Tuesday, June 28

Single Sign On for Non-SAP Applications

Single sign on is possible for external applications also. By external applications, I mean non sap Application. So the scenario is that a user wants to logon to a non sap application from SAP EP without entering user ID and password. Is this possible? The answer is yes. This is possible by implementing SSO for external usage.
There are 2 ways to implement SSO for external usage.
The Dynamic link library SAPSSPEXT is a very intelligent library. It can extract user id and password from the logon ticket issued by SAP EP. So by using this library logon to external or non sap applications is possible. This library has 2 interfaces viz: JNI  Java  Interface and a COM(Windows) interface. It is available to be downloaded on the sap service marketplace.
Now suppose you have a non-sap applications which is web based and it supports authentication using a HTTP header variable, Web Server Filter method of single sign on is the best for you. This filter studies the logon ticket using a public-key certificate and tries to extract the name of the authenticated user from the logon ticket. This name is then written in the HTTP header variable. Thats it !
Only few web servers support this method of logon. Some of them are Apache Web Server, Microsoft Internet Information Server (IIS), Sun Java System Web Server.

No Need to Remember SAP System Passwords - Implement SSO

What is SSO ?
As the name suggests, single sign on is a feature of SAP EP which enables users to logon to multiple systems during a sessions using only one username and password. SAP EP has various applications integrated into it and users can access those applications. These applications connect to various backend systems. Each system may have login credentials. But when a system is created in SAP EP and user is logged to SAP EP and tries to access data from a system, he not required to logon to that system again if single sign on is configured in the SAP Enterprise portal.
So how do we implement SSO in SAP EP?
There are 2 methods to do it:
1.    Using User mapping and
2.    Using logon tickets. Logon tickets method is recommended by SAP.
User mapping
User mapping can be used when the system is not able to accept the logon tickets. So the mapping is done between the portal ID and user-id and password of the target system. It is not necessary that portal logon id and ECC system logon id are same.
To create a SSO, you need to create a system in portal. Then you need to set various necessary properties of the system created. The logon method property of the system must be set to UIDPW. Also you need to set user mapping to access SAP ECC.
During single sign, secure information that is the user ID and password of the user are sent across network, so a secure protocol for the communication must be used. Recommended is secure socket layer protocol.
Logon tickets
Logon tickets are essentially ticket of user credentials and not the actual user credentials. They do not contain any passwords. This ticket is issued by the portal server after the user has logged in successfully. This ticket is stored in user’s local machine or client as a cookie. Then it can be used by  the external applications like SAP systems to logon. Logon ticket may contain portal user ID and a mapped user ID for logging on to external applications. It contains the valildity period, it contains the information which identifies the system which issued the logon ticket. It also may contain digital signature.

Single Sign On for Non-SAP Applications

Related Posts :

Save Costs, Time, and Efforts-install Business Packages
What Is an Enterprise Portal?

Monday, June 27

Save Costs, Time, and Efforts-install Business Packages

Some basic information about business packages is provided in this post, Business packages are predefined content developed by SAP or third-party vendors that serve particular business requirements.
Business packages are a collection of roles, worksets, pages, or iViews.

By installing a business package, you can save costs, time, and efforts incurred in
implementation. Because it is created by either SAP or third-party vendors, a business
package does not require much development This results in savings. No licensing is involved for importing a business package as long as the customer has purchased licenses for the portal and the backend with which the business package will be integrated.

Depending on the customer’s requirements, you can deploy whole business package, or part of it.  You can integrate  SAP content in the back end with business package. For example, if SAP Human Resources Application (HR), SAP Sales and Distribution (SD), and SAP Business Information Warehouse (BW) etc are already installed, you can install the business package and integrate with the back end to create transactions through the Web.

You can install three types of business packages:
• Business packages for specialists
• Business packages for managers
• Business packages for end users

A business package may consist of:
Portal content objects The roles, worksets, pages, iViews, business objects, and
system objects.
PAR files Portal Archive (PAR) files include Java applications or configuration files
required for content management, collaboration modules and UWL.
Web Dynpro applications Web Dynpro applications can be run in web dynpro iView.
Other objects Visual Composer PAR files , Transport packages,Repository
Manager PAR files etc…

Scalibility - Distribution of Software and Hardware Components and Sizing

This post will discuss aspects related to scalability. How to implement
scalibility by adopting techniques such as distribution of software and hardware components and sizing etc.

