Anda di halaman 1dari 23

SAP How-to Guide

Sybase Unwired Platform

How To... Configured SSO with X.509 for SUP

Applicable Releases: Sybase Unwired Platform 2.0 Sybase Unwired Platform 2.1

Version 1.0 January 2012

All other prod uct and service nam es m entio ned are the tradem arks of their respective com panies. Data contained in this d ocument serves inform atio nal purpose s only. N atio nal product specifications may vary. The information in this document is proprietary to SAP. N o part of this docum ent may be reproduce d, copied, or transm itted in any form or for any purpose without the express pri or written perm ission of SAP AG. This document is a preliminary versio n and not subj ect to your license agreem ent or any ot her agreem ent with S AP. Thi s docume nt contains only inten ded strate gies, developm ents, an d functionalities of the SAP pro duct and is n ot intended to be bi ndin g up on S AP to any particular course of busin ess, pro duct strategy, an d/or devel opm ent. Please note th at this docum e nt is subj ect to change and m ay be change d by SAP at any tim e without n otice. SAP assum es no respo nsibility for errors or om issi ons in this docum ent. SAP d oes not warrant the accuracy or com pleteness of the information, text, grap hics, links, or ot her items containe d within this material. This docume nt is provided without a warranty of any kind, eith er express or implied, including b ut not lim ited to the implied warranties of m erchantability, fitness for a particular purpos e, or non-infringem ent. SAP shall have n o liability for dam ages of any kind includin g without lim itation direct, special, indirect, or consequential dam a ges that m ay result from the use of thes e m aterials. This lim itation shall n ot apply in cases of intent or gr oss negligence. The statutory liability for personal injury an d defective products is n ot affected. SAP has n o control over the inform ation that you m ay access through the us e of hot links contai ned in the se m aterials and d oes n ot end orse yo ur use of third-party Web page s nor provide any warranty whatsoever relating to third-party Web pa ges .

Copyright 2012 SAP AG. All rights reserved.


No part of this publication m ay be repro duce d or transmitted in any form or for any purpo se without the express perm ission of SAP AG. T he inform atio n containe d herein m ay be chan ged with out prior notice. Som e software products marketed by SAP AG an d its distrib utors contain proprietary software com po nent s of other software vend ors. Microsoft, Window s, Excel, Outlo ok, an d PowerPoint are registered trademarks of Microsoft Corporation. IBM , DB2, DB2 Universal Data base, System i, Syst em i5, System p, Sy stem p5, System x, System z, System z10, System z9, z10, z9, iSeries, p Series , xSeries, zSerie s, eServer, z/VM, z/OS, i5/O S, S/390, O S/39 0, OS/ 400, AS/ 400, S/390 Parallel Enter prise Server, PowerVM, Power Architecture, POWER6 +, POWER6, POW ER5+, POW ER5, POWER, OpenPower, PowerPC, BatchPipes , BladeCenter, System Stora ge, GPF S, HACMP, RETAIN, DB2 Con nect, RACF, Red book s, OS /2, Parallel Syspl ex, MVS/ES A, AIX, Intellige nt M iner, Web Sphere, N etfinity, Tivoli and I nform ix are tradem arks or registered trademark s of IBM Corporation. Linux is the registere d tradem ark of Linus Torvald s in the U. S. an d other countries. Ado be, the Adobe logo, Acrobat, Post Script, and Rea der are either tradem arks or registered trademark s of Ado be System s Incorporated in the United States and /or oth er countries. Oracle is a registered tradem ark of Oracle Corporation. UNIX, X/Open , OSF/1, a nd M otif are registered tradem arks of the Ope n Group. Citrix, ICA, Program Neighborhood , M etaFrame, WinFram e, Vide oFrame, an d MultiWin are tradem arks or registered trademarks of Citrix Systems, Inc. HTM L , XM L, XHTM L and W3C are trademarks or registered trademarks of W3C, World Wid e Web Co nsortium , Massachu setts Instit ute of Techn ology. Java is a registered trademark of Sun M icrosystem s, Inc. JavaScript is a registered trademark of Sun M icrosystems, Inc., u sed u nder license for technol ogy inve nted an d im plem ente d by Netscape. SAP, R/3, SAP N etWeaver, D uet, PartnerEd ge, ByDesig n, SAP Bu sinessObjects Explorer, Stream Work, and other SAP products a nd services m entio ned h erein as well as their respective logos are tradem arks or registered trad emarks of SAP AG in Germ any and other countries .

