Monday, February 20, 2012

SINGLE SIGN ON CONFIGURATION ON EP7.0 TO BI SYSTEM (SSO WITH BI )


1.Create RFC Destinations in J2EE Engines in SAP EP 7.0

2.Create RFC Destinations for SAP EP 7.0 in SAP BI

3.Maintain Portal Server Settings for SAP EP 7.0 in SAP BI

4.Maintain Single Sign-On in SAP BI

5.Export the BI Certificate in SAP BI

6.Import the BI Certificate into SAP EP 7.0

7.Create BI Systems in SAP EP 7.0

8.Configure User Management in SAP EP 7.0

9.Export the Portal Certificate into SAP EP 7.0

10.Import the Portal Certificate into SAP BI

11.Import the SAP Basis Plug-In into SAP BW

Create RFC Destinations in J2EE Engines in SAP EP

1.Start the SAP J2EE Engine Administrator with go.bat

2.Connect to the Portal Server.

3.Select <SID>/Server<...>/Services/Jco RFC Provider.

4.Maintain an RFC destination:

Program ID: <PORTAL_HOSTNAME>

Gateway host: <GATEWAY_HOST>

Application server host: Same as Gateway host

System number: <SYSTEM_NUMBER>

Client: <BW_CLIENT>

User: <USER> (User in the BW system)

Password: <PASSWORD>

5.Transfer the RFC destination to the available RFC destinations with the Set button.

6.Start the RFC server with the Start button.

Create RFC Destinations for SAP EP 7.0 in SAP BI

Display and Maintenance of RFC Destinations (SM59).

2.Choose Create.

3.Maintain the RFC destination:

RFC destination: <RFC_DESTINATION>

Connection type: T for TCP/IP connection

Technical settings

Activation type: Registered server program

Program ID: PORTAL_HOSTNAME>

Gateway host: <GATEWAY_HOST>

Gateway service: sapgw<SYSTEM_NUMBER>

Logon/security

Send SAP logon ticket: Activate


4.Save your entries.

Maintain Portal Server Settings for SAP EP in BI

1.Start the transaction Table View Maintenance ( SM30).

2.Enter RSPOR_T_PORTAL as the table.

3.Choose Maintain.

4. choose New Entries.

5.Maintain the connected portal:

RFC destination: <RFC_DESTINATION>

Name of the system: <SYSTEMALIAS>

Portal URL Prefix: <PORTAL_URL_PREFIX>, for example, http://<portalserver><domain>:<port>

6. Save your entries.

Maintain Single Sign-On in SAP BI

1.Set the following profile parameter using the Maintaining Profiles transaction (transaction code RZ10):

login/create_sso2_ticket=1 or

login/create_sso2_ticket=2

The value 1 means that the certificate is signed by SAP CA. The value 2 means that the certificate is self-signed.

Set login/accept_sso2_ticket=1

Export the BI Certificate in SAP BI

1.Start the transaction Trust Manager for Single Sign-On with Logon Ticket (transaction STRUSTSSO2).

2.Select your own certificate by double clicking on the system name.

3.In the menu, choose Certificate - Export.

4.Enter the file path <BW_SID>_certificate.crt (<BW_SID> is the system ID of the BW system).

5.Choose Binary as the file format.

Import the BI Certificate into SAP EP 7.0

1.Start the SAP J2EE Engine Administrator with go.bat

2.choose <SID>/Server<...>/Services/Key Storage.

3.Select the view TicketKeystore under Views.

4.Under Entry, click on Load.

5.Open the file <BW_SID>_certificate.crt.

SAP J2EE Engine accepts the SAP Logon Tickets from the BI system.

1.Start the SAP J2EE Engine Administrator with go.bat

2.Choose <SID>/Server<...>/Services/Security Provider.

3.Choose Ticket as Application.

4.Choose the Authentication tab page.