What Is Scalability?

What if the user population increases suddenly, the geographical distance of the users from the portal increases, number of portal functionality increases, the number of objects in the portal content directory increase or the size of data used in the KM application increase. The portal’s performance should not be affected by all these factors. The measure of its strength to withstand all these adversities is called scalability.

Scalability is important because by conducting appropriate load tests, you can determine aspects such as how many incoming HTTP requests can be processed in an hour, how many concurrent users can use the portal without significant performance degradation, and how many transactions can be executed in SAP R/3 from the portal.

How can scalability be implemented ?
This can be done by adding new hardware, such as servers, RAM, and hard disks, to maintain the portal’s performance at satisfactory levels  with increasing loads. Also you can distribute portal components to different physical machines so that enough resources are available.

Sizing for Performance and Scalability
Sizing the various components is very important part of portal infrastructure design so that performance and scalability are good under heavy load conditions. Sizing determines the hard disk, memory, CPU, I/O, and network load requirements so that the response time is satisfactory.

Portal can be implemented in phases ranging over say 2 to 5 years. Is sizing is ok, performance will not suffer when system load increases due to increased users, increased workload activity, and other factors.

Sizing determines the success or failure of the project so it must be done ahead of the project start. But the factors which affect scalability and sizing are very dynamic in nature. They can increase of decrease during the implementation cycle also or after the portal has gone live, so sizing has to be kept in process. It is an ongoing activity and it part of portal maintenance.

Important -  Proper sizing ensures that the portal performance does not suffer due to increased load.
The factors that influence sizing are database versions, portal software versions, customer-related factors and operating system versions.

customer-related factors can be the workload on the system, the nature of users in terms of the intensity of use of applications, number of users, geographical distribution of users,the amount of customizing involved.

Factors that can affect sizing are :
• Number of top-level menus in top-level navigation (TLN)
• Number of nodes in the detailed navigation iView
• Layout of the portal desktop and the portal framework page
• Number of iViews in the content area of the portal desktop
• Number of Java iViews that use Java Connector Remote Function Call (JCO RFC)
• Number of iViews that fetch data from SAP and non-SAP backend systems
• Custom navigation iViews and the programming model used to create those iViews
• Number of roles and groups created in the UME database
• Number of concurrent users using the portal
• Think time between two successive clicks
Etc…
It is very important that data about the above stated factors is gathered during the requirement gathering phase and thought is given to it well ahead. This will result in smooth operations after go live.

Sunday, June 26

What Is an Enterprise Portal?

While some argue that the portal is merely a website, others argue that it is more than that. An  enterprise portal can be viewed as a means by which an organization tries to web-enable its applications, services, and information to its internal employees as well as its external partners. So, to that extent, enterprise portal software should be able to solve some of the complex  challenges that arise out of web-enabling systems. To mention just a few examples, the problems could be associated to that of integrating the applications; providing a single sign-on to the end users so that they do not have to remember passwords for different backend applications; providing only the right information to the right user using authentication and authorization methods; ensuring application and network security; increasing usability by using techniques such as role-based personalization; providing content management features; and using KM functionality to integrate unstructured content such as file systems, database
systems, and websites.

INFO Good enterprise portal software should solve the challenges arising out of web-enabling systems and applications.

As you can see, a portal is a website, no doubt, but it is much more than just that. It is
the complexity that surrounds the portal that makes it so much more interesting and worth studying. SAP NetWeaver Portal is one such technology, an amazing one that aims to solve complex issues and tries to bring together the different SAP Business Suite solutions. In a way, it was born out of a need to provide a common user interface for various SAP products and to simplify access to end users using single sign-on. The next few chapters will unravel the potential of the SAP NetWeaver Portal to provide you with a greater understanding of what an enterprise portal is and what it can do for your organization. Portals come in different flavors, such as horizontal and vertical portals, employee portals, and manager portals. Portals can be classified into different categories based on the functionalities they provide and the user populations they serve.