SAP How-to Guides are intended to simplify the product implementtation. While specific product features and procedures typically are explained in a practical business context, it is not implied that those features and procedures are the only approach in solving a specific business problem using SAP NetWeaver. Should you wish to receive additional information, clarification or support, please refer to SAP Consulting. Any software coding and/or code lines / strings (Code) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent. Disclaimer Some components of this product are based on Java. Any code change in these components may cause unpredictable and severe malfunctions and is therefore expressively prohibited, as is any decompilation of these components. Any Java Source Code delivered with this product is only to be used by SAPs Support Services and may not be modified or altered in any way.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company.
Syba se and A daptive Server, iAnyw here, Sy base 365, SQL A nywhere, an d other Sybas e prod ucts and services m enti oned herein as well as their respective log os are tradem arks or registere d tradem arks of Syba se, Inc. Sy base is an SAP compa ny.

Document History
Document Version 1.00 Description First official release of this guide

Typographic Conventions
Type Style Example Text Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Cross-references to other documentation Example text Emphasized words or phrases in body text, graphic titles, and table titles File and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. User entry texts. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER.

Icons
Icon Description Caution Note or Important Example Recommendation or Tip

Example text

Example text

<Example text>

EXAMPLE TEXT

Table of Contents
1. 2. 3. 4. Business Scenario ............................................................................................................... 1 Background Information ..................................................................................................... 1 Prerequisites ...................................................................................................................... 2 Step-by-Step Procedure ..................................................................................................... 2 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 5. Configuring an SAP JCo Connection to a SAP EIS ................................................................ 2 Deploying Packages and Bundles to Domains ...................................................................... 3 Obtain/Install SAP Cryptographic Libraries ........................................................................... 3 Generating a X.509 Certificate for SUP Server ......................................................................5 Import SUP certificate into SAP EIS ..................................................................................... 6 KeyStore: Importing a X.509 Certificate and Private Key for SAP EIS ................................... 8 TrustStore: Installing and Configuring Certificates on SUP Server ....................................... 8 Creating and Assigning a Security Configuration That Uses X.509 Credentials..................... 9 Conclusion .......................................................................................................................... 13

Appendix ......................................................................................................................... 14

How To... Configured ured SSO with X.509 for SUP

1.

Business Scenario

In today modern landscape, most company would like to enable Single Sign-On (SSO) solution where possible to help reduce TCO and increase user productivity. p For this scenario, just image if you are an n end end-user trying to input the UserID/Password serID/Password into the mobile device with the small keyboard where you might constantly input the wrong password due the keyboard size. With a few key strokes and after a few attempt of the password input, the user might end up locking themselves out of the system and end up opening a support ticket to have their account unlock so that they could continue with their work. This is assuming the IT support turnaround time is quick or they might lose a day of productivity. With Sybase Unwired Platform (SUP), the solution does provide you with various options to help enable the SSO solution. This document will help you understanding the necessary sequences on how to setup Single Sign-On (SSO) for SUP 2.0 using X.509 certificate base authentication.

2.

Background Information

As of SUP 2.0, the solution offers two methods to enable the SSO solution for the landscape. One of which is SAP Logon Tickets aka SSO2Token which use com.sybase.security.sap.SAPSSOTokenLoginModule com.sybase.security.sap.SAPSSOTokenLoginModule login module. The other is PKI based authentication via X.509 certificates which use com.sybase.security.core.CertificateAuthenticationLoginModule com.sybase.security.core.CertificateAuthenticationLoginModule login module. Both of these methods should work fine for any scenario that you would need a SSO solution for your SUP landscape but for this guide we will be concentrating on the X.509 certificate base.

The above image is an example of a simple SUP landscape with some EIS system. Note This guide does not cover the process on how to deliver the certificate to the end-user user device. For this type of functionality, please look into using Afaria.

