Sunday, July 12, 2009

Importing the SAP Basis Plug-In

To integrate between SAP BW 3.5 and SAP EP 6.0 (especially for SAP role upload), you need to import the SAP Enterprise Portal Plug-In (PI_BASIS).


As of SAP Web Application Server 6.40, the SAP Enterprise Portal Plug-In is part of SAP Basis Plug-In. For more information, see SAP note 723189.

Procedure

1. Download the SAP Basis Plug-In (PI_BASIS) from the SAP Software Distribution Center in the SAP Service Marketplace (quick link SWDC).

2. Start the Transport Management System(transaction code STMS).

3. Import the SAP Basis Plug-In into the BW system.

Check

You can do a check when you upload BW roles into the portal. For more information.

For more information, see SAP note 655941.

Setting Up the Repository Manager for BW Documents and BW Metadata

Documents and metadata created in SAP BW (especially documentation for metadata) can be integrated into the Knowledge Manager of the SAP Enterprise Portal using the Repository Manager. There they are displayed together with other documents for the end user in a directory structure.

The documents are located in the BW system. The Repository Managers enable access to these documents within the portal using Knowledge Management. The variegated functions of Knowledge Management can be applied to these documents (feedback, rating, text search and so on).

The Repository Managers for BW documents and BW metadata are especially useful for two scenarios:

· BEx Web Application as a Link in Knowledge Management .

· BW documents and BW metadata.


Note that Repository Managers cannot be used for navigating in Knowledge Management unconditionally. Because of the flat folder hierarchy, a directory can contain a very large number of objects (for example, all queries for a system) and displaying the documents in a KM navigation iView can lead to problems in terms of performance.

For more current information, see SAP note 702350.

Procedure

1. Log on to the portal.

2. Start the iView System Administration ® System Configuration ® Knowledge Management ® Content Management.

3. Choose Content Management ® Repository Managers.

4. Under Classes, choose BW Document Repository.

5. Create a new instance of the BW Document Repository and choose New.

6. Enter settings as required. For more information on what the individual parameters mean, see Repository Manager for BW Documents.

7. Choose OK to save the settings.

8. Under Classes, choose BW Metadata Repository.

9. Create a new instance of the BW Metadata Repository and choose New.

10. Enter settings as required. For more information on what the individual parameters mean, see Repository Manager for BW Metadata.

11. Choose OK to save the settings.

Check

Start the iView Content Administration ® KM Content. Open the Knowledge Management folder for the BW documents and the folder for the BW metadata. The names of the folders correspond to the prefixes entered above.

Exporting the Portal Certificate in BW

The portal certificate is needed for displaying content from SAP BW in the portal and has to be imported in the BW system (see Importing Portal Certificate).

Procedure

To export the portal certificate from the J2EE engine, follow these steps:

1. Start the SAP J2EE Engine Administrator with \admin\go.bat.

2. Connect to the portal server.

3. Choose /Server<…>/Services/Key storage from the tree.

4. Select the view TicketKeystore under Views.

5. If the SAPLogonTicketKeypair-cert is not available under Entries, generate a portal certificate using the following steps. Otherwise you can continue with the export under step 9.

6. Under Entry, choose Create.

Enter the following values in Key and Certificate Generation:

¡ Subject properties: Every key has to have a value under Value.

The value CN=Common Name is displayed as the owner in transaction STRUSTSSO2 and serves to identify the certificate. SAP recommends that you use from the portal server.

¡ Entry name: SAPLogonTicketKeypair (the entry SAPLogonTicketKeypair-cert is generated automatically)

¡ Store certificate: X

¡ Algorithm: DSA

7. Choose Generate to generate the certificate.

8. Highlight SAPLogonTicketKeypair-cert under Entries.

9. Under Entry, choose Export.

10. Export the portal certificate as _certificate.crt in file format X.509 Certificate (*.crt).

Result

The exported portal certificate can then be imported into the BW system. For more information, see Importing the Portal Certificate.

If you want to connect multiple portals with the same system ID to a BW system, you have to maintain the login.ticket_client parameter:

Configuring User Management in BW

You need to make several settings in user management of the portal to enable single sign-on between SAP BW 3.5 and SAP EP 6.0.

