• Home
• Foundation Release Notes
  • Foundation 12.0.x Release Notes
    • Composer
    • User Governance
    • Workflow
    • SAP Integration Server
  • Foundation 11.2.12 Release Notes
  • Foundation 11.2 and earlier Release Notes
    • Composer release notes
    • User Governance
    • Winshuttle Workflow
    • SAP Integration Server
    • License Management System
• Foundation 12 Product Availability Matrix
• Foundation 12 System Requirements
• Foundation 12 Help
  • Installing Foundation 12
  • Foundation Menu overview
  • Foundation configuration - First Tasks
  • User Governance Help
    • Creating custom document libraries
    • Adding a new Foundation Site
    • Managing licenses
    • Managing users, permissions, and roles
    • Managing content
    • Reports and audits
      • Working with audits
      • Viewing reports
    • Configuration
      • All Settings (table)
      • Personal settings
        • My Settings
        • Manage SAP Credentials
      • Server settings and connections
        • Database connections
        • Log and report settings
        • SAP Application Servers
        • Foundation Setup
        • Workflow Administration
      • Product settings
        • Authorization Fields
        • Client Features
        • Developer Proficiency Levels
        • Policies
        • Preferences
        • System Usage Level
      • Foundation settings
        • Company Logo
        • Email Templates
        • Backups
        • Restore
        • Manage Scheduled Jobs
        • Department/Job Title
        • Out of office Delegation
        • SAP Integration Server Infrastructure
        • SAP Integration Server Tasks
  • SAP Int. Server Help
    • Using the configuration Admin Tool
    • Configuring Server settings
    • Configuring Server Manager
    • Configuring the Server Worker
    • Configuring the Worker LaunchGUI
    • Configuring RabbitMQ
    • Creating or migrating SAPIS databases
    • Configuring SAP SSO
    • Configuring SAP SSO for SAP Integration Server
    • Troubleshooting FAQ - Winshuttle SAP Integration Server
  • Workflow Help
    • Upgrading Workflow from a previous version
    • Creating a Winshuttle Form Site
    • Working with workflows
    • Managing workflow tasks
    • Workflow Administration
    • Uninstalling Workflow
  • License Mgmt. System
    • Winshuttle LMS overview
    • Configuring LMS
      • Configuring IIS/LMS for custom host names
      • Changing the async export path
      • Configuring the LMS Proxy
    • Activating an installation
    • Connecting a client application
    • Changing Personal Settings
    • Managing notifications & ordering licenses
    • Managing users and permissions
    • Viewing Reports
    • Managing Licenses
    • Winshuttle LMS lease periods and offline use
  • Reference Guides
    • Winshuttle Workflow SVConfigurator Options quick table
    • Winshuttle Workflow SV Configurator Options table with descriptions
    • Winshuttle Workflow SVService Types (A-Z)
  • Reporting APIs
    • Reporting Dashboard
    • Set up the Reporting Data Warehouse
    • Mark Fields for Reporting
    • REST API Responses By Operation
    • Reporting APIs - Overview
    • APIs
      • Assignment API
      • Forms API
      • Forms Metadata API
      • Process API
      • Solutions API
      • Users API
• Foundation 11 Product Availability Matrix
• Foundation 11 System Requirements
• Foundation 11 Help
  • Installing Foundation 11
  • Foundation 11 Menu overview
  • Foundation 11 configuration - First Tasks
  • User Governance Help
    • Creating custom document libraries
    • Adding a new Foundation Site
    • Managing licenses
    • Managing users, permissions, and roles
    • Managing content
    • Reports and audits
      • Working with audits
      • Viewing reports
    • Configuration
      • All Settings (table)
      • Personal settings
        • My Settings
        • Manage SAP Credentials
      • Server settings and connections
        • Database connections
        • Log and report settings
        • SAP Application Servers
        • Foundation Setup
        • Workflow Administration
      • Product settings
        • Authorization Fields
        • Client Features
        • Developer Proficiency Levels
        • Policies
        • Preferences
        • System Usage Level
      • Foundation settings
        • Company Logo
        • Email Templates
        • Backups
        • Restore
        • Manage Scheduled Jobs
        • Department/Job Title
        • Out of office delegations
        • SAP Integration Server Infrastructure
        • SAP Integration Server Tasks
  • SAP Int. Server Help
    • Using the configuration Admin Tool
    • Configuring Server settings
    • Configuring Server Manager
    • Configuring the Server Worker
    • Configuring the Worker LaunchGUI
    • Configuring RabbitMQ
    • Creating or migrating SAPIS databases
    • Configuring SAP SSO
    • Configuring SAP SSO for Server 11.x
    • Troubleshooting FAQ - Winshuttle SAP Integration Server
  • Workflow Help
    • Upgrading to Workflow 11.x from a previous version
    • Creating a Winshuttle Form Site
    • Working with workflows
    • Using the Form Library