February 2012

How To... Configured ured SSO with X.509 for SUP

3.

Prerequisites
A working landscape (SUP and EIS) EIS S (backend) system is fully configure configured for SSO using X.509 certificate OS access to the SUP server with admin right privilege to install some security modules module Access to the SSC for SUP with admin right privilege to configure the landscape for SSO Access to SAP Service Marketplace (SMP) to obtain the SAP cryptographic libraries Certificate of the SAP EIS

For this guide, we will assume the following:

Note Always use End-to-end end encryption (E2EE) between client and SUP if you use X.509 SSO to help secure the landscape and to reduce the middle man attack. attack

4.

Step-by-Step Step Procedure

Below are sequence of steps that one would need to follow to achieve a SSO with X.509 certificate and some of the initial steps can be skip if your SUP has already been configured for SAP EIS.

4.1

Configuring ring an SAP JCo Connection to a SAP EIS

The steps below are to help setup a connection link between the SUP server and any SAP EIS that hat you wish to use for the landscape. Login to Sybase Control Center as the administrator with the SCC URL: https://<SUP Host>:8283/scc Host> On the left panel expand xpand the cluster, expand the Domains folder, expand the domain to which the package is to be deployed, eployed, and select Connections

Select the Connections tab and click New. Input a value for the Connection pool name name field, select SAP as the Connection pool type, select the sap template for the value in the template dropdown list, , and enter appropriate properties for your SAP EIS environment.

February 2012

How To... Configured ured SSO with X.509 for SUP

Click Test Connection to verify access to the SAP server, and click OK.

4.2

Deploying Packages and Bundles to Domains

Deploy the package/bundle/BAPI exposed as a Web Service, and so on from Unwired WorkSpace to Unwired Server. During deployment, select a domain (default, for example). Configure the package/bundle as required. ESDMA (Entity Entity Set Definition for Mobile Applications Applications) bundle Edit the properties file to include login-required=true. required=true. Restart Unwired Server. Note If you skip this step, the ESDMA bundle supports only basic authentication. SAP_CRM application Edit the properties file to include login-required=true, required=true, and set the endpoint-security-profile profile as described in the topic Configuring a Mutually Authenticated SSL Security Configuration for mutually authenticated sessions.

4.3
...

Obtain/Install SAP Cryptographic C Libraries


3

February 2012

How To... Configured ured SSO with X.509 for SUP

Login to SAP Service Marketplace (SMP) (http://service.sap.com/swdc) If you dont have the SAPCAR executable already then perform this task: Navigate to Support Support Packages and Patches Additional Additional Components SAPCAR select any version select your OS download the executable Navigate to Installations Installations and Upgrades Upgrades Browse our Download Catalog Software SAP Cryptographic Software Select and download the platform specific file for your SUP OS Create a directory in which you can unpack the cryptographic file. For example: D:\sapcryptolib sapcryptolib Extract the SAP Cryptographic SAR file. For example: SAPCAR.EXE -xvf < SAP Cryptographic SAR file> -R D::\sapcryptolib SAP SAP Cryptographic

Open the D:\sapcrytolib in Windows Explorer

Copy the content in the sub directory for the SUP OS to D:\sapcrytolib. . For this example the SUP OS is x86 architecture:

(Optional) Add the SECUDIR environment variable to the user environment batch file: <UnwiredPlatform_InstallDir>\UnwiredPlatform UnwiredPlatform\Servers\UnwiredServer\bin\usersetenv.bat. usersetenv.bat.

February 2012

How To... Configured ured SSO with X.509 for SUP

If you have installed Unwired WorkSpace, you must add the SECUDIR variable to the WorkSpace batch file: <UnwiredPlatform_InstallDir> <UnwiredPlatform_InstallDir>\UnwiredPlatform\Eclipse\UnwiredWorkspace.bat.

