Welcome to Demo@SAP Tools
This site demonstrates the implementation of Single Sign-On (SSO) for SAP applications using Logon and Assertion Tickets. Explore the demos to see how SSO can be seamlessly integrated into SAP environments.
Available Demos
- WebService - Shows how to use SSO with SAP Web Services.
- WebGUI - SSO Demonstrates SSO with SAP Web GUI.
Certificate Algorithms
The application supports three types of certificate algorithms: DSA, RSA, and ECDSA. The key size varies depending on the chosen algorithm. The following certificates are pre-loaded into the application and the SAP Demo System for demonstration purposes:
| Name | Algorithm | Key Size |
|---|---|---|
| SAP SSO DSA 1024 | DSA | 1024 |
| SAP SSO RSA 1024 | RSA | 1024 |
| SAP SSO RSA 2048 | RSA | 2048 |
| SAP SSO RSA 3072 | RSA | 3072 |
| SAP SSO RSA 4096 | RSA | 4096 |
| SAP SSO ECDSA P-256 | ECDSA | P-256 |
| SAP SSO ECDSA P-384 | ECDSA | P-384 |
| SAP SSO ECDSA P-521 | ECDSA | P-521 |
Note: Please verify that your chosen algorithm is supported by your SAP System.
Certificate Generation
Certificates can be generated using either OpenSSL or sapgenpse. Below is an example of generating a certificate with sapgenpse:
# Choose an algorithm and a key size:
ALG=RSA
SIZE=4096
# Set the Common Name
FILENAME="${ALG}-${SIZE}"
CN="OU=SAP Tools, CN=SAP SSO ${ALG} ${SIZE}"
# Delete the previous .pse files from the $SECUDIR directory
# Delete the previous .crt and .pfx files
rm ${SECUDIR}/${FILENAME}.pse ${FILENAME}.crt ${FILENAME}.pfx 2>/dev/null
sapgenpse gen_pse -a $ALG -s $SIZE -p ${FILENAME} -x 12345678 "${CN}"
sapgenpse export_own_cert -p $FILENAME -x 12345678 -o ${FILENAME}.crt
sapgenpse export_p12 -p $FILENAME -x 12345678 -z 12345678 -f cn ${FILENAME}.pfxThe OpenSSL command to generate a certificate is as follows:
# Choose an algorithm and a key size:
ALG=RSA
SIZE=4096
PASSWORD=12345678
# Set the Common Name
FILENAME="${ALG}-${SIZE}"
CN="/OU=SAP Tools/CN=SAP SSO ${ALG} ${SIZE}"
# Generate a private key
openssl genpkey -algorithm $ALG -out ${FILENAME}.key -pkeyopt rsa_keygen_bits:$SIZE
# Generate a certificate signing request (CSR)
openssl req -new -key ${FILENAME}.key -out ${FILENAME}.csr -subj "$CN"
# Generate a self-signed certificate
openssl x509 -req -days 3650 -in ${FILENAME}.csr -signkey ${FILENAME}.key -out ${FILENAME}.crt
# Export the certificate and private key to a PKCS#12 file
openssl pkcs12 -export -out ${FILENAME}.pfx -inkey ${FILENAME}.key -in ${FILENAME}.crt -password pass:${PASSWORD}The OpenSSL commands for ECDSA require additional steps:
# Choose an algorithm and a key size:
ALG=ECDSA
CURVE=prime256v1 # or secp384r1, secp521r1
PASSWORD=12345678
# Set the Common Name
FILENAME="${ALG}-${CURVE}"
CN="/OU=SAP Tools/CN=SAP SSO ${ALG} ${CURVE}"
# Generate a private key
openssl ecparam -name $CURVE -genkey -noout -out ${FILENAME}.key
# Generate a certificate signing request (CSR)
openssl req -new -key ${FILENAME}.key -out ${FILENAME}.csr -subj "$CN"
# Generate a self-signed certificate
openssl x509 -req -days 3650 -in ${FILENAME}.csr -signkey ${FILENAME}.key -out ${FILENAME}.crt
# Export the certificate and private key to a PKCS#12 file
openssl pkcs12 -export -out ${FILENAME}.pfx -inkey ${FILENAME}.key -in ${FILENAME}.crt -password pass:${PASSWORD}Source Code
The source code for these demos can be found on GitHub: https://github.com/avadillo/SAPLogon
Additional Tools
More tools at https://saptools.mx