5.Change the options for com.sap.security.core.server.jaas.EvaluateTicketLoginModule and insert the following values:

trustedsys¡<Number>=<BI_SID>, <BI_CLIENT> (z. B. BIP, 000)

perform the following steps to use the option Send SAP Logon Ticket

1.Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%\admin\go.

3.In the tree, choose <SID>/Server<...>/Services/Security Provider.

4.Choose evaluate_assertion_ticket as Application.

5.Choose the Authentication tab page.

6.Change the options for com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule and insert the following values:

Create BI Systems in SAP EP 7.0

1.Start the iView System Administration - System Configuration- System Landscape.

2.Choose New- System

3.choose either the R/3 with Dedicated Application Server for R/3-System as a template.

Logon method: SAPLOGONTICKET or UIDPW¡

Type of user assignment: admin,user¡

Logical system name:¡ <SID>CLNT<MANDANT>

SAP client: <CLIENT>

SAP system ID (SID) (R/3 name): <SID>

System type: SAP_BI

System name: <SID>CLNT>

WAS host name: <HOSTNAME>:<PORT>

WAS path: /sap/bw/bex

WAS protocol: http or https
4. Maintain an alias for the system in the System Aliases view.

A system alias in the format <SID>CLNT<CLIENT> must exist, where <SID> is the system ID and <CLIENT> is the client for the system. CLNT is predefined. In addition to the system alias in the format above, you can also maintain other system aliases.

In order to use the example role Business Explorer an alias must be maintained in SAP_BW. Multiple system aliases can be defined for a BI system.

5.Save your entries.

Export the Portal Certificate into SAP EP 6.0

To export the portal certificate from the J2EE engine, follow these steps:

1. Start the SAP J2EE Engine Administrator with <PORTAL_DIRECTORY>\admin\go.bat.

2. Connect to the portal server.

3. Choose <SID>/Server<...>/Services/Key storage from the tree.

4. Select the view TicketKeystore under Views.

5. If the SAPLogonTicketKeypair-cert is not available under Entries, generate a portal certificate

6. Under Entry, choose Create.

Enter the following values in Key and Certificate Generation:

The value CN=Common Name is displayed as the owner in transaction STRUSTSSO2 and serves to identify the certificate. SAP recommends that you use <HOSTNAME_PORT> from the portal server.

Entry name: SAPLogonTicketKeypair (the entry SAPLogonTicketKeypair-cert is generated automatically)

Store certificate: X

7. Choose Generate to generate the certificate.

8. Highlight SAPLogonTicketKeypair-cert under Entries.

9. Under Entry, choose Export.

10. Export the portal certificate as <PORTAL_SID>_certificate.crt in file format X.509 Certificate (.crt).

Import the Portal Certificate into SAP BI

1.Choose the menu command Certificate - Import in the transaction STRUSTSS02 and import the file PORTAL_SID>_certificate.crt in binary format.

2.In order to adopt the certificate into the SSO access control list (ACL), in the menu, choose Edit- Certificate in ACL.

In the SAP Enterprise Portal 7.0 you can specify the system ID of the portal as the system and the value 000 as the client.

3.In order to adopt the certificate into SSO access control list (ACL), in the menu, choose Edit- Adopt Certificate.

4.If you want to distribute the settings to multiple application servers, select Distribute in the context menu for the tree on the left side.

5.Save your entries.

Maintain User Assignments in SAP EP 7.0

1.Start the iView System Administration - System Configuration - System Landscape.

2.Navigate to the previously created system, open the context menu and choose Open -Authorizations.

3.Search for the user or the user group or role, add it and issue read authorization.


Import the SAP Basis Plug-In into SAP BI

1. Download the SAP Basis Plug-In (PI_BASIS) from the SAP Software Distribution Center in the SAP Service Marketplace (quick link SWDC).

2. Start the Transport Management System (transaction code STMS).

3. Import the SAP Basis Plug-In into the BW system.

Reactions:

0 comments:

Post a Comment