4.4

Generating a X.509 Certificate for SUP Server

This section only applies if your organization does not have a method to create your own X.509 certificate for the SUP server. If your organization already has a PKI environment then you can ask the administrator of that system to create a X.509 certificate for you SUP server. We will be using what we have installed in the previous section. Open a DOS console Change to the directory where you extract the SAP cryptographic file. For example: C:\sapcryptolib sapcryptolib Generate the certificate with the command below: Syntax: sapgenpse get_pse <additional_options> -p <PSE_Name> r r <cert_req_file_name> -x <PIN> <Distinguished_Name> Example: sapgenpse get_pse p SNCTEST.pse r abc.req x abcpin "CN=host123.mycompany.com, OU=I1234567890-MyCompany, MyCompany, OU=SAP Web AS, O=SAP Trust Community, C=DE"

Note For the Distinguished Name, please use fully qualified domain name (FQDN). Get the certificate sign by CA Generate a credential file to initialize a new keyst keystore for usage Example: sapgenpse seclogin -p SNCTEST.pse -O DOMAIN\your_name_here -x x password Import the SUP certificate into the SUP server keystore Example: keytool -importkeystore importkeystore -srckeystore <SUP p12 cert> -srcstoretype pkcs12 -srcstorepass <supserverpass> -srcalias srcalias SUP -destkeystore <UnwiredPlatform_InstallDir>/Servers/UnwiredServer/Repository/Security/keyst <UnwiredPlatform_InstallDir>/Servers/UnwiredServer/Repository/Security/keystore.jks ore.jks deststoretype jks -deststorepass deststorepass changeit -destkeypass changeit

February 2012

How To... Configured ured SSO with X.509 for SUP

Note The user generating the certificate must have the same user name as the process (mlserv32.dll or eclipse.exe) under which the Unwired Platform service runs.

4.5

Import SUP certificate into SAP EIS

In this section, we will be using the SUP certificate that w was just generated earlier. Log in to your SAP EIS Run transaction strust

From the SAP GUI menu, select Certificate

Import

February 2012

How To... Configured ured SSO with X.509 for SUP

Select the Input button or hit Enter to import the certificate Click on the Add Add to Certificate List List

February 2012

How To... Configured ured SSO with X.509 for SUP

Click Save button on the menu

4.6

KeyStore: Importing a X.509 Certificate and Private Key for SAP EIS

In this section, we will be creating a keystore and import importing the SAP EIS certificate into it. By now, you should have obtained the certificate for SAP EIS in PKCS #12 format base on the prerequisite. For this guide, guide we will be using the SAP_EIS.p12 file as an exampl example of the SAP EIS certificate. Note Check to see if you SAP EIS certificate are chained with the Root CA that was used to sign it. If not then you will also need the Root CA that sign the certificate as well. Import the SAP EIS certificate into in the SUP keystore Syntax: keytool -v -importkeystore importkeystore -srckeystore <SAP EIS PKCS#12> -srcstoretype srcstoretype PKCS12 destkeystore <Destination Store> -deststoretype JKS Example: keytool -v -importkeystore rtkeystore -srckeystore SAP_EIS.p12 -srcstoretype PKCS12 -destkeystore destkeystore d:\Sybase\UnwiredPlatform\Servers Servers\UnwiredServer\Repository\Security\keystore.jks -deststoretype deststoretype JKS

When prompted, enter these responses: Enter destination keystore password: the default password is changeit Enter source urce keystore password: this should be the password that you administrator give you Note Ensure that the Suns s JDK is version 6 and the t keytool command may not be in the executable path so you may need to add this accordingly for the system. For example, it can be found in : <drive>:\Sybase\UnwiredPlatform UnwiredPlatform\JDK1.6.0_23-x64\bin

4.7

TrustStore: Installing and Configuring Certificates on SUP Server

You should also obtain the certificate tificate for SAP EIS in binary DER form or Base64-encoded format. format For this guide, , we will be using the SAP_EIS.crt SAP_EIS file as an example of the SAP EIS certificate. Import the SAP system's certificate into the Unwired Server truststore: tr keytool -importcert -keystore keystore <drive>:\Sybase\UnwiredPlatform UnwiredPlatform\Servers\UnwiredServer\Repository\Security\truststore.jks truststore.jks file <drive>:\<SAP EIS.crt file>

February 2012

How To... Configured ured SSO with X.509 for SUP

When prompted, enter changeit for the password and y for the trust this certificate question