Introduction to SAP NetWeaver Enterprise Portal

In this post, we address what ancha enterprise portal is and how it differs from an
ordinary website. We then discuss the business benefits involved in implementing
an enterprise portal. In the next post, as part of the introduction, we deal with the
SAP NetWeaver Portal in particular and analyze the various components that constitute
the portal.
We also look at the SAP NetWeaver technology stack and analyze the role of the SAP
NetWeaver Portal in the stack. We then address some of the benefits of using the portal,
such as navigating intuitively, drag and relate functionality, branding and personalization,
integration using iViews, role-based personalization, securing the portal, single sign-on, and
ready-made implementation of content using business packages.
Another important component of the SAP NetWeaver Portal is the Knowledge
Management (KM) component that is used for integrating unstructured content. This is
accomplished using two major components—namely, Content Management and TREX.
Knowledge Management provides functionality such as discussion forums, content
workflow, and classification. Sitting on top of KM is the collaboration functionality of
the portal, which provides functionality such as the collaboration room, the Collaboration
Launch Pad, real-time collaboration, and third-party integration.

Why SAP NetWeaver Portal?
One of the first few questions that needs to be answered during a portal implementation is
how do we stand to benefit by implementing a portal? Is it really important to use a portal,
or is it something that can be avoided? A portal provides a means by which we can improve
the business efficiency of a process. For example, by implementing a portal, a company can
provide the right information to the right person at the right time. Based on this information,
the person can make a decision that is not only correct, but also quick.
By implementing an enterprise portal, you can provide the right information in the right
format to the right person at the right time.

The portal provides the required information in one place. Not only does the portal
increase the productivity of an employee, it also reduces the turnaround time of a given
business process. By implementing a portal, a customer service representative can quickly
attend to customer complaints, or a sales representative can place an order at a customer
site and answer customer inquiries regarding pricing.

related post :
What Is an Enterprise Portal ?

SAP EP Connecting to SAP Backend systems

SAP Enterprise portal is a single point of access to enterprise wide information. This information can reside in various types of databases and various type of systems. SAP EP does not generate data on its own. It simply displays data which it fetches from various backend systems. How does it do so? How does it fetch data. There has to be some connection established. This connection is called JCO, the Java Connector.
In case you want to fetch only transaction data, you need not use JCOs. Systems objects would be enough for fetching transaction data.
When you have a portal component, none of the above mentioned connectors will be useful. You will have to use connector using SAP Connector Framework which is based on JCA. These three connection types in detail are written below.
Transaction Data:
So for transaction data, you have to create a system object on SAP EP. For this, go to system admin->system configuration. Right Click on a folder and say create system. Enter all mandatory parameters needed to create a system, its host name, port number etc. Enter system alias. Alias is the name by which system is identified when transports are done. Once you enter system alias and mandatory parameters, you are done. This system object which you just created can help you getch transaction data in SAP enterprise portal.
RFC or BAPI data in WDJ application:
For this you have to create JCO. In SAP Enterprise portal, screens are provided to create and maintain JCO. There is nothing much to explain here as the screen for creating and maintenance of JCO is self explanatory. You can go web dynpro console on sap ep and say create a JCO destination. You will need to provide system object name and user ID and password to logon to that system.
SAP Connector Framework using JCA:
Here we use connector based on JCA. This is one of the most important connections to the backend as it connects a portal component to backend. JCA code is available on the sap help portal. Copy the code from there. Create a system object in SAP EP and configure a Alias for it. Then you need to provide this Alias in the JCA code which you copied from the sap help portal.
In the process of establishing connection, JCA hands over the control to system object which is identifies in the code. System object in turn fetches data from the backend and the control is again transferred to JCA.
Two important things to be noted here are system Alias and user mapping. When a system is transported to another environment in the landscape, its user mapping and alias have to transported along with it manually. If this is not done, none of the connections using that system would work.

Instant start to Netweaver portal administration

This post will provide you a basic and instant start to Netweaver portal administration. Definitions of the most important things that you much know for portal administration are covered in this post.

