Skip to end of banner Go to start of banner

How to - SSO to CRM WebUI via SAP GUI for Windows

Skip to end of metadata

Created by Gregor Wolf, last modified by Sigrid Wieshofer on Dec 21, 2020

Go to start of metadata

Business Case

You want to have Single Sign-On to the SAP CRM Web UI without the need of a SAP NetWeaver Java Stack.

Prerequisites

SSO enabled for the SAP GUI for Windows according to SAP Note 352295 - Microsoft Windows Single Sign-On options
Applied Note 1467488 - Start WebClient UI with user credentials of SAP GUI

Solution

Basics

After you've applied the Note 1467488 you should create a new variant following steps below:

1.Run T-code SE38 and input "BSP_WD_APPL_STARTER" in the program field.

2.Click Variants on the page to get in to view "ABAP: Variants-Initial Screen".

3.In Variant field, select a standard variant like "SAP&CRMUI" and Click on "Copy" or press "F8".

4.Input a target Variant name starting with "Z" and confirm copy.

5.Input the new created Variant name and click on "Change".

6.Make sure Single sign-on is checked as below and save this new variant.

Then create a copy of transaction CRM_UI or modify CRM_UI using T-code SE93 to point to the just saved Variant:

Make sure that the Default value "D_SREPOVARI-VARIANT" under "Default Value" part is maintained with the Variant name just created.

Try out the modified or created transaction. You should be taken to the CRM WebUI without the need to provide a password.

Roundup

It's also possible to directly access the WebUI without the need to start SAP logon.

To apply this, you can create a SAP Shortcut File. Start i.e. SE80 and click on the SAP Shortcut Iconand modify the settings according to following screenshot:

If you want to distribute this file to different users or provide it as a link in your intranet you have to edit the textfile and remove the line "Name=USERNAME" and save it.

Further information: KBA 2366776 - SAP CRM WebUI: Transaction WUI_SSO (Single Sign-On) or SM_CRM runs only in Internet Explorer

19 Comments

Carsten Loeffler
Great! It's working well.

But it opens a SAPGUI window and I do not know how to get rid off automatically.

Regards. Carsten
- Permalink
- Oct 06, 2010
Gregor Wolf
Hi Carsten,

you can write a wrapper report around the transaction and put the command:

CALL 'SYST_LOGOFF'.

after the call transaction.

Best regards
Gregor
- Permalink
- Oct 06, 2010
Carsten Loeffler
Hi Gregor,

thanks for the hint. We did so: AND IT's WORKING PERFECT.

Thanks a lot!

Best Regards, Carsten
- Permalink
- Oct 13, 2010
Carsten Loeffler
Hi Gregor,

it's working - but there's another "wish". How to start this automatically with HTTPS (not HTTP)?

Thanks in advance.
- Permalink
- Oct 14, 2010
Gregor Wolf
Hi Carsten,

I've opened an OSS Message requesting this feature. Perhaps you or your customer can do that too. Perhaps we get it into standard.

Best regards
Gregor
- Permalink
- Oct 18, 2010
Unknown User (101uihbsj)
Hi Gregor,

thank you for the description - this works good.

Some of our users are assigned to more than one businessrole. Do you have an idea how to create a shortcut using this single sign on and also including a businessrole?

Thank you

Kind regards

Manfred
- Permalink
- Oct 22, 2010
Gregor Wolf
Hi Manfred,

I've added that request to my OSS Message (Which is still waiting to be processed). But what we also can do is create our own Report which does implement all that features and publish it on SAP CodeExchange.

Regards
Gregor
- Permalink
- Oct 22, 2010
Carsten Loeffler
Hi Gregor,

Good news! Do you already have a note-number for this?

Regards,

Carsten
- Permalink
- Oct 26, 2010
Gregor Wolf
I've posted the SMP Issue with prio low on October 18th 2010 and it isn't even in processing .
- Permalink
- Oct 26, 2010
Carsten Loeffler
Thanks, Gregor ... Then ... we will sit and wait.

