Product versions: BOE XI 3.1 and netweaver 7.x
This article is finished.
This BOpedia page is provided by the RIG team. Don't hesitate to put comments.
Main Contributors : Martha L, Stephane T, Anthony L, Erica L, David F G
With the help of Antonia R, Ferry L , Eliot G
Link to the main SP page Introduction, Chapter A and B : Integration of BOE XI3.1 into the SAP Enterprise Portal 7.x
Chapter C : Create BOEXI3.1 Integration Kit iView Template into SAP EP Portal
Chapter D : Create URL iview into the SAP EP portal
Chapter E : Integrate BOEXI3.1 into a KM Navigation into SAP EP portal
Chapter F : Creating Roles in SAP EP Portal and assigned them to Portal Users
Chapter G : Viewing BOEXi3.1 reports into SAP EP Portal
Scenarios and KM and iView possibilities : Scenarios and KM and iView possibilities
Webinar link and Q and A : Webinar and QA
Appendix : Chapter H, I, J, K, L, M : Appendix of the BOEXI3.1 Integration into the SAP EP
Contents
Chapter : Appendix
Chapter H) Need to have the SAP (EP) and (ABAP) configured for SSO
To be able to use single-sign-on together with the BusinessObjects Enterprise system requires two main settings to be configured on the SAP side:
1)Profile parameters.
2)Trust between SAP Enterprise Portal and SAP BW or SAP R/3.
1) Profile parameters.
Before you can enable ticket based single-sign-on between SAP and BusinessObjects Enterprise, you must set up your SAP system to accept and create logon tickets. This involves setting two related profile parameters on your SAP server:
login/accept_sso2_ticket
login/create_sso2_ticket
Profile parameter | Value | Comment |
|---|---|---|
login/create_sso2_ticket | 1 or 2 | Use the value 1 if the server possesses a public-key certificate signed by the SAP CA. Use the value 2 if the certificate is self-signed. If you are not sure, then use the value 2. |
login/accept_sso2_ticket | 1 | Use the value 1 so that the system will also accept logon tickets. |
These settings require a restart of the SAP system.
To verify the profile parameters
1. Log onto the SAP server.
2. Start the profile maintenance with transaction RZ10 .
3. Select the instance profile for the SAP server.
4. Select Extended maintenance.
5. Click Display
2) Configure trust for the SAP Enterprise Portal
This step involves exporting an SAP Enterprise Portal certificate and importing it to the SAP server (SAP BW or SAP R/3) so that these two systems establish a trusted relationship.
To export the SAP Enterprise Portal certificate
1. Log onto the SAP Enterprise Portal.
2. Navigate to System Administration > System Configuration .
3. Click Keystore Administration .
4. Click Download verify.der File (EP1 in this case)
5. Save the file locally.
6. Unzip the file.
7. Log onto the SAP server (SAP BW or SAP R/3) (BW1 in this case).
8. Start transaction STRUSTSSO2 (Trust Manager).
9. Select the menu Certificate > Import .
10.Enter the path to the unzipped file into File path .
11. Click Enter
12. Click Add to Certificate List .
13. Click Add to ACL .
14. Enter the System ID of the SAP Enterprise Portal server, e.g EP1 in the example above.
15. Enter 000 for the field Client
The Client number must be 000. The Portal server trust will fail with another client number.
16. Click Enter .
Chapter I) Need to have the SAP EP and ABAP and BOE XI3.1 Application Server in the same DNS domain.
The logon ticket issued by EP is stored as a cookie. Each cookie in a browser session has a specified domain. Due to security reasons, browsers only forward to a specific web site cookies which are in the same domain as the web site.
If you have multiple domains are involved SAP Logon Tickets for Multiple Domains
Chapter J) Install a BOE XI3.1 Server
See the official documentation or to the following link.
Chapter K) Install BOE XI3.1 SAP Integration Kit / Java Connector
Detailed steps on how to install SAP Integration Kit can be found here:
BusinessObjects Integration Kit for SAP - Installation and Configuration (prerequisites and Installation sections, page 4-15)
SAP GUI | Java Connector |
|---|---|
|
|
Chapter L) Configure the SAP ABAP system in CMC and import SAP roles
This is the SAP system that will be used to authenticate the users that logon the EP and view BOE reports. For steps on how to configure an entitlement system and import SAP roles to BOE: BusinessObjects Integration Kit for SAP - Installation and Configuration (prerequisites and Installation sections, page 16-24)
Chapter M) Check the BOE XI3.1 InfoView configuration to support single sign-on.
When installing BOE SAP KIT, the installer will modify the parameters of your web.xml/web.config files. However, to verify if InfoView is configured for single sign-on, open InfoView configuration file web.xml (Java InfoView) or web.config (.Net) and make sure the following properties have the values specified below:
Parameter | Value |
|---|---|
authentication.default | secSAPR3 |
siteminder.enabled | false |
sso.enabled | true |
IIS | Tomcat |
|---|---|
web.config is located by default in the following directory: | web.xml is located by default in the following directory: |
Link to some documents
SAP server patch level for BW https://wiki.wdf.sap.corp/wiki/display/globalregions/Technical+prerequisites+%28SAPXIR34501%29
Describes the steps to setup SSO between BW and EP6.0
https://wiki.sdn.sap.com/wiki/display/EP/SSO%20to%20BW%20in%20EP%206.0
BusinessObjects Integration Kit for SAP - Installation and Configuration
Error found
Error 1
If you are getting the below message when trying to log into the portal
"Account information not recognized: No SAP system was passed as part of the user name and there was no default system defined. User credential validation cannot continue. "
To resolve the issue login into the CMC in BO->Authentication->options-> and select a "default system". You need to have at least one default system to log on into the portal.