Usage Types
Before I tell you what are usage types, I must tell you that usage types made a SAP Portal administrator's life easy. Usage types were introduced when SAP Came up with SAP Netweaver Portal 7.0.
Usage types of SAP NetWeaver are software units to be installed. The usage types Application Server ABAP and Application Server Java are used as a foundation for other units. You can select one or more usage types during NetWeaver installation.


SLD
If you are a portal administrator you must know how to configure SLD. This can be done manually also and there is an automated way of doing this. You can chose one depending on your situation and requirements.
The SLD configuration is included in the AS Java installation. In some cases, the SLD configuration has to be changed. Below are main steps to be followed while changing the SLD Configuration.

  • Specify the Groups and Users That Can Operate in the SLD
  • Specify Where to Persist the SLD Information and Who Can Alter It
  • Fine Tuning the SLD Server
  • Initial Import of the SAP CIM model or the CR Content
  • Configuring the Channel for Receiving SLD Reports

JCO
JCO or the Java Connectors connect SAP EP applications to SAP R/3 systems. So basically they fetch data and functionality from the SAP systems to be used and displayed in SAP EP or in applications which are used by SAP EP. For example, SAP Web Dynpro Java applications can talk with the SAP systems using JCO. As a portal administrator, you must know how to created, edit, check and activate a JCO. How to delete a JCO, how to troubleshoot a JCO in case of errors in connection.

Properties of Iview, workset and roles
Various properties of Iviews, worksets, roles are a must to know. This is important when administrator is asked to create/modify these PCD objects. Based on various business requirements, portal administrator may have to change the properties at runtime or design time and achieve what is needed.

Admin Tools
Various tools like Visual admin, Config tool and offline config editor are must.

SSO and System Configurations
Single Sign On means that portal user will have to punch in his/her username and passord only once and after that he/she will not be asked for login credentials no matter which system he/she tries to access through portal. This feature of SAP Netweaver portal helps you a lot by providing you the freedom to forget passwords. SAP EP connects to various backend SAP systems on your behalf. It is very important topic to be known by a portal administrator. Frequently asked in interview questions. How to create a SSO. How to change SSO settings etc etc...

Monday, June 13

Connecting SAP EP to a SQL database

This post will explain the procedure of connecting SAP EP to a SQL database.

Create a portal project. Create a portal component of type abstractportalComponent in the project. Add few external Jar files in the portal project. These external jar files will be needed while writing some code for the connection. The Jar Files to be added in the project build path are :
j2eeclient/activation.jar
j2eeclient/connector.jar
portalapps/com.sap.portal.ivs.connectorserviceapi.jar
other/genericConnector.jar
j2eeclient/jta.jar

The Code to open a connection is written below
public class JDBC extends AbstractPortalComponent {
public void doContent(
IPortalComponentRequest request,
IPortalComponentResponse response) {
// Open a connection
IConnectorGatewayService cgService =
(IConnectorGatewayService) PortalRuntime
.getRuntimeResources()
.getService(
IConnectorService.KEY);
ConnectionProperties prop =
new ConnectionProperties(request.getLocale(), request.getUser());
IConnection client = null;
try {
client = cgService.getConnection("myDB", prop);
} catch (Exception e) {
response.write(e.toString());
return;
}
try {
// Issue SQL Query statement
INativeQuery query = client.newNativeQuery();
String queryStr =
"SELECT name, address, zip FROM hotel.hotel";
Object result = query.execute(queryStr);
// Iterate returned result
ResultSetMetaData recordMetaData =
((ResultSet) result).getMetaData();
int colNum = recordMetaData.getColumnCount();
//result.beforeFirst();
response.write("<table border=1>");
while (((ResultSet) result).next()) {
response.write("<tr>");
for (int i = 1; i <= colNum; i++) {
response.write("<td>" + ((ResultSet) result).getString(i)+ "</td
}
}
// Close the connection
client.close();
} catch (QueryExecutionException e) {
response.write(e.toString());
} catch (CapabilityNotSupportedException e) {
response.write(e.toString());
} catch (ConnectorException e) {
response.write(e.toString());
} catch (InvalidQueryStringException e) {
response.write(e.toString());
} catch (ResourceException e) {
response.write(e.toString());
} catch (SQLException e) {
response.write(e.toString());
} catch (Exception e) {
response.write(e.toString());
}
}
}

After writing this code, if error occur, right click in the editor and say organize imports. Make sure that you have service reference in the <application-config> tag.
<application-config> <property name="ServicesReference" value="com.sap.portal.ivs.connectorservice"/> </application-config>

Then upload the PAR file.
Thats it. The portal application you created above is ready to be tested. Now by merely changing the query you wrote i nthe above code to fetch data from the hotel table can be changed to fetch data from any other database table as well.