Note The default for the store it changeit

4.8

Creating and Assigning a Security Configuration That Uses X.509 Credentials

In this section, we will be creating a new security configuration to take advantage of the certificate login module that is provided by the SUP server server. Log og in to Sybase Control Center (https://<SUP Host>:8283/scc) Navigate to and select Security Security

February 2012

How To... Configured ured SSO with X.509 for SUP

Select the General tab, then New

Name the secrurity configuration, for example X509SECADMINCERT, and click OK

February 2012

10

How To... Configured ured SSO with X.509 for SUP

Select the X509SECADMINCERT X509SECADMINCERT security configuration and select the Authentication Authentication tab.

Click New and select com.sybase.security.core.CertificateAuthenticationLoginModule com.sybase.security.core.CertificateAuthenticationLoginModule as the Authentication provider.

Click OK to accept the default settings, or modify any additional settings as required. req

February 2012

11

How To... Configured ured SSO with X.509 for SUP

Select com.sybase.security.core.NoSecLoginModule com.sybase.security.core.NoSecLoginModule and click Delete

Select the General tab, select Validate, then Apply

February 2012

12

How To... Configured ured SSO with X.509 for SUP

Navigate to the domain to which you are assigning the security configuration, and select the Security Configurations tab.

Click Assign, and select X509SECADMINCERT X509SECADMINCERT to assign the security configuration to the domain.

Select the Security tab, and d remove any other security configurations for the domain, if configured.

4.9

Conclusion

This should conclude the setup of the Single Sign-On Sign for SUP with X.509 certificate. You should now be able to test you application that have been develop developed for X.509 certificate base authentication. Please take a look at the appendix for more information as to where you may obtain more information on SSO.

Note The SUP application server will need to restart before usage since the configuration has been change to make use of the SSO.

February 2012

13

How To... Configured ured SSO with X.509 for SUP

5.

Appendix
SUP Single Sign-On: http://infocenter.sybase.com Sybase Unwired Platform 2.x System Administration Security Administration Security Layers User Security Setup Single Sign-on for SAP Device Specific Development Guide: http://infocenter.sybase.com Select the corresponding guide Sybase Unwired Platform 2.x

Appendix A Further resource @ SyBooks Online

Configuring the AS ABAP for Supporting SSL: SSL http://help.sap.com/saphelp_aii710/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm Configure SAP EIS for SSO: http://help.sap.com/saphelp_nw70ehp1/helpdata/en/5c/b7d53ae8ab9248e10000000a114084/frameset. htm

Appendix B Device Developer task for SSO


N othing if em ploying S SO2 Toke n, it is all based on server configuration .

Nothing if employing SSO2Token, it is all based on server configuration. Collect username/password on the device as normal. These will be used to obt obtain ain the SSO2Token on the server New CertificateStore and LoginCertificate classes used in conjunction with enhanced ConnectionProfile class in Object API for X.509 certificates

Appendix C Windows Mobile Example Code


//Get the default certificate store CertificateStore myStore yStore = CertificateStore.GetDefault(); //Get the login certificate according to label // LoginCertificate lc = myStore.GetPublicCertificate(aLabel); LoginCertificate lc = myStore.GetSignedCertificate(aLabel, "password"); //Get the synchronization profile ConnectionProfile cp = DBClass.SynchronizationProfile; //Set the certificate cp.Certificate = lc; //Online login (or BeginOnlineLogin for message based sync) DBClass.OnlineLogin(); //Set the credentials for username/password login LoginCredentials cred = new LoginCredentials("userA", "pwdA"); cp. Credentials = cred; DBClass.OnlineLogin();

Appendix C BlackBerry Example Code


//Get an CertificateStore instance. CertificateStore myStore = CertificateStore.getDefault(); //List all labels bels in the certificate store. StringList labels = myStore.certificateLabels(); //Get a signed certificate from certificate store.