    • Managing workflow tasks
    • Workflow Administration
    • Uninstalling Workflow 11.x
  • License Mgmt. System
    • Winshuttle LMS overview
    • Configuring LMS
      • Configuring IIS/LMS for custom host names
      • Changing the async export path
      • Configuring the LMS Proxy
    • Activating an installation
    • Connecting a client application
    • Changing Personal Settings
    • Managing notifications & ordering licenses
    • Managing users and permissions
    • Viewing Reports
    • Managing Licenses
    • Winshuttle LMS lease periods and offline use
  • Reference Guides
    • Winshuttle Workflow SVConfigurator Options quick table
    • Winshuttle Workflow SV Configurator Options table with descriptions
    • Winshuttle Workflow SVService Types (A-Z)
• Composer Help
  • Getting started with Composer
    • Running Composer and opening solutions
    • Composer interface overview
    • Composer solution overview (video)
    • Composer preferences
    • Importing from Designer
    • Tutorial - Vendor Master
      • Vendor Master Tutorial
      • Tutorial file downloads
  • Working with Solutions
    • What is a Winshuttle Composer Solution?
    • Recommended solution architecture
    • Solution tab overview
    • Creating/Opening a Solution
    • Adding data connections
      • Data connection overview
      • Adding database connections
      • Adding SharePoint data connections
      • Adding SOAP Web service connections
      • Adding SQL data connections
    • Working with deployment profiles
    • Working with name templates
    • Deploying solutions
    • Working with Web services and scripts
    • Working with field packs
      • Field Pack overview
      • Creating a field pack
      • Adding fields to field packs
      • Adding a field pack to a solution
      • Editing field pack elements
      • Field pack scope and versioning
    • Saving your solution
    • Solution best practices
      • Best practices for solution development
      • Migrating Composer solutions
  • Working with Workflows
    • Workflow tab overview
    • Designing an Excel workflow (Overview)
    • Working with swim lanes
    • Task locking in TeamFromRole swimlane type
    • Working with transitions
    • Working with expressions
    • Working with loops
    • Working with messages
    • Working with nodes
  • Working with Forms
    • Form tab overview
    • Working with groups
    • Working with elements
    • Working with views
    • Working with fields
      • Promoting form fields
      • Adding instructions to form fields
    • Working with labels
    • Working with rules
    • Working with arguments
    • Working with functions
      • Form functions
      • Workflow functions (Transitions)
      • Global helper functions
    • Changing layout and look
    • Translating forms to other languages
  • Composer Reference Guides
    • Workflow Nodes (A-Z)
    • Form Elements (A-Z)
    • Rules Reference Guide
      • Types of rules and rule properties
      • Rule Conditional Operators (table)
    • Plugins Guide
    • Participant Resolvers Guide
    • Developer references
      • Javascript Reference Guide
        • JavaScriptReference Guide (home)
        • JavaScript Wrappers
        • Form Functions
        • Global Helper Functions
        • JQuery Functions
        • Debugging Help
      • Developer Process Extensions
      • Working with external storage
    • Troubleshooting Composer Forms
      • Improving Form Performance
      • Tools for Troubleshooting Forms
      • Viewing Composer Log Files
    • Composer Glossary of terms
    • Solution Development Best Practice Guide
• Foundation 10 Help
  • Foundation 10 release notes
    • Central release notes
    • Server release notes
    • Workflow release notes
  • Foundation 10 system requirements
    • Winshuttle Central System Requirements
    • Winshuttle Server 10.5-10.6 system requirements
    • Winshuttle Server 10.6.1+ system requirements
    • Workflow 10.8 system requirements
    • Workflow 10.5-10.7 system requirements
  • Find Foundation 10.x product version numbers
  • Winshuttle Central Help
    • Installation
      • Before you begin
      • Step 1 - Creating a Web application
      • Step 2 - Installing the Central binaries
      • Step 3 - Creating a site collection
      • Installing Journal Entry
      • Activation
        • Activating Central
        • Assigning Central Admin Permissions
        • Activating Central Site License
      • Upgrade, Repair, or Uninstall
        • Repairing a Winshuttle Central installation
        • Uninstalling Winshuttle Central 10.x
        • Uninstalling the Journal Entry plugin
    • Configuration
      • First Tasks
      • Implementing Custom Workflows
    • Backup, Restore, Migration
      • Backup / Restore Overview
      • Backing up a Winshuttle Central site
      • Deleting Winshuttle Central backup jobs
      • Monitoring Winshuttle Central backup jobs
      • Restoring a Central site
      • Migration
        • Migration overview
        • Migrating Winshuttle Server data
        • Migrating Workflows
    • Site tasks
      • Site Menu Overview
