How-to Guide SAP NetWeaver 2004s How To configure an anonymous access to KM Version 1.00 February 2006 Applicable Releases: SAP NetWeaver 2004s
Copyright 2006 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iseries, pseries, xseries, zseries, z/os, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, and Informix are trademarks or registered trademarks of IBM Corporation in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden. SAP, R/3, mysap, mysap.com, xapps, xapp, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. These materials are provided as is without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP shall not be liable for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. SAP does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third party web pages nor provide any warranty whatsoever relating to third party web pages. SAP NetWeaver How-to Guides are intended to simplify the product implementation. While specific product features and procedures typically are explained in a practical business context, it is not implied that those features and procedures are the only approach in solving a specific business problem using SAP NetWeaver. Should you wish to receive additional information, clarification or support, please refer to SAP Consulting. Any software coding and/or code lines / strings ( Code ) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent.
1 (Business) Scenario There is content within your portal which you want to publish. This content should be accessible for everyone but no explicit authentication should be required. This use case is also known as anonymous login scenario. Within your portal you want to define a role which should be used for non named users. In this scenario it is described how to provide information to anonymous users. 2 Introduction This guide describes the creation of a role for anonymous access which contains a KM example. For additional information concerning the creation of PCD Content please refer to www.help.sap.com. KM Documents KM Basic Search KM Navigation Figure01: Entry-Site for Anonymous with 3 different KM iviews. Be aware that in this scenario the following URL is used for an anonymous access: http://server:port/irj/portal/anonymous Also refer to note 837898 for further information and setup concerning the anonymous access. - 1 -
3 The Step By Step Solution This chapter describes step by step the necessary actions which have to be followed to enable an anonymous access to KM Content. It starts with defining content within a public role and checking the results. As prerequisite the following configuration was set up reflecting to note 837898 The definition of KM short URL s in the URL Generator service of KM (this is default setting for NW2004s) Change the authentication scheme for the URL Access iviews (Document, Basic Search, Details, Highlighted Content) to anonymous. For the configuration which are described here, please be sure you are logged on with an administrator-role (super-admin-role) with sufficient permissions in the portal. Within the next seven steps we will define the content in the anonymous role. This content is based on a example. We will create a KM Navigation iview, a page and assign that content to a role. 3.1 Defining Content to an Anonymous Role 1. iview - Creation Open Content Administration Portal Content Choose your custom folder (or create a new one) where you can store your created content Right-click on this folder and choose New iview iviewtemplate Choose KM Navigation iview 2. Provide the necessary information for iview-name, ID, prefix, language and description and choose Next and then Finish Open the iview for editing afterwards In the dropdown box Property Category please select Show All - 2 -
3. Maintain the following properties: Authentication Scheme to anonymous Path to Initially Displayed Folder: customerpath. (e.g. /documents/public Documents/External_Documents Path to Root Folder for Navigation: customerpath Save your changes 4. Create a page within your custom folder Right-click on this folder and choose New Page Provide the necessary information for Page-Name, ID, prefix, language and description and choose Next and then Finish Open the Page for editing afterwards 5. In the dropdown-box Property Category please select Show All Change the property Authentication Scheme to anonymous Create a delta-link to your iview Save your page 6. Create a role within your custom folder Right-click on this folder and choose New Role Provide the necessary information for Role-Name, ID, prefix, language and description and choose Next and then Finish Open the Role for editing afterwards - 3 -
Add Page to Role Delta Link Change the Parameter Entry Point to yes - 4 -
3.2 Assigning the created role to Anonymous Group We will now assign the anonymous role to our anonymous group. 7. Role - Assignment Open User Administration Identity Management Search for the user group Anonymous Users, mark it and choose modify in the Details View Go to tab Assigned Roles and add your created role to the Anonymous Users - group 3.3 Testing the Anonymous Access Open a browser window, enter the anonymous URL and verify that the changes take effect. Figure02: Result page for Anonymous 3.4 Additional Information Here you find additional considerations about this scenario. The anonymous group should be treated as a normal user group within the portal. These examples give you an idea which considerations you have to perform to enable also a secure anonymous access. - 5 -
Permission Settings within the KM (ACL, Service ACL) Please note that you have to treat the anonymous user group like a normal user group. This means that your permissions have to be set up correctly if some information is restricted from being used from the anonymous users. Keep in mind that this group is also included to the Everyone group. In our example, we provide the Anonymous Group with read - permissions only Also notice that during a searchrequest also the ACLs are checked! Figure03: Permissions for the Anonymous Group (in Public Documents) Figure04: Group Everyone and Service Permissions