SAP IS: How to convert the SSH key to p12 format for loading into SAP IS Key Store

SAP IS: How to convert the SSH key to p12 format for loading into SAP IS Key Store.

You can refer the below link to see how to generate the SSH Key pair

SAP IS: How to create an SSH Key pair for SFTP Connection

Download portable cygwin from Portable Cygwin

Once downloaded, you need to uncomment the entries in the cygwin-portable-config.bat and add 'openssl' also to the CYGWN_PACKAGES variable.

Now execute the file cygwin-portable-setup.cmd. This will create a set of folders under the main folder.

You can also install cygwin by following  Setting Up Cygwin/X

Now, you need to follow the below steps to convert the SSH key to p12 format.

1. Copy the generated SSH key into a folder where cygwin can access. In my case I created a folder under Data/admin/aj and copied my ssh key into that folder.

2. Run the file cygwin-portable-terminal.cmd  as administrator

3. Use OpenSSL package commands to create X.509 certificate

openssl req -new -x509 -days 7300 -key ./aj/ajohny_ssh_new.pem -out ./aj/ajohny_ssh_new.x509

Enter the Pass Phrase for the SSH Key (If you have entered pass phrase when generating the key)

Enter the below details when asked: (You can leave it blank as well if you want)

1. Country Name

2. State

3. Locality Name

4. Organization Name

5. Organizational Unit Name

6. Common Name

7. Email Address

Now you can see the certificate is created.

3. Now create the p12 file from the certificate created above

openssl pkcs12 -export -in ./aj/ajohny_ssh.x509 -inkey ./aj/ajohny_ssh.pem -out ./aj/ajohny_ssh.p12

Enter the Pass Phrase for the SSH Key (If you have entered pass phrase when generating the key)

Enter the export password for the p12 file.

Reference : The KEY to unlock the "KEY GENERATION" mystery - SFTP/SSH

Feel free to point out if anything is missing/wrong in this blog.

SAP IS: How to create an SSH Key pair for SFTP Connection

I am adding the steps to generate the SSK Key Pair in my SAP blog, because I had to use this in my SAP Implementation. 

We had to generate the SSH Keys to load into SAP IS for doing SFTP connection.  We had to convert these ssh keys into .p12 format, but the steps for the conversion will be in my next blog. I will update this blog with the link to that once I have it ready.

Update : SAP IS: How to convert the SSH key to p12 format for loading into SAP IS Key Store

1. Download PuTTYgen and install it in your machine.

   You can download it from Download PuTTY: latest release (0.83) or PuTTYgen

2. Open PuTTYgen and choose the Type of Key you want to generate under the Parameters Section. Also specify the Number of bits.

   

   

3. Click on Generate button and move the mouse randomly in the blank area, until the key is generated.

   

   

4. When done, specify the passphrase if you want a passphrase to the key. Adding a passphrase adds an extra security to your private key. 

    

   

5. You can save the private key using the 'Save Private key' button or using the menu Conversions--> Export OpenSSH Key.

6. You can save the public key using the 'Save Public key' button or copy from the "Public key for pasting into OpenSSH authorized_keys file" box in PuTTYgen.

Feel free to point out if anything is missing/wrong in this blog.

ABAP : Deep Link not working after SSO Authentication

In our organization, we have a need to provide a link to the "Display Credit Exposure" page  in SAP Fiori App,  in one of our custom application.

We have got the Deep Link in below format:

https://<host>:<port>/sap/bc/ui2/flp?sap-client=123&sap-language=EN#BusinessPartner-displayCreditExposure?BusinessPartner=12345

The above Deep Link works fine if the user is already logged in to the application. But if the user is not already logged in to SAP, it will ask for authentication, but after the authentication, it is getting redirected to the Home Page as below:

https://<host>:<port>/sap/bc/ui2/flp?sap-client=123&sap-language=EN#Shell-home

Our expectation was that even if the user is not logged in , it should take us to the Display Credit Exposure page after the SSO authentication.

Cause:

The main issue was the intent (#SemanticObject-Action) part of the URL was not getting passed on the re-direction.

Solution:

We followed the below SAP KBA's and the functionality started working fine.

2598498 - Fiori intents in HTTP URL do not work using SAML 2.0 authentication

The below note which is mentioned in the above KBA has the correction instructions and explains what configurations need to be done on SAML and Service Provider Side.

2051210 - Fragments in HTTP URLS are not handled after SAML 2.0 authentication

Feel free to point out if anything is missing/wrong in this blog.