Sunday, June 12

Methods of IUserFactory API and Iuser API

There are various tasks which can be perfomed by using the IUSERFACTORY API of the UME(user management engine).
Instantiate user objects
Create New Users
Delete existing users
search users
and perform mass commit/rollback operations on a set of users
Access to the users factory is possible by using the following lines of code

import com.sap.security.api.*
IUserfactory userfact = Umfactory.getUserfactory();

You can obtain a user object by using the userfactory provided you know the logon ID or the Unique ID of the user.
getUserFactory.getUser(String UniqueID);
getUserFactory.getUserbyLogonID(String LogonID);

If you want to get user and prepopulate specific attributes, use the following method
getUserFactory.getUser(String UniqueID, AttributeList AttrList);


Most of the information needed for processing in a web dynpro java application is present in the IUser Object. Information about the name of the user, their unique ID, LDAP attributes, display name, role membership, etc are available from the IUser object.It is also possible to edit the corresponding profile data with the interface IUserMaint.

Obtaining information about the current User
The user associated with current portal request can be obtained by using getUser() methos in the IPortalComponentRequest Object.

IPortalComponentRequest request  = .... ;
IUser user  = request.getUser();
String Username  = user.getDisplayName();
String depname  = user.getDepartment();

Obtaining Information about another User
You can access any user by using the getuserbyLogonID() provided you have the logon ID of the desired user
An Exception would occur if the user does not exist

String uid = "demouser";
try
{
Iuser user  = UmFactory.getuserFactory().getUserbyLogonID(uid);
String username  = user.getDisplayName();
}
cartch(UME Exception e)
{
wdComponentAPI.getMessagemanager.reportexception(e.getlocalizedmessage, false);
}

The above lines of code also are applicable if you know the unique ID of the user whose information is required. Instead of method getUserbyLogonID(), use getUserbyUniqueID().

Searching for Users
steps are :
create a search filter from the userfactory.
set the search attributes for the search.
invoke the search
iterate thourgh the results

The result of the search is of type ISearchResult and returns an iterator containing the UniqueIDs of the principals returned.
The SearchReult also contain the state of the search.
Search_Result_Incomplete
Search_Result_OK
Search_Result_UNDEFINED
Search_Result_EXCEEDED
TIME_LIMIT_EXCEEDED

IUserFActory userfact = UMFactory.getUserFactory();
IUserSearchFilter userfilt  = userfact.getUserSearchFilter();
userfilt.setLastName("bohra*");
ISearchResult result  = userfact.SearchUsers(userfilt);
if (result.getState() == ISearchResult.SEARCH_RESULT_OK)
{
while(result.hasNext())
{
String uniqID = (string) result.next();
IUser thisuser  = userfact.getuser(uniqID);
}
}
else
{
// print error or warning.
}

}


Saturday, June 4

Portal Look and Feel - Branding the Portal

After portal installation, user want to change the look and feel and the appearance of portal for his organization, for customers, partners etc. This process is called Branding. During Branding, we create various portal desktop.
One particular type of appearance of portal is called a portal desktop. Portal desktop is a combination of
portalframework pages and portal theme. How things are arranaged on the portal screen is determined by portal framework pages and the feel of portal screen is determined by the portal theme. Once portal desktops are created, they have to be assigned to user or group of users. This can be done by using portal display rules. So in other words, you use portal display rules to assign portal desktops to various users or group of uers. These portal display rules are accumulated in a Master Rule Collection (main_rule).