The SAP reference system is required for communication from the BEx tools in the portal. Maintenance of a SAP reference system is only necessary when the technical user names in SAP BW and SAP EP are different and user assignment is necessary. You can makes sure that the user names are identical using the central user management. For more information on the SAP EP side of this, see User Management Engine and UME Data Sources. On the SAP BW side, you can find more information about centralized user management at Directory Services (BC-SEC-DIR).

For more information, see Security.

Procedure

1. Log on to the portal.

2. Start the iView System Administration ® System Configuration ® Configuration for User Management.

3. Choose the Security Settings tab page.

4. Under SAP reference system, enter the standard system alias of the BW system (see Creating a BW System in the Portal).

5. Save your entries.


Only one system can be specified as the SAP reference system. The SAP reference system does not have to be the BW system. However, if it is not the BW system, the technical user name of the BW system has to be identical with the technical user name of the SAP reference system.

If you want to connect multiple portals with the same system ID to a BW system, you have to maintain the login.ticket_client parameter:

...

1. Log on to the portal.

2. Start the iView System Administration ® System Configuration ® Configuration for User Management.

3. Select the Direct Editing tab page.

4. Insert the following line: login.ticket_client=

5. Save your entries.


You can select any value between 000 and 999 as the . The client is necessary if several portals with identical portal SIDs are connected. The client has to be entered when you import the portal certificate into the BW system on future occasions.


After making changes to user management in SAP EP, you have to restart the J2EE Engine with SAP EP.

End of Content Area

Creating BW Systems in the Portal

The BW system must be set up in the portal so that content from SAP BW can be displayed in it. The system is entered into the Portal System Landscape Directory.

This setting is required for all integration scenarios (see Integration from the Viewpoint of Administrators and Authors).

Procedure

1. Log on to the portal.

2. Start the iView System Administration ® System Configuration ® System Landscape.


The systems are maintained with the Portal Content Studio. For more information about using the Portal Content Studio, see Integration Using the Portal Content Studio.

3. Choose New ® System in the context menu of the Portal Catalog.

4. Depending on the system landscape, choose either the R/3 with Load Balancing (SAP_R3_LoadBalancing) or Dedicated Application Server for R/3-System (SAP_R3_Dedicated) as a template.

5. Maintain the most important properties with the property category Display All.

¡ Logon method: SAPLOGONTICKET or UIDPW

¡ Type of user assignment: admin,user

¡ Logical system name: CLNT


This is the recommended convention for logical system names, consisting of the system ID and the client.

¡ Remote host type: 3

¡ SAP client:

¡ SAP system ID (SID) (R/3 name):

¡ System type: SAP_BW

¡ System name: CLNT

¡ WAS description:

¡ WAS host name: :

¡ WAS path: /sap/bw/bex

¡ WAS protocol: http or https


All system entries refer to the BW system.

You can determine the WAS hostname, WAS path and WAS protocol settings using function module RSBB_URL_PREFIX_GET (transaction code SE37).

To use Drag&Relate, maintain the following properties:

¡ Admin User-ID (DQE):

¡ Admin password (DQE):


The Distributed Query Engine (DQE) executes the requests to the BW system with the Admin User above.

If you are using R/3 with Load Balancing (SAP_R3_LoadBalancing), you must also maintain the following properties:

¡ Group:

¡ Message server:

¡ Server port:


The server port is frequently maintained by system administrators on the local PC in the c:\windows\system32\drivers\etc\services file. The server port of the system is entered into the file as sapms.

If you are using a Dedicated Application Server for R/3 System (SAP_R3_Dedicated), you must also maintain the following properties:

¡ Application host:

¡ Gateway host:

¡ Gateway service:

¡ SAP system number:


The report Maintaining Settings for Integration into SAP Enterprise Portal (RSPOR_SETUP) determines most of the mandatory values for the above properties automatically.

6. Maintain an alias for the system in the System Aliases view.

A system alias in the format CLNT must exist, where is the system ID and is the client for the system. CLNT is predefined. In addition to the system alias in the format above, you can also maintain other system aliases.


