Summary This paper outlines the process of configuring Signal Sign On between SAP xmii 11.5 and Enterprise Portal running on the Java Stack. This document explains a basic example that may not apply to all circumstances Author Bio Jamie Cawley has worked for Lighthammer Software since September 2004 supporting and doing application development for the Lighthammer CMS product. Since the SAP acquisition of Lighthammer in July 2005 Jamie has become a Sr. Support Consultant for SAP xmii. He is also involved in the testing and development of several of the composite applications being developed with the xmii product 2006 SAP AG 1
Table of Contents Prerequisites... 3 Setting up the trust between xmii and Enterprise Portal... 3 Creating an XML user in xmii... 5 Granting users access to Data Servers... 6 Creating a page in xmii... 7 Setting up a page in Enterprise Portal... 8 Creating a Folder... 8 Creating a Role... 8 Creating an iview... 9 Creating a Page... 10 Adding the content to the Role... 10 Creating a user in UME... 12 Testing the configuration... 13 Copyright... 14 2006 SAP AG 2
Prerequisites Make sure the server s times are synced up. If the issuing server s time is ahead of the receiving server the ticket will not be valid. Make sure that the Security Server of xmii exists in the same domain as Enterprise portal and is using the same naming structure. The logon ticket cannot be used for authentication to servers outside of the domain. Does work: Security Server: http://computername.com/lhsecurity Enterprise Portal: http:// computername.com:53000/irj/portal Does not work: Security Server: http://computername/lhsecurity Enterprise Portal: http:// computername.com:53000/irj/portal Make sure cookies are allowed on the client machines. Do not use user names that are greater than 12 characters. Please see note 954963 to resolve this issue. Make sure users have the same user ID in both systems they are using. Passwords do not have to be the same in all systems. If you are using LDAP or another user configuration you should not need to create a user if both xmii and UME are connected to the same user configuration Only irpt pages may work due to the proxy filtering settings in xmii. Please see note 930312 to resolve. Setting up the trust between xmii and Enterprise Portal Security Manager must be set up to trust each of the SAP Enterprise Portal (EP) servers for which you wish to provide single sign-on capabilities. Set up the relationship by importing each of the server s certificates into Security Manager's keystore. Log into Enterprise portal using http://<computer name>:53000/irj/portal Select the System Administration tab and then select System Configuration. Under Detailed Navigation select Keystore Administration. Verify that SAPLogonTicketKeypair-cert is selected and then select Download verify.der File 2006 SAP AG 3
Save the verify.der.zip file to the xmii server. Unzip the file to the desired location. Open the xmii Security Manager on the server using the URL http://localhost/lhsecurity/admin Navigate to Configuration Certificates. Under Import Certificate click browse and navigate to where the der file was saved. Provide an alias and click on Import Alias 2006 SAP AG 4
Creating an XML user in xmii Open the Security Manager and login with an administrator account using http://<computer name>/lhsecurity Navigate to User Management Users Click Add and enter epuser1 as the username and click OK. Activate the user and provide a password. Add the user to the everyone role and any other roles that the user will need. Provide any attributes that are necessary and click Save Changes to User when complete. 2006 SAP AG 5
Granting users access to Data Servers. The user epuser1 will also need access to the Data Server Simulator. Log into xmii using an admin user http://<computer name>/lighthammer Choose Security Services and Data Access Under Available Servers choose Simulator and add the Everyone role or any role epuser1 exists in. Click Save when complete. If the Simulator server is not enabled choose Data Services and Data Servers. Uncheck Show Only Enabled Servers and choose Simulator. Click Enabled and Save. 2006 SAP AG 6