February 2012

14

How To... Configured ured SSO with X.509 for SUP

LoginCertificate lc = myStore.getSignedCertificate(aLabel, "password"); //Set the login certificate to synchron synchronization profile, then login MyPackageDB.getSynchronizationProfile().setCertificate(lc); MyPackageDB.loginToSync(); //Use login credentials to do login LoginCredentials credential = new LoginCredentials(myUser, myPassword); MyPackageDB.getSynchronizationProfile().setCredentials(credential); onProfile().setCredentials(credential); MyPackageDB.loginToSync(); //Create or get a data vault DataVault vault = //unlock the data vault before using it. vault.unlock("password", "salt"); //Save the login certificate to data vault. lc.save("myLabel", vault); //Load the saved certificate. LoginCertificate newLc = LoginCertificate.load("myLabel", vault); //Delete a certificate from the data vault. LoginCertificate.delete("myLabel", ("myLabel", vault);

Appendix D iPhone Example Code


Get a certificate from the server and use it to authenticate @try { SUPCertificateStore *cs = [SUPCertificateStore getDefault]; SUPConnectionProfile *sp = [SAPSSOCertTest_SAPSSOCertTestDB getSynchronizationProfile]; SUPLoginCertificate te *lc = [cs getSignedCertificateFromServer:@"DLOWDER getSignedCertificateFromServer:@"DLOWDER-XPVM\\ \ssotest" withServerPassword:@"s1s2o3T4" withCertPassword:@"password"]; // Attach certificate to sync profile sp.certificate = lc; [lc release]; } @catch(NSException *e) { NSLog(@"Exception in getting certificate"); return; } while([SUPMessageClient status] != STATUS_START_CONNECTED) [NSThread sleepForTimeInterval:0.2]; [SAPSSOCertTest_SAPSSOCertTestDB beginOnlineLogin]; Get a certificate from the filesystem and use it to authenticate @try { SUPCertificateStore *cs = [SUPCertificateStore getDefault]; SUPConnectionProfile *sp = [SAPSSOCertTest_SAPSSOCertTestDB getSynchronizationProfile];

February 2012

15

How To... Configured ured SSO with X.509 for SUP

// Test getting certificate from file NSString *certPath = .... // Absolute path to PKCS12 file SUPLoginCertificate *lc_doc = [cs getSignedCertificateFromFile:certPathwithPassword:@"password"]; // Attach certificate to sync profile sp.certificate = lc; [lc release]; } @catch(NSException *e) { NSLog(@"Exception in getting certificate"); return; } while([SUPMessageClient status] != STATUS_START_CONNECTED) [NSThread sleepForTimeInterval:0.2]; epForTimeInterval:0.2]; [SAPSSOCertTest_SAPSSOCertTestDB beginOnlineLogin]; Store a certificate in a data vault SUPDataVault *vault = nil; SUPLoginCertificate *lc = ...... @try { if(![SUPDataVault vaultExists:@"vaultTest"]) vault = [SUPDataVault createVault:@"vaultTest" withPassword:@"vaultPassword" withSalt:@"vaultSalt"]; else vault = [SUPDataVault getVault:@"vaultTest"]; [vault unlock:@"vaultPassword" withSalt:@"vaultSalt"]; [lc save:@"test" withVault:vault]; } @catch(NSException *e) { NSLog(@"Exception in storing certificate"); return; } @finally { // Guarantee that the vault is locked even if an error occurs [vault lock]; } Retrieve a certificate from a data vault SUPDataVault *vault = nil; SUPLoginCertificate *lc = nil; @try { if(![SUPDataVault vaultExists:@"vaultTest"]) vault = [SUPDataVault createVault:@"vaultTest" withPassword:@" withPassword:@"vaultPassword" withSalt:@"vaultSalt"]; else vault = [SUPDataVault getVault:@"vaultTest"]; [vault unlock:@"vaultPassword" withSalt:@"vaultSalt"]; lc = [SUPLoginCertificate load:@"test" withVault:vault];

February 2012

16

How To... Configured ured SSO with X.509 for SUP

} @catch(NSException *e) { NSLog(@"Exception in storing certificate"); return; } @finally { // Guarantee that the vault is locked even if an error occurs [vault lock]; }

February 2012

17

www.sap.com/contactsap

www.sdn.sap.com/irj/sdn/howtoguides