Key Recommendations and Learnings from SAP to Extended ECM Integration.

Nitesh harjai · 2025-04-12T15:35:34+00:00

There was an error rendering this rich post.

Hi Developers Team,

During the integration of the SAP system with Extended ECM, we encountered a few common challenges while executing the diagnostic report. I would like to highlight some key recommendations based on my experience, which may help the developer community in similar scenarios moving forward:

1) Validating the CN Value of SAP System PSE:-

When integrating SAP with Extended ECM, ensure that the CN (Common Name) value in the SAP system's PSE matches the corresponding SAP system ID.
You can verify this by executing transaction STRUST in the SAP system and checking the System PSE certificate. For example, if your SAP system ID is X100, then the CN value in the System PSE should also reflect X100.

This requirement is critical when the parameter login/create_sso2_ticket is set to 3, which enables assertion-based SSO mechanism. In this mode, the SSO2 ticket sent from SAP to OpenText includes the SAP system ID. If the CN in the uploaded PSE doesn't match the SAP system ID, OTDS will reject the ticket due to a mismatch, causing authentication failures.

2) Understanding the Parameter Value of login/create_sso2_ticket

Use transaction RZ11 in SAP to check the value of the login/create_sso2_ticket parameter.

If this parameter is set to 3, assertion-based SSO is active. You must ensure that the CN value in the SAP PSE matches the SAP system ID, as mentioned above. Otherwise, the authentication with OpenText will fail.
If the parameter is set to 2, the SSO2 ticket will be generated without attaching the system ID. In this case, there's no need to match the CN value with the system ID, and the authentication process is simplified. For instance, if the user nharjai logs in, the session will be stored under the SSO2 ticket and passed to integrated systems like OpenText without enforcing the system ID check.

As long as the user exists in OTDS and the SAP system PSE is correctly uploaded in the authentication handler, the integration with OpenText xECM should work smoothly in this setup

I hope these insights will be helpful for your ongoing and future integration projects. Please feel free to reach out if any clarification is needed.

Thanks,
Nitesh

Find more posts tagged with

Note:

If there are Accepted Answers, those will be shown by default. You can switch to 'All Replies' by selecting the tab below.

Accepted answers

All comments

There are no accepted answers yet