      • Manage LDAP Connection
      • Activate Licenses
      • Backup Restore
      • Database Connection
      • Email Templates
      • Log Settings
      • Manage Application Settings
      • Manage Licenses
        • Licensing Overview
        • Assigning licenses
        • Viewing Licenes
        • Searching for users
        • Revoking or deleting licenses
        • License overview
      • Manage Master Pages
      • Manage SAP Credentials
      • Manage Scheduled Jobs
      • Workflow Configurations
    • Transaction Menu tasks
      • Transaction menu overview
      • Policies (Transaction)
      • Preferences
      • SAP Application Servers
      • Manage Client Features
      • Transaction Developer Scenarios
      • ROI charts
    • Query Menu tasks
      • Query Menu Overview
      • Policies
      • Preferences
      • SAP Application Servers
      • Developer Proficiency Level Settings
      • Authorization Field Settings
      • System Usage Level Settings
      • Query Developer Scenarios
    • Audit & Reports tasks
      • Audits & Reports Menu Overview
      • Audit Configuration
      • SharePoint Audit Report
      • Active Users
      • Client log viewer
      • Web Services Log Viewer
      • Central Roles by User
      • Central Administration Audit
    • Server Menu tasks
      • Server Menu overview
      • Transaction services
      • Query services
      • Published Web services
    • User and Group Management
      • User/group management overview (video)
      • Adding/Removing users
      • Assigning Central site/license administrators
      • Managing Central users and groups
      • Winshuttle Central Permissions table
    • SharePoint-specific tasks
      • Creating new document libraries
      • Customizing Master Pages
      • Limiting file access
      • Reviewing workflow history
  • Winshuttle Server Help
    • Installation
      • Before you begin
      • Installing Winshuttle Server 10.6.1
      • Installing Server 10.6 and earlier
      • Upgrading Winshuttle Server
      • Uninstalling Winshuttle Server
    • Configuration
      • Finding the Winshuttle Server Manager URL
      • Assigning access rights to the database (SQLite)
      • Configuring the server database
      • Configuring SAP single sign on
        • Configuring Kerberos SAP SSO logon
        • Configuring X509 SAP Netweaver SSO
        • Enabling Secure Socket Layer (SSL)
    • Server Admin Tool Guide
      • Loading the web.config configuration
      • Changing RabbitMQ settings
      • Configuring the Server Database
      • Changing Allowed User Identities
      • Query caching tab options
      • Enabling Integrated Logon
      • Configuring Execution Settings
      • Migrating databases with the Server Database Migration Tool
      • Deployment Options tab
  • Winshuttle Workflow Help
    • Workflow 10.8 and later Admin Guide
      • Installation & Activation
      • Logs & Reporting
        • Logs & Reporting Overview
        • Charts
        • Excel Workflow Data
        • Log File Viewer
        • Logging
        • Health Monitor
      • Processes
        • Processes Overview
        • Manage Background Jobs
        • Process Control
        • SVService Types (table)
      • Server Administration
        • Server Administration Overview
        • Admin Commands
        • Configuration Options
        • Database Usage Status
        • Extending Workflow
        • Farm Configuration
        • Front End Configuration
        • Licenses
        • Scheduler
        • Workflow Design Configuration
    • Workflow 10.5-10.7 Admin Guide
      • Installation
        • Preparation & Account Requirements
        • Installing
        • Configuring SVService
        • Creating a Workflow Site
        • Configuring Kerberos
          • IIS configuration
          • DNS, Active Directory, SPNs, Delegation, & SharePoint Server
          • Verifying Kernel Mode is activated
        • Upgrading/Removing Workflow
      • Configuration
        • Entering a License Key
        • Enable Page Loading
        • Configuring Email Approvals
        • Configuring Offline Forms
        • Configuring Single Sign-On
        • Configuring Dynamic Refresh
      • Workflow Administration
        • Configuring Workflow Administration
        • Running Workflow Administration
        • System Maintenance
        • Reporting (10.5-10.7)
        • Logging
        • Exporting Workflow Data
          • Export Workflow 10.5-10.7 data to SharePoint
          • Export workflow 10.5-10.7 to a Database
          • Manually Exporting Process Data
        • Migrating Solutions
        • How to mark inactive processes
        • Configuring SVService
        • Disabling email notifications
        • Migrating Data
      • FAQ
    • Workflow Participant Guide
      • Workflow particpant overview
      • Working with form workflows
      • Working with document workflows
    • Winshuttle Workflow SVAdm command guide
  • Designer Help »
  • Reference Guides
    • Winshuttle Workflow SVConfigurator Options quick table
    • Winshuttle Workflow SV Configurator Options table with descriptions
    • Winshuttle Workflow SVService Types (A-Z)