Portal feamework page determines the navigational structure, layout and content of the portal desktop. Portal
Theme determines the colour, size, font and other visual aspects of various UI elements. So the following steps can be performed to create portal desktops
  • create navigation iviews
  • build navigation pages using iviews created above
  • create page layout
  • create framework page using page layout and navigation page
  • create theme
  • create portal desktop using theme and framework page
  • create rule in master rule collection (main_ruke)
  • assign portal desktop to the newly created rule.
After doing this, log off from the portal and login again, changes the new portal desktop your created
will be visible to you. Errors can occur like 'Error occurred while trying to access desktop'. This may
be because you have not assiged logged in user ID to the display rule created for newly created portla desktop or the portal desktop is deleted etc.Troubleshotting for such type of errors can be done in System Administration  Portal Display. Go to Portal Content Portal Users Standard Portal Users  Default Portal Desktop.
Below are few SAP notes which are useful if you face problems in accessing newly created portal desktops

  • Changes to Default Framework Page have no effect--------687485
  • NW’04 upgrade to >=SP11 Theme Editor missing themes-----861452
  • Error occurred while trying to access desktop-----------869690
  • Error occurred while trying to access framework page----856865
  • Full-Control permissions required to edit Rule Collection--823210
  • Cannot log in: “No portal desktop defined for this user”---715307
Related Articles :

SAP EP - Standard Portal Services
Portal Eventing and Navigation
How to Develop Portal Applications
SAP EP-Developing portal content and assigning permissions
SAP EP-Role maintenance
SAP EP-How to make Enterprise Portal highly available
SAP Material Management Introduction
SAP EP-J2EE architechture

    SAP EP - J2EE architechture

    Introduction
    This article will discuss about the important components of portal technical infrastructure.

    I will talk mainly about the SAP WAS, ABAP and TREX. I will also dicuss about the minimal WAS java installation and a large cluster installation in which we use load balancer.  Once you have a complete understanding of the J2EE infrastructure, you are in a position to design a optimal portal infrastructure which will have all the important features : high availability, scalability, performance, security, and so on.

    Components of a Portal Infrastructure
    Various systems and devices comprise or come together to form the technical infrastructure :  operating systems, network systems, firewalls, high availability solutions, load-balancing devices, and storage devices etc…

    Major components of a portal technical infrastructure are :
    • Web clients
    • Internet browsers
    • PDAs
    • Mobile solutions
    • Web infrastructure
    • Load balancer
    • Web servers
    • Web dispatchers
    • Proxy servers
    • Portal server
    • Portal platform
    • Knowledge management
    • Content management
    • Collaboration platform
    • J2EE engine
    • Web AS database
    • User Management Engine (UME)
    • TREX components
    • Web server
    • Retrieval and Classification Engine
    • Retrieval and Classification Index

    In this post I shall discuss mainly about the J2EE architecture and the TREX components.

    Web AS Java Architecture
    We will have a look at components in a Web AS Java installation. A typical installation has
    a central instance, a central services instance, a Java instance, and a database instance.

    What does the central instance consist of ? it consists of a dispatcher, a server, and a Software Delivery Manager (SDM).

    The central services instance contains the message service and the enqueue service
    installed together on one machine.

    The Java instance does not contain an SDM. The Java instance can contain a dispatcher and one or more J2EE server processes.

    These various instances can be installed on separate physical machines and if they are installed in this way, scalability and availability of the system can be enhanced.


    When we form a java cluster, more than one java instances can be there but only one central service instance. If there are more than one java instances then there has to be a load balancer such as a sap web dispatcher to distribute the load or the incoming requests to various java instances in the cluster.
     
    A java instance has n number of server processes. The number of server processes available in a java instance depends upon RAM of the host on which that Java instance is installed.

    Apart from server processes, a Java  instance has something called java dispatcher.
    It is a kind of load balancer that receives the client request and forwards it to the server process. Message service tells the java dispatcher as to which is the most suitable server process to which the request should be routed.

    Server process will process  the request and will store the user session.

    The java instance in the cluster which has a SDM installed on it is called the central java instance.

    There is something called Java Startup and Control Framework which is used for starting and stopping the Java instance. So it can be controlled and monitored using the SCF.

    Related Articles :