EP Installation (Informix / MAX DB)

Copy Following CD- NW Component CD- ECC50 SR1 cd- ECC Component- Informix- Java / IGS- Kernal 640- Installation Master- Max DB

Install JDK j2sdk1.4.2_09 - Setup Java Path (JAVA_HOME)- SAPINST_JRE_HOME- Set j2sdk1.4.2_09\bin in PATH variable

Install following products from installation master CD- SAP Netweaver ’04 SR1 -> Java System -> MaxDB -> Central System -> Custom

Installation – Java System- SAP Netweaver ’04 SR1 -> Netweaver Components running on JAVA -> Portal ->

Portal Installation- SAP Netweaver ’04 SR1 -> Netweaver Components running on JAVA -> Content

Management and Collaboration -> Content Management and Collaboration Installation

- SAP Netweaver ’04 SR1 -> TREX -> TREX Instance upgrade & installation- SAP ERP 2004 SR1 -> ABAP System -> Informix -> Non-Unicode -> Central

Instance Installation- SAP ERP 2004 SR1 -> ABAP System -> Informix -> Non-Unicode -> Database

Instance Installation

Check portal installation- http://sapserv39.myworkplace.ril.com: 5<instance no> 00/irj- http://sapserv39.myworkplace.ril.com: 5<instance no> 00/sld- Attach following roles to your id

AdministratorEu_roleContent_admin_roleContentManagerSuper_admin_roleUser_admin_role

Portal Flow- You Want to connect R/3 Backend system

Step 1 : Define System() System Administration -> System Configuration -> System Landscape - > Create Folder Create System (Maintain Following field in object)

R/3 Dedicated systemApplication Host – 10.8.63.210Description – D46_300

GW Host – 10.8.63.210GW Serv – sapgw00Logical system name – Q10clnt300Logon method – SAPlogon ticketClient – 300SID – D46Sysnr – 00Server port – 3200System name – D46_300System type – SAP R3User mapping type : admin.user

Maintan WAS & ITS if remote system is supporting

Define Alias – D46_300

Step –2 : Define portal content() Content Administration -> Portal Content -> RILSAP -> New Iview -> sap_transaction_iview (Maintain following field in object)

Name – D46_300_smlgSAP GUI Type – winguiSystem – D46_300Transaction code - smlg

-> url iview url name : http://ess.ril.com

-> create role name : XYZentry point : yesselect iview -> add iview to role -> copy / Delta link

Performing Single signon configuration between J2EE & ABAP System

So here they are, 10 simple steps :o)

1) Export certificate from portal (verify.der and verify.pse)..... a) Navigate to 'System Administration' >> 'System configuration' >> 'Keystore Administration'...... b) in 'Content' select "SAPLogonTicketKeypar-cert" and press'n'save "Download verify.pse file" and "Download verify.der file".

2) Check existence of SAPJSF user in target system..... a) Create if necessary using transaction SU01...... b) User should have two roles: SAP_BC_JSF_COMMUNICATION and SAP_BC_USR_CUA_CLIENT_RFC (if you have CUA in place)...... c) Probably you will have to generate profiles for those roles in target system (transaction PFCG).

3) Check profile parameters..... a) use transaction RZ10..... b) choose instance profile, 'extended maintenance', then 'Change'..... c) make sure that "login/create_sso2_ticket" is set to "2" and "login/accepte_sso2_ticket" set to "1"4) Export certificate from target system (the system to which you want to connect using SSO from portal)..... a) use transaction STRUSTSSO2..... b) double-click on "Own Certif." on "CN=..." part...... c) press on "Export certificate" button in the middle of the screen and provide file name and path, where to save certificate file.5) Import portal certificate to target system..... a) Use transaction STRUSTSSO2 in target system..... b) push "Import certificate" button in the middle of the screen..... c) in 'File path' field enter path to *.der file, you created in step 1 (or point at it via 'Browse' button)..... d) Press "Enter"..... e) Press 'Add to certificate list' button and then 'Add to ACL button6) Create an JCo RFC provider in J2EE engine of portal system...... a) Logon to J2EE using J2EE Admin tool (go.bat)..... b) navigate to 'Server' >> 'JCo RFC provider' node..... c) On the right side of the screen choose any entry in 'Available RFC destinations' area...... d) Enter information about new destination:..... ..... - Program ID: name of the program (you will need it later) - sapj2ee_port, for example..... ..... - Gateway host - FQDN of target system - server.domain.com, for example..... ..... - Gateway service - sapgw00 for example..... e) in 'Repository' section enter:..... ..... - Application server host - FQDN of target system - server.domain.com, for example..... ..... - system number - 00, for example..... ..... - client - 100, for example..... ..... - logon language - EN..... ..... - user - SAPJSF (from step 2)..... ..... - password (from step 2)..... f) press 'Set'7) Add target system to Security providers list..... a) Open J2EE Admin and navigate to 'Server' >> 'Services' >> 'Security Provider'. In components select 'Ticket'. Enter edit mode (button with pencil above)..... b) select 'Login module' "com.sap.security.core.server.jaas.EvaluateTicketLoginModule" and press 'Modify'..... c) ensure that "ume.configuration.active" is set to "true"..... d) enter following info:..... ..... - Name - 'trustedsysN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trustedsys1'). Enter <SID>,<client> as a value (C11,100 for example)..... ..... - Name - 'trustedissN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trustediss1'). Enter CN=<SID> as a value (CN=C11 for example)

