
We would just need only one of the cert from the certificate chain to satisfy requirement
14
How To... SSO with SAP token for MBO
MBO-based apps
Note
Any of the chain certificates in this scenario would do but we would recommend using the lowest
level of the certificate in the chain to add it to the truststore. The “ROOT CA” would be in this
scenario. The benefit to this is that if you ever decide to add any other backend system to the
landscape and that server certificate was signed by this ROOT CA then you don’tt have to do anything
else to the SUP truststore.
•
Import the certificates into SUP trust
truststore
o Syntax: keytool -import
import -alias <alias> -keystore
<drive>:\Sybase\UnwiredPlatform
UnwiredPlatform\Servers\UnwiredServer\Repository\Security
Security\truststore.jks
-storepass <store password – default=changeit> -file <cert file>
o Example: ROOT CA certificate import
o
4.8
Answer “yes” or “y” for the question (“Trust this certificate?”)
Simple Connection Test for the SSO Landscape
Now that we have found a "401 HTTP Basic authentication" URL to use for the SUP security profile, we can do
a simple test to ensure that the landscape is working before updating the profile in the SUP server. With this
test, we will be using only the web browser on any machine. For this example, we will be using the
“HelloWorld” URL method.
•
•
Start a web browser
Input the “HelloWorld” URL, the system should force a 401 authentication challenge by requesting
req
a
userID/password value.
April 2012
15
How To... SSO with SAP token for MBO
MBO-based apps
•
Input the requested information and a simple Hello message should appear for the app.
•
Now that we have a SAP SSO2 token, we should be able to navigate to the ABAP system without any
issue and should not have to provide any information such as userID/password.
Within the same browser/tab,
browser/tab, navigate to an ABAP URL to test the SSO. For example: http://<ABAP
host>:<port>/sap/bc/ping?sap
host>:<port>/sap/bc/ping?sap-client=<client #>
If everything is working correctly than you should see something like the screen below.
•
•
Note
During this last test (ABAP URL), you should not have to enter the userID/password to get the
successes message. If the system is asking for the userID/Password then the SSO setup is not setup
correctly.
April 2012
16
How To... SSO with SAP token for MBO
MBO-based apps
4.9
Create a SUP Security Profile
•
•
Login into SUP SCC with an administrative account. Example: https://<SUP host>:8283/scc/#
host>:8283/scc/#
Navigate to “Security” node, click on the “General” tab and click “+ New…”
•
Give the profile name and click “OK”
“OK”. For this example: SAPEIS
•
Select the newly created profile on the navigation pane,
pane click on the “Authentication” tab and click on
“New…”
•
On the “Authentication provider:” option, select the “HttpAuthenticationLoginModule”
April 2012
17
How To... SSO with SAP token for MBO
MBO-based apps
•
Add another property field (“SSO Cookie Name”) to the template.
•
Input the required value for the property and click “OK”
Note
For the “SSO Cookie Name”, the value must be “MYSAPSSO2” so that the SUP framework can
propagate it correctly.
•
You can delete the “NoSecLoginModule” from the profile once the new provider has been added.
April 2012
18
How To... SSO with SAP token for MBO
MBO-based apps
•
Switch to the “General” tab and click “Validate” to ensure the input URL is valid ((“401
401 HTTP Basic
authentication” URL)
•
If everything is successfully then click “Apply”
4.10
•
Assigning the Security Profile to a Domain
Domain/Package
Within the SCC, navigate to the “S
“Security” node for your working domain and click on “Security
Configurations” tab.. Example: for this scenario, we are working under the default domain
April 2012
19
How To... SSO with SAP token for MBO
MBO-based apps
•
Click on”+ Assign…” and select the new profile that was just created and click “OK”
•
The result is that the profile now can be use for this domain
Note
Assign the security profile to the correct domain for your application or the device client will
authenticate in the default domain with the admin security configuration, and won't pick up the
SSO2Token they need for SSO later.
•
After the security profile has been added, you can now assign the profile to a package by navigate to
the application, select it and click on the “Setting…” tab. Example:
April 2012
20
How To... SSO with SAP token for MBO
MBO-based apps
4.11
•
SUP Workspace
In the SUP Workspace, make sure the Runtime Data Source Credential and Connection Properties
setting have been made. It needs to be set to "username" and "password"
"password" for the respective fields.
Example:
April 2012
21
How To... SSO with SAP token for MBO
MBO-based apps
•
That should be all you need to do from the development side to setup for SSO.
April 2012
22
How To... SSO with SAP token for MBO
MBO-based apps
5.
Appendix
Appendix A – Further resource @ SyBooks Online and SAP Library
• SUP Single Sign-On: http://infocenter.sybase.com Sybase Unwired Platform 2.x System
Administration Security Administration Security Layers User Security Setup Single Sign-on
for SAP
• Configuring the AS ABAP for Supporting SSL:
http://help.sap.com/saphelp_aii710/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm
• Configure SAP EIS for SSO:
http://help.sap.com/saphelp_nw70/helpdata/en/61/42897de269cf44b35f9395978cc9cb/frameset.htm
• Reference for the login stack:
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/c3/d4bbdcbbff4f8f9b2c4fe07fe105ae/content.htm
Appendix B – Browser tools for tracing HTTP traffic
You can use one of the following tool to help with the initial phase of the SSO setup to see if the URL traffic is
issuing a SAP SSO2 token or forcing a “401 HTTP Basic authentication”.
• HttpWatch
• HTTPLook
• Wireshark
• Fiddler 2
Appendix C – Debug
• Change the log levels in SCC and restart SUP server
server. To do this, go into
nto SCN, go down into “Servers” <servername> “Server
Server Configuration
Configuration” “General” tab, and then pick “Performance
Performance Configuration
Configuration”.
April 2012
23
How To... SSO with SAP token for MBO
MBO-based apps
Click on "Show optional properties" and add something like ""-Djco.trace_level=1 Djco.trace_path=D:\temp"
temp" to the existing "User Options". This will result in traces being written by the
JCO layer to the location you specify.
• In SCC, go to “Servers” <servername
servername> “Log”, then go to the “Settings” tab. Change the entries for
“Security” and “DataServices” to DEBUG. This will result in extra info in the SERVERNAME-server.log
SERVERNAME
file, located under X:\sybase\UnwiredPlatform
UnwiredPlatform\Servers\UnwiredServer\logs
April 2012
24
www.sap.com/contactsap
www.sdn.sap.com/irj/sdn/howtoguides