Creating a page in xmii If you haven t created any xmii content yet copy the following text and save it as curcyltemps.irpt in \inetpub\wwwroot. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <META http-equiv="content-type" content="text/html; charset=windows-1252"> <META http-equiv="expires" content="0"> <META http-equiv="cache-control" content="no-cache"> <META http-equiv="pragma" content="no-cache"> <TITLE></TITLE> </HEAD> <BODY> <APPLET NAME="MyApplet" WIDTH="540" HEIGHT="400" CODE="iChart" CODEBASE="/Illuminator/Classes" ARCHIVE="illum8.zip" MAYSCRIPT> <PARAM NAME="QueryTemplate" VALUE="Defaults/TagQuery"> <PARAM NAME="DisplayTemplate" VALUE="Defaults/defaultCurrentChart"> <PARAM NAME="Server" VALUE="Simulator"> <PARAM NAME="Mode" VALUE="Current"> <PARAM NAME="TagName.1" VALUE="CylTemp1"> <PARAM NAME="TagName.2" VALUE="CylTemp2"> </BODY> </HTML> Login and verify that the user epuser1 can access the page using http://<computer name>/curcyltemps.irpt 2006 SAP AG 7
If any issues occur check the role permissions. Setting up a page in Enterprise Portal Log into EP with an Administrator account using http://< computer name>:53000/irj/portal Creating a Folder Verify that Content Administration Portal Content is selected. On the left hand pane expand Portal Content and then right click on Portal Content and select New Folder. Provide xmiicontent for the Folder Name and Folder ID and provide a Folder ID Prefix according to the example. Click Finish. Verify that Close the wizard is selected and click OK. Creating a Role Right click on the xmiicontent folder choose New Role Provide xmiicontentrole for the Role Name and Role ID and provide a Role ID Prefix according to the example. Click Next and Finished. Select Close the wizard and click OK. 2006 SAP AG 8
Creating an iview Right click on the xmiicontent folder choose New iview. Verify that iview template - create an iview from an existing iview template is selected and click Next. Choose URL iview as the Template and click Next. Provide Current Temps for the iview Name and iview ID and provide a iview ID Prefix according to the example and click Next. Enter http://<computer name>/curcyltemps.irpt for the URL and click Next. Verify that Open for editing when wizard completes is selected and select Finish. Select Property Category to Appearance Size and change Height Type to FULL_PAGE. Click Save when complete. 2006 SAP AG 9
Creating a Page Right click on the xmiicontent folder choose New Page Provide Cylinder Temps for the Page Name, CylTemps for the Page ID and provide a Page ID Prefix according to the example. Click Next, verify that Default Page Template is selected and click Next. Choose 1 Column (Full Width) as the Selected Layout and then click Next and Finish. Verify that Open the object for editing is selected and click OK. Right click on the Current Temps iview and select Add iview to Page Delta Link A Delta Link links to the original iview so any changes that are made to the iview will be displayed on the Page. If Copy was used the iview would need to be changed in Page. Click Save and then Close when complete. Adding the content to the Role Double Click on xmiicontentrole to open. Right click on the Cylinder Temps Page and select Add Page to Role Delta Link 2006 SAP AG 10
Change Property Category to Navigation. Change the property Entry Point to yes and click save. 2006 SAP AG 11
Creating a user in UME Open UME and login with an administrator account using http://<computer name>:53000/useradmin Click Create User Provide epuser1 for the Login ID and define a password. The password does not need to be the same as the one defined in xmii. SSO only passes usernames. Provide a last name and any other fields that are necessary. Click on Assigned Roles and assign the necessary roles for the user to log into the portal. The user will need to be assigned to the xmiicontentrole role. Click Save when finished. 2006 SAP AG 12
Testing the configuration Now attempt to log into the portal with epuser1 http://<computer name>:53000/irj/portal Your page should look something like. 2006 SAP AG 13
Copyright Copyright 2006 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iseries, pseries, xseries, zseries, z/os, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/os, POWER, POWER5, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden. SAP, R/3, mysap, mysap.com, xapps, xapp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. These materials are provided as is without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP shall not be liable for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. SAP does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third party web pages nor provide any warranty whatsoever relating to third party web pages. Any software coding and/or code lines/strings ( Code ) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent. 2006 SAP AG 14