(missing or bad snippet)

Configuring Winshuttle Foundation SAP Integration Server 11.2.12 to work with SAP Single Sign-On

The following instructions guide administrators through the process of configuring Winshuttle Foundation SAP Integration Server 11.2.12 and later to work with SAP SSO (Single Sign-On).

On this page

1. Configure the 64-bit Secure Login Library on the Winshuttle SAP Integration Server machine
2. Set the Server's Environment Variables (SECUDIR and SNC_LIB)
3. Configure the PSE (Personal Security Environment) and certificates
   • Export WS_SAPIS Client Certificate
4. Configure the SAP ABAP server and import the Client Certificate
   • Importing the client Certificate via Transaction STRUST
   • Export the Server Certificate of SAP server
   • Create the Cred_V2 file
5. Verify the configuration
6. Completing the ABAP Server configuration

SAP Cryptolib is already setup and used as an SNCSecure Network Communication (SNC) is a software layer in the SAP System architecture that provides an interface to an external security product. SAP Systems provide basic security measures like SAP authorization and user authentication based on passwords. library on the SAP Application Server ABAPABAP (Advanced Business Application Programming) is a programming language for developing applications for the SAP R/3 system, a widely-installed business application subsystem. The latest version, ABAP Objects, is object-oriented programming. (Advanced Business Application Programming) system that the Winshuttle Foundation product is connecting to it when running SAP RFCs. We need to configure trust relationship between SAP server and Winshuttle Foundation SAP Integration Server. It will be server to server trust using sap cryptolib.

1. Configure the 64-bit Secure Login Library on the Winshuttle SAP Integration Server machine

(missing or bad snippet)

The 64-bit SLL is required to work with the Winshuttle Foundation SAP Integration Server Server Worker.

1. On the SAPIS machine, create a directory called SNC1.
2. Copy SLL (Secure Login Library) files into the SNC1 folder (sapcrypto, sapnwsso, slcryptokernel).
3. Copy the sapgenpse file into the SNC1 folder.

Configure the 32-bit Secure Login Library on the Winshuttle SAP Integration Server machine

The 32-bit SLL is required to work with SAP Integration Server LaunchGUI module.

1. In the SNC1 folder, create a sub-directory called 32BIT.
2. Copy the 32-bit SLL files (sapcrypto, sapnwsso, slcryptokernel) into the 32BIT subdirectory .

Using the latest version of these files is recommended.

2. Set the Server's Environment Variables (SECUDIR and SNC_LIB)

(missing or bad snippet)

On the Server where SAP Integration Server is installed, set the following environment variables:

1. Go to Control Panel \System and Security\System.
2. Click Change Settings.
3. Go to the Advanced tab.
4. Click Environment Variables. Set the following variables:
   • Set SECUDIR= path of SNC1 directory (C:\SNC1 is used for this example)
   • Set SNC_LIB= path of SNC1 directory (C:\SNC1 is used for this example)

3. Configure the PSE (Personal Security Environment) and certificates

(missing or bad snippet)

