This configuration guide provides information and hints for setting up the SAP Jam integration within the SAP Solution Manager IT Service Management. With this integration it is possible to collaborate and discuss directly at transaction type level. Joined group and feeds can easily be seen within the Home area of the Business Role. To use this functionality, some prerequisites and customizing activities are necessary.
In this chapter the prerequisites will be covered. The very initial one is that you have a valid license for using SAP Jam. Therefore, a company is needed inside SAP Jam which corresponds to the license. You can find additional information about your company by entering the Admin area within SAP Jam. Navigate to the Branding work center on the left.
In addition, the one, who will set up the integration, needs a valid user inside SAP Jam. In addition, this user needs to have administrative rights to set up SAP Jam activities for the integration.
All users, that wants to work with the integration, needs to have a user within SAP Jam. The users will have to have an e-mail address, which needs to be the same as maintained in the system user on Solution Manager. The e-mail address is the identifier used for the communication between the SAP Jam and the Solution Manager.
2.1 Business Function
The whole integration is an optional configuration. If you would like to use this, ensure to activate business functions with the help of transaction SFW5:
The activation will provide a new path inside the implementation path.
SAP Customizing Implementation Guide → NetWeaver → Application Server → Basis Services → Collaboration → SAP Jam Integration
2.2 Create user in SAP JAM
If you need to create a new user – for testing purpose during the set up e.g. – navigate with the administrative user to the Invite area as shown above.
Enter the e-mail address of the user, you want to invite.
Now the administrator can search for the invited user and edit the profile. The user should be able to log on now.
3 Setting up the Back End
3.1 Define HTTP Service
For the SAP Jam integration, the HTTP needs to be defined at the very beginning. Therefore, the very first activity within the implementation guide can be used.
SAP Customizing Implementation Guide → NetWeaver → Application Server → Basis Services → Collaboration → SAP Jam Integration → Define HTTP Service
Execute the report and do not make changes on the selection screen. Navigate to the client menu bar and select proxy settings.
On the HTTPS protocol tab you will find the default settings that will be used for the HTTPS access.
3.2 Maintain Certificate of Service Provider
Now the back end needs to trust the SAP Jam system. Therefore we will have to retrieve a certificate and enter it in the back end system.
Different certificates are available. As the CA certificate has a longer validity, this one will be considered.
Open the web site www.cubetree.com or use www.integration3.cubetree.com. Enter the internet options within your browser. This web page is referring to the test sap jam server. The web page URL could change from time to time. Last time checked it was https://integration3.sapjam.com. Customers will have to use their real sap jam internet page and they also will have to consider that additional license costs might be needed.
For the Internet Explorer you can use the padlock symbol to view the certificates.
The CA certificate can be found on the Certification Path tab. Select an element on a higher hierarchy and choose View Certificate.
On the second pop-up navigate to Details and select Copy to File.
Make sure, that you copy the file with Base-64 format.
Setting up the SSL-channel
Navigate to the next activity within the implementation guide.
SAP Customizing Implementation Guide → NetWeaver → Application Server → Basis Services → Collaboration → SAP Jam Integration → Retrieve Certificate for RSA-SHA1
Alternatively, use transaction STRUST.
Navigate to the entry SSL-channel (Anonymous). Choose the import button on the bottom. Afterwards select Add to Certificate List. As a result, the certificate will be shown in the certificate list.
Enable SAML 2.0 Identity Provider
For the authentication the SAML (Security Assertion Markup Language) version 2.0 is needed.
When executing the activity, a new web site will be launched. It is possible, that you will have to log on again.
The Identity Provider IDP will be valid to all applications connection to SAP Jam. If SAML 2.0 is not yet configured, follow the guided procedure to enable SAML 2.0 support. The Operation mode is Service Provider.
Later on we will need to assign the certificate as well. Therefore, switch back to transaction STRUST. Navigate now to node SSF SAML2 Service Provider – S and double click on it. Then also double click on the certificate on the very top. Now choose the export button.
Save the certificate to a file (certificate 1).
For this activity we will have to use again the activity for retrieving certificate for RSA-SHA1.
As a default, the RSA-SHA1 is used for encryption.
We will have to create an SSFA instance at the beginning.
Start transaction SSFA and check if an entry exist for CLBOAU. This entry should be available from the standard set up.
If this entry was existing, please switch back again to transaction STRUST. Navigate to the node SSF Collaboration Integration. Double check the settings and ensure that the RSA algorithm is chosen.
The certificate needs to be exported in Base-64 format. The certificate will have to be entered within the SAP Jam later on (certificate 2).
3.3 Setting up SAP Jam
Now we will have to make sure that the SAP Jam communicates with the back end.
SAML Trusted IDPs
Log on to SAP Jam and go again to the administration area.
On the left side navigate to Integrations and click on SAML Trusted IDPs.
On the right side, select the registration button.
Register the IDP that you have created in the back end (via the activity SAML 2.0). Enter the IDP and insert the certificate you have exported (certificate 1).
Now we will need to set up OAuth Client.
Setting up the OAuth Client
Again within the SAP Jam administrative area, navigate to the integration work center and select now OAuth Clients.
On the right side, select Add OAuth Client.
Now give also a name for the OAuth Client. Insert the certificate (certificate 2) that you have exported from the node Collaboration Integration.
After you have saved the settings, you can view the settings again. You will find a key, which you will need later on in the back end customizing.
4 Customizing activities on Solution Manager
Enter transaction CLB_PLATF_DEF and select the entry StreamWork and SAP Jam. Double click on it. Enter the server URL you have received from SAP Jam Product Support.
Now use again the implementation guide:
Choose the entry StreamWork and SAP Jam. Now enter your proxy settings from the very beginning of this guide.
In the node Authentication Method you will find the default settings that should not be changed.
During the next step the key from the OAuth will have to be entered.
Choose the entry SAIL and SAP Jam. Double click on it. Enter the system ID and the key. You can also enter the HTTP time out, if needed.
Now the setup is finished.
When all customizing steps could be done successfully, the feeds of the user can be seen in the Home area in the Business Role. As a prerequisite the Business Role needs to be adjusted. Make sure that the assignment blocks needed are available.
Also within the incident you can now create a group, assign a group and discuss topics within the groups and feeds. Therefore, it can also be needed to adjust the Business Role with the corresponding assignment blocks.
Within transaction SE38 there are several reports that can be used for checking, if the settings are correctly working. E.g.:
With this report you can test, if a feed would be found to the user log on. For executing the report, enter the application ID SAIL.
If entries can be found, the configuration is fine for feeds.
There are more reports that can be found, when searching in SE38 with RSTW_LIBRARY_TEST*.
With report RCLB_CUST_CHECK you can check if the customizing settings have inconsistencies.
4.1 Common issues
HTTP code 407
- Certificate is not added to certification list within transaction STRUST
- Validity of the certificate has reached
No SAML assertion
- IDP in SAP Jam and back end are not named the same
HTTP code 405
- ICM not configured properly, see note 634006
HTTP code 401: account not activated
- The account has just been created or the password maybe expired
HTTP code 401: oAuth authorization failed
- There are problems with the SSFA certificate, you can download it again
Error “E-Mail address ….. does not exist”
- There is no e-mail address maintained in the system user or the e-mail address is wrong
HTTP code 400: Bad request
- Check that HTTPS is really used for the URL