..... ..... - Name - 'trusteddnN' (there should be a number instead "N", if target system is the first one you implementing SSO with, there should be 'trusteddn1'). Enter CN=<SID> as a value (CN=C11 for example)..... e) Press 'OK'..... f) Do substeps b,c,d,e in 'evaluate_assertion_ticket' view for "com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule" login module.8) Import target system certificate to J2EE of portal system (from step 4)..... a) Open J2EE Administrator and logon to portal instance..... b) Navigate to 'Server" >> 'Services' >> 'Key storage'..... c) in 'Ticket keystore' view press 'load' and select certificate of target system, you exported in step 3.9) Restart J2EE instance.10) Create RFC connection in target system..... a) use transaction SM59..... b) Point to TCP/IP connections and press 'New'..... c) Enter name for new connection ("RFC_to_portal", for example), enter connection type "T" (external TCP/IP application) and description. Save...... d) in 'Technical settings' choose "Registered server program" and enter application name from step 6d in "Program ID" field. Provide 'Gateway host' and 'Gateway service' same as in step 6d. Save. Test connection. RFC connection ready.

If You had to change or add parameters in RZ10 (in step 3), do not forget to restart target system.

Also double-check that portal server and target system are in a same domain, this is important for ticket issuing. This thing is always mentioned in various documents.

Now SSO is configured. Try to test it by creating simple iView, that launches WebGUI. Or just simply by going to System Admin - > Support -> SAP Application (thanks, Pankaj Kumar!)

P.S. I tested it on systems, which are based on WebAS 6.20 and 6.40 (BW, XI, CRM). Hope all above is true for older releases.

P.P.S. Some more SAPs documentation links (thanks Karsten Stombrowski!!!):

Single Sign-On with SAP Logon Tickets on help.sap.com:http://help.sap.com/saphelp_nw04/helpdata/en/89/6eb8e1af2f11d5993700508b6b8b11/frameset.htm

Security Guide:https://service.sap.com/~sapdownload/011000358700004812692003E/SecurityGuide_60_SP2_v33.pdf

http://help.sap.com/saphelp_nw04/helpdata/en/8c/2ec59131d7f84ea514a67d628925a9/frameset.htm

User Authentication and Single Sign-On:http://help.sap.com/saphelp_nw04/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm

Perform Cross Domain Single Sign-On with SAP Logon Tickets on service marketplace:

https://service.sap.com/~sapdownload/011000358700001345182005E/Cross_Domain.zip

Installating ESS/MSS Business package

EP –ESS WEB DYNPRO

Some Basic Questions pertaining to Landscape

1. Where is the SLD configured? : Portal

SLD Configuration

1. System Landscape Directory (SLD) is set up on the portal WAS.

2. Import of CIM Model and CR Content in the SLD.

Important Notes

The Updated CIM Model and CR Content zip files are present in portal directory itself (usr/sap/……SLD/model). Unless it is not present there is no need to download it from Service Marketplace.

Import the CIM Model zip file first followed by the CR_Content zip file. Import is finished without errors. Figure below explains how to perform the above imports.

The other way is to select the option “Import from the server”

Step by Step Guide

a. Logon to sld( http://portalserver:50000/sld)

b. Click on Administration link on the top

c. In the Administration area which opens in the same page below the Administration link, click on Import under the Content header.

d. Select the CIM Model zip file from the portal directory and start the import.

e. Once the CIM Model import is successful, Import the CR_Content.zip in the same way as explained in (d)

3. Configure the SLD Server Settings: SLD

Key Points

Enter the portal (portalserver) details in server parameters

Enter the R3 Details in ABAP Connection Parameters Step by Step Guide

a. Logon to sld( http://portalserver:50000/sld)

b. Click on Administration link on the top

c. In the Administration area which opens in the same page below the Administration link, click on Server Settings under the Server header.

d. In the Server Settings area which opens in the same page below the Administration link fill in the relevant details as mentioned in the key points section.