I was wondering if there may be another possibilty to do SSO with this CRM_UI_START or CRM_LOGON.

But it seems, that it is not possible to do SSO with this ... right?

Regards,

Carsten
- Permalink
- Oct 26, 2010
Gregor Wolf
I didn't get your point here. SSO is enabled by applying Note 1467488 - Start WebClient UI with user credentials of SAP GUI. If you don't have a Windows based environment another SSO option is the NetWeaver Java Stack where you can enable Kerberos Authentication.

If that does not answer your question please provide more details.
- Permalink
- Oct 27, 2010
Unknown User (wxgfetb)
Hi Gregor,

Thanks for the steps,its really helpful and easy to implement.In my application we are currently launchin CRM through EP(Enterprise portal)

But now we want to launch it directly from WebUI using SSO,which is working fine as per the steps given above,provided I have installed the required client in my sysem i.e. say CRD 200 in my case.But when we take this to live for end users,we cannot install the client seperately for each user..since our application is accessed across the globe by over 10,000 users.

Is there any way to have this server in a centralised location to enable SSO,without asking the enduser community to install the CRM client in their machines...

Regards

Anu
- Permalink
- Nov 21, 2010
Gregor Wolf
Hi Anu,

for such a large user base I think your current solution with the portal is the right way. If you have the problem that the Portal frame is around the CRM UI try the SSO solution described in the BlogSingle Sign On to BSP pages from Duet's Action Pane. Distributing the SAP GUI to all users make only sense if they have to use it also for other SAP Business Suite applications like ERP. But if you have a Citrix Terminal Server that could be also a possible solution.

Best regards
Gregor
- Permalink
- Nov 21, 2010
Unknown User (wxgfetb)
hi gregor,

thanks for your response,I have a doubt related to removing the SAPGUI window.Though the window doesnt launch anymore..is there any way to remove the SAPLOGON PAD that is also launching auotmatically along with the UI.

Also how do I create a link from this shortcut file to be used as a link to intranet

Regards

Anu
- Permalink
- Nov 24, 2010
Gregor Wolf
Hi Charsten,

regarding your question if HTTPS (SSL) can also be an option I've made a strange observation. First I've set the HTTPS Option for the default.htm page of BSP Application crm_ui_start. That caused the CRM Web UI to use SSL only. But I've traced the network and discovered that regardless of this setting the /sap/public/myssocntl Service was still accessed using HTTP. In the report BSP_WD_APPL_STARTER the SSO option calls the method ENABLE_SAPSSO of class CL_GUI_HTML_VIEWER. I've set a breakpoint at the call of cl_http_server=>get_location but when I did a single step debugging into this call I was forwarded to the function module TH_GET_VIRT_HOST_DATA. I would like to ask if you also face this behaviour.

Best regards
Gregor
- Permalink
- Dec 10, 2010
Florian Lusch
Hello Gregor,

works fine so far, thanks for this solution!
One question: if i lunch the WebUI with the report BSP_WD_APPL_STARTER, the url used is "http://srv123.x.y.com/..." (which is the real server name).
We defined a DNS alias "sapcrt", which is also set in the parameter icm/host_name_full = sapcrt.x.y.com.

How can i teach BSP_WD_APPL_STARTER to use the host of icm/host_name_full?

Best regards
Florian
- Permalink
- May 05, 2011
Former Member
Thanks. Working perfect.
- Permalink
- Jan 02, 2014
Former Member
Hi all,
is there any update regarding starting the CRM Web UI over https using report BSP_WD_APPL_STARTER? I could not find anything...
Best regards,
Markus
- Permalink
- Sep 26, 2014
Juan-Carlos Garcia-Garavito
For the Solution manager users, please use transaction SM_CRM, instead of CRM_UI. That one has the solution above already in place.
- Permalink
- Sep 29, 2014

Page tree