1. Open a command prompt with administrative privileges.
1. Click Start, click All Programs, and then click Accessories.
2. Right-click Command prompt, and then click Run as administrator.
3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
2. In the command prompt, change to the C:\SNC1 directory.
3. Run the following command to generate the PSEA personal security environment (PSE) is a secure location where the public-key information of a user or component is stored. The PSE for a user or component is typically located in a protected directory in the file system or on a smart card. (Personal Security Environment). Note: The PSE is named WS_SAPIS.pse

   sapgenpse gen_pse -v -p WS_SAPIS.pse

4. Enter the Distinguished nameThe Distinguished Name for the SAP system is contained in the certificate that is installed on the SAP system. This is a hierarchal identifier as specified by the X.500 format. The Distinguished name is defined by adding the object's identifier to the Distinguished Name of its predecessor. for the PSE Owner.
   The Distinguished name can be CN=[machinename], C=[CountryCode] O=[Organization], OU=[Company]

Export WS_SAPIS Client Certificate

1. In the command prompt window, run the following command to export the Client Certificate from the newly created PSE. For this example, the exported certificate is named WS_SAPIS.crt.

   sapgenpse export_own_cert -v -p WS_SAPIS.pse -o WS_SAPIS.crt

2. Copy the certificate WS_SAPIS.crt created in the SNC1 directory to another machine. It will be copied to another directory in the next section (see below).

4. Configure the SAP ABAP server and import the Client Certificate

(missing or bad snippet)

The WS_SAPIS.crt file must be imported to the SAP Server’s Personal Security Environment so that SAP NW trusts the certificate used on Winshuttle SAPIS Server for the Winshuttle server identity.

Import the client Certificate via Transaction STRUST

(missing or bad snippet)

1. Open the SAP Trust Manager (STRUST)
2. Open the Node SNC (SAPCryptolib).
3. Enter the SAPCryptolib password.
4. Click Import certificate.
5. Set the file format to Base64, and then select the file.
6. Click Add to Certificate List.

In the example above, the Winshuttle SAPIS machine certificate configuration is as follows: CN=ws8-vs2012.wse.wsmain. local, C=IN, O=win, OU=WINSHUTTLE.

Export the Server Certificate of SAP server

(missing or bad snippet)

1. Open TCode STRUST.
2. From node SNC (SAPCryptolib), double-click your own certificate so it displays in the Certificate data/fields.
3. Click Display change to enable the Export certificate button.
4. Click Export certificate.
5. Specify filename EH9 and file format as base64.
6. Copy the exported SAP Server certificate to the to the C:\SNC1 folder created on the Winshuttle SAP Integration Server.
7. On the Winshuttle SAP Integration Server where the certificate was imported, open a command prompt with administrative privileges.
8. Run the following command to import the Server Certificate to the Client PSE ‘WS_SAPIS.pse’:

   sapgenpse maintain_pk -v -a EH9_SAP_Server.crt -p WS_SAPIS.pse

   

Create the cred_v2 file

After certificates are imported to the PSE file, you must use the file cred_v2 to securely give the RFC Program access to the PSE without providing the password for the PSE.

1. On the Winshuttle SAP Integration Server, open a command prompt with administrative privileges.
2. Run the following command to create the cred_v2 file using the same user credentials under which Winshuttle SAP Integration Server will run:

   sapgenpse seclogin -p WS_SAPIS.pse –O sapisadmin

   *sapisadmin = The administrator account for the SAP Integration Server

5. Verify the configuration

(missing or bad snippet)

1. On the Winshuttle SAP Integration Server, open a command prompt with administrative privileges.
2. Run the following command to view who registered the certificates and the name of the PSE:

   sapgenpse seclogin –l

The Certificate files status for the folder C:\SNC1 should contain the following 4 files:

• [SAPServer].crt
• WS_SAPIS.crt
• WS_SAPIS.pse
• cred_v2

6. Completing the ABAP Server configuration

(missing or bad snippet)

On the SAP ABAP Server, in Tcode snc0 set the SNC name as shown in the screenshot below.

Setup is complete.

A trust should be established between the SAP Server and Winshuttle Foundation SAP Integration Server. Code run on the Winshuttle SAPIS server can now run RFCA Remote Function Call (RFC) is the call or remote execution of a Remote Function Module in an external system. In the SAP system, these functions are provided by the RFC interface system. The RFC interface system enables function calls between two SAP systems.s on this SAP system.