4. Registering Technical Systems: SLD Way:-1

Key Points

Only Web AS ABAP is registered, don’t register Web AS JAVA in this manner.

Step by Step Guide

a. Logon to sld ( http://portalserver:50000/sld) and click on the Technical Landscape link under the Landscape header of the System Landscape Directory Home.

b. In the Technical System Browser area which opens in the same page below the Home and Administration link, Click on the tab New Technical System.

c. Select Web AS ABAP and click Next

d. Enter the R3 Backend details (SID, Installation Number, DB Host Name) and follow the steps asked in the Wizard. Also enter the message server details as asked in the wizard.

e. The Web AS ABAP system is registered and will appear in the list below the ’ New Technical System’ tab.

f. Click on the link of the system registered in previous step ( here RD1 on erpdev ) to view the details.

g. After performing the above settings stop and start the SLD Server.

Way :-2 Using RZ70 Automatic way to generate complete information for the system in the SLD bridge.

Then as shown in the green window in the above pic check for the RFC Gateway settings . The server and service must be of the ABAP engine on which you are going to execute RZ70 transaction . Just ensure that the server is reachable via the sld server machine ( hosts file ) and the entry for sapgw00 exists in services file . All these things are applicable only if the system no is 00 . Else sapgw* need to be adjusted accordingly .

Then login to the R3 / ABAP engine and execute RZ70 .

Ensure the same settings for RFC gateway in SLD Bridge pic and the above RZ70 pic . Then as shown in step 2 select all and then 3 for activating all the things . If the communication happens properly between the two systems , the complete information for this system will get generated in the SLD system which can be seen from the Technical Landscape ABAP System .

Automatic Generation for J2ee engine information in SLD system .

Ensure that the SLD bridge is running properly . Then I am attaching some screen shots for the settings in java .

Check the above settings which again must same as RFC gateway .

check with the CIM Client Test .Then check for the blue color button above the Runtime Tab . Press the button and this will transfer all the data to the sld server which will visible in it . ( SLD Bridge must be running in this case .)

5. Configure the SLD Data Supplier Settings and CIM Client Test and Data Supplied to SLD Test: Visual Administrator

Key Points

All the tests should be successful Step by Step Guide

1. Logon on to portal visual administrator .

2. Go to Server> Services> SLD Data Supplier

3. Enter the suitable values and perform the tests.

6. Restart the portal J2EE Engine.

7. In the Technical Systems in SLD Web AS JAVA system will be visible now.

8. Creation of JCO Destinations

Key Points

Ensure that a super user is created in the backend (webdyn), this user will be used when creating JCO Destinations for metadata.

In case of RFC Error, check the service file of the server, sometimes the respective entry for the message server creates issues.

In the first time one has to create JCO Destinations manually.

Step by Step Guide

1.Logon to portal WAS ( http://portalserver:50000/ ) and click on Web Dynpro link.

In the Web Dynpro page click on Content Administrator

Logon on with administrator id and password

In the Web Dynpro Content Administrator , check the SLD Connections and start the assigned SLD.( Tabs on the top )

5. Create the following JCO Destinations by clicking on the left link and following the wizard instructions.

SAP_R3_Financials

SAP_R3_Financials_MetaData

SAP_R3_HumanResources

SAP_R3_HumanResources_MetaData

SAP_R3_SelfServiceGenerics

SAP_R3_SelfServiceGenerics_MetaData

SAP_R3_Travel

SAP_R3_Travel_MetaData

Note: For Metadata type destinations security is User/Password. For others ticket. Test the JCO Destinations. The tests should be successful.

6. The above JCO Destination can be later edited by clicking Maintain JCO Destinations.

9. Implement SSO using logon ticket9A. Enterprise Portal logon ticket settings : Note no: 721815

9B. Export Portal Certificate 9D. Setting parameters specific to logon tickets in the R3 profile:

Go to transcation:RZ10 and select the Instance Profile of the dbci server

Select extended maintenance and click display

Add the following entries in the profile parameters

login/create_sso2_ticket = 1

login/accept_sso2_ticket=1

its/enable =1

9. Deploy the PCUI and XSS package through the SDM on the portal.

Key Points

XSS Package deployment should be done on the portal.

Note: Goto the Visual Administrator > Server>Services> Deploy and check for the deployed components

10. System Creation in Portal with alias ‘SAP_WebDynpro_XSS’,

Key Points WAS Settings -> Portal WAS

Key Points

-The ess_user should have the role SAP_ESSUSER_ERP attached to his profile

-In case error “PERNR_DOES NOT EXIST” apply note 742210

- In case of error in communication when testing the JCO Connections, check the services file of the server and change accordingly.

*** Trouble Shooting