During integration of SAP BW 3.5 and SAP EP 6.0, the system alias in SAP 3.5 must be entered into the table Connected Portals (see Maintaining Portal Server Settings for EP 6.0).

In order to use the example role Business , an alias must be maintained in SAP_BW. Multiple system aliases can be defined for a BW system.

7. Save your entries.

Check

With the Connection Tests you can check the settings above. However, only the SAP Web AS Connection and the Connection Test for Connectors.

Importing the BW Certificate

The BW certificate must be imported into the portal so that content from the portal can be displayed in SAP BW, such as the portal roles in the BEx Web Application Designer, for example.

Prerequisites

Before the BW certificate can be imported into the portal, it has to be exported from the BW system. For more information, see Exporting the BW Certificate.

Procedure

Follow these steps to import the BW certificate into the J2EE engine:

1. Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%\admin\go.

2. Connect to the portal server.

3. In the tree, choose /Server<…>/Services/Key Storage.

4. Select the view TicketKeystore under Views.

5. Under Entry, click Load.

6. Open the file _certificate.crt.

Perform the following steps so that the SAP J2EE Engine accepts the SAP Logon Tickets from the BW system as an external system.

...

1. Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%\admin\go.

2. Connect to the portal server.

3. In the tree, choose /Server<…>/Services/Security Provider.

4. Choose Ticket as Component.

5. Choose the Authentication tab page.

6. Change the options for the com.sap.security.core.server.jaas.EvaluateTicketLoginModule parameter and insert the following values:

trustedsys=, (for example, BWP, 000)

trustediss= (for example, CN= BWP, OU=I0020114583, OU=SAP Web AS, O=SAP Trust Community, C=DE)

trusteddn= (for example, CN= BWP, OU=I0020114583, OU=SAP Web AS, O=SAP Trust Community, C=DE)


is a number for all three entries, but must be incremented by one for every external system.

and are the system ID and the client of the BW system.

and correspond to the Own Certificate value in the transaction Trust Manager for Single Sign-On with Logon Ticket (transaction code STRUSTSSO2). The value trustediss corresponds to the value Issuer; the value trusteddn corresponds to the value Owner.

As of SAP BW 3.5 SP 11 in SAP NetWeaver SP Stack 11, you have to perform the following steps to use the Send SAP Logon Ticket option (see Creating an RFC Destination for SAP EP 6.0):

...

1. Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%\admin\go.

2. Connect to the portal server.

3. In the tree, choose /Server<…>/Services/Security Provider.

4. Choose evaluate_assertion_ticket as Component.

5. Choose the Authentication tab page.

6. Change the options for the com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule parameter and insert the following values:

trustedsys=, (for example, BWP, 000)

trustediss= (for example, CN= BWP, OU=I0020114583, OU=SAP Web AS, O=SAP Trust Community, C=DE)

trusteddn= (for example, CN= BWP, OU=I0020114583, OU=SAP Web AS, O=SAP Trust Community, C=DE)


The values correspond to the above values under Component Ticket.

Exporting the BW Certificate

The BW certificate must be generated in and exported from the BW system so that it can be imported into the portal afterwards. The BW certificate is needed in the portal so that portal contents can be displayed in SAP BW.

The various scenarios are described in detail from a security viewpoint under Security.

Prerequisites

You have set up Single Sign-On. For more information, see Maintaining Single Sign-On.

Procedure

1. Start the transaction Trust Manager for Single Sign-On with Logon Ticket (transaction STRUSTSSO2).

2. Choose your certificate. Your own certificate is located in the System PSE area in the Own Certificate field. When you double click on the field value, the certificate is displayed in the Certificate area. You can proceed with step 3 once the certificate appears in that area.


If your own certificate is not available, generate a certificate using create in the context menu of system PSE and distribute it using PSE ® Distribute All to all application servers for the BW system. There may be a time delay when distributing the certificate. If necessary, check whether the certificate has been successfully distributed.

3. In the menu, choose Certificate ® Export.

4. Enter the file path _certificate.crt ( is the system ID of the BW system).

5. Choose Binary as the file format.

The file _certificate.crt is used for the step Import BW Certificate in the settings in SAP EP 6.0.

Check

You can look at the _certificate.crt file using Windows Explorer.

End of Content Area

BW Security

In information broadcasting and integration of SAP BW and SAP EP you take the following scenarios into consideration in regard to security.

· Calling BEx Web Applications from the Enterprise Portal

· Information Broadcasting as Background Processing

· Information Broadcasting in the Web

· Publishing to the Enterprise Portal

You need special authorizations to be able to use information broadcasting. System administrators need authorization object S_RS_ADMWB with the field RSADMWBOBJ = BR_SETTING. Users that precalculate business intelligence content and would like to schedule things require the authorization object S_RS_BCS. For more information, see Overview: Authorization Objects and Authorizations for Working with a Query.

You can also use single sign-on for integration of SAP EP and SAP BW. BEx Web Applications are usually called from the Enterprise Portal. SAP EP supports and issues SAP logon tickets. Due to the close integration of SAP BW 3.5 and SAP EP 6.0, users can also start in SAP BW, where single sign-on is also supported. The following graphic illustrates the interaction between SAP BW and SAP EP in terms of single sign-on:

This graphic is explained in the accompanying text

Leaving content frame

Maintaining Single Sign-On in BW

You need Single Sign-On tickets (SSO tickets) that are generated in the BW system to include portal content in the BEx Web Application Designer. In order to call BEx Web Applications in the portal, the BW system has to accept SSO tickets from the portal.

This setting is required for all integration scenarios . The various scenarios are described in detail from a security viewpoint under Security.

Procedure

1. Install SAPSECULIB on each application server of the BW system to use Single Sign-On (SSO).


It is not necessary to install the SSO software on the client PC.

2. Set the following profile parameter using the Maintaining Profiles transaction (transaction code RZ10):

¡ login/create_sso2_ticket=2

The profile parameter generates SSO tickets in the BW system that are required for communication from SAP BW 3.5 to SAP EP 6.0. The value 2 means that the certificate is self-signed.

¡ login/accept_sso2_ticket=1

The profile parameter means that the BW system accepts SSO tickets from other systems (for example, from portals) if the certificate has been imported.

For more information, SAP Note 354819.

Check

A check is only possible after all security settings have been completed.

End of Content Area

Maintain Portal Server Settings for SAP EP 6.0

In the Maintain Portal Server Settings for EP 6.0 Customizing activity, you have to make a number of settings in the Connected Portals table (technical name: RSPOR_T_PORTAL).


The Connected Portals table is completely buffered. After maintaining this table, you need to initialize the table buffer on the SAP BW application servers. This can be done in the SAP GUI with /$tab.

You need these settings for all integration scenarios.

Procedure

...

1. Start the transaction Table View Maintenance (transaction code SM30).

2. Enter RSPOR_T_PORTAL as the table.

3. Choose Maintain.

4. To create a new entry, choose New Entries.

5. Maintain the connected portal:

¡ RFC destination:

¡ Name of the system: (see Creating BW Systems in the Portal )

¡ Default:

¡ Portal URL Prefix: , for example, http://:

¡ RM prefix for BW metadata: , for example /bw_metadata

¡ KM Service URL:

6. Save your entries.

Settings for the Connected Portal

RFC Destination and Name of the System

Maintenance of a RFC destination using transaction SM59 is necessary for integration between SAP BW 3.5 and SAP EP 6.0. Enter this RFC destination into the Connected Portals table (RSPOR_T_PORTAL) so that the RFC destination is recognized as a connected portal.

Communication between the BW system and the SAP Enterprise Portal takes place through the RFC destination. An RFC destination corresponds to a connected portal. The Name of the System field corresponds to the alias on the BW system. The alias is defined in SAP Enterprise Portal 6.0. The iViews in the Enterprise Portal can be clearly assigned to a BW system using the name of the system.


Check the information under Importing a Portal Certificate and Exporting a Portal Certificate in regard to multiple portals.

Settings for Information Broadcasting

In addition to the RFC destination and the name of the system, you can also maintain the fields Default, URL Prefix, KM Metad.RM Prefix and KM Service URL in the Connected Portals table (RSPOR_T_PORTAL). These fields have to be maintained for Information Broadcasting. The BEX Broadcaster needs this information in order to be able to provide input help for folders in Knowledge Management . To store online links to queries or BEx Web applications in Knowledge Management, the prefix for the Repository Manager for BW metadata is needed. These fields are not required for other scenarios.

You need to select exactly one portal in the table to designate it as the standard portal. The designated portal is used for selecting a folder in the BEx Broadcaster.

You can overwrite the standard portal with the parameter ID RSPOR_DEFAULT_PORTAL (SET/GET-Parameter).

...

1. In the SAP GUI, choose System ® User Profile ® Own Data in the menu.

2. In the Parameter tab page, enter the parameter ID RSPOR_DEFAULT_PORTAL and the appropriate parameter value. The parameter value is the name of the RFC destination from the Connected Portals table.

The URL Prefix field contains the URL to the portal, including protocol, host name and port.

Maintain the Repository Manager prefix for BW metadata in the KM Metad. field. RM Prefix. This prefix is determined while you are setting up the Repository Manager.

You can use another service for input help for folders in Knowledge Management as needed with the KM Service URL. At the moment there is only one service, so this field remains empty.


If you do not maintain the table, the associated menu entries for publishing in the BEx Web Application Designer and BEx Query Designer will be deactivated.

Check

Start the BEx Web Application Designer. In the Publish menu, the entry with Enterprise Portal 6.0 is activated.

End of Content Area

Creating an RFC Destination for SAP EP 6.0

Maintenance of a RFC destination using Display and Maintenance of RFC Destinations (transaction SM59) is necessary for integration between SAP BW 3.5 and SAP EP 6.0.

This setting is required for all integration scenarios .

Prerequisites

Before you create an RFC destination in the BW system you have to Create an RFC Destination in the J2EE Engine.

Procedure

Using the Maintaining Portal Server Settings for EP 6.0 Customizing activity, you can enter this RFC destination into the RSPOR_T_PORTAL table so that the BW system recognizes the RFC destination as a connected portal. Communication between the BW system and the SAP Enterprise Portal takes place through the RFC destination.

1. Start the transaction Display and Maintenance of RFC Destinations (transaction code SM59).

2. Choose Create.

3. Maintain the RFC destination:

¡ RFC destination:

¡ Connection type: T for TCP/IP connection

¡ Description:

¡ Technical settings

§ Activation type: Registered server program

§ Program ID: _PORTAL_

§ Gateway host:

§ Gateway service: sapgw

¡ Logon/security

§ Send SAP logon ticket: Activate

4. Save your entries.

Settings for the RFC Destination

Name of the RFC destination

The name of the RFC destination for an Enterprise Portal should be selected carefully.

The name of the RFC destination is saved in the Information Broadcasting settings. Saving is necessary to be able to uniquely identify the used, connected Enterprise Portal for integration with Knowledge Management.


The broadcast settings can be transported between BW systems. For this reason, the name of the RFC destination should be identical in the source and target systems.

The name recommended by SAP for the RFC destination to the connected portal is SAP_EP.

Connection type

Select a connection type T for TCP/IP Connection.

Description of the RFC destination

You can maintain the description of the RFC destination language dependently. The language-dependent description is used when publishing iViews from the BEx Web Application Designer and BEx Query Designer if multiple portals are connected to the BW system.

Activation type

Select Registered Server Program as the activation type.

Registered server program

The server program is set up under the program ID on the J2EE engine. The recommended naming convention is _PORTAL. You can find more information under Creating RFC Destinations in the J2EE Engine.

Gateway options

Under Gateway Options, enter the gateway host and the gateway service with which the J2EE engine communications with the BW system. The gateway host, an application server for the BW system, and the gateway service can be comprised generically of sapgw. You can determine the parameters for the gateway with the Gateway Monitor transaction (transaction code SMGW) using Goto ® Parameter ® Display.

Send SAP logon ticket

The option Send SAP Logon Ticket will be possible from SAP BW 3.5 SP 11 with SAP NetWeaver 04 SP Stack 11. You can avoid the use of the portal user bw_service by using this option. For more information.

If the RFC destination is also set up on the page for the J2EE engine, you can check the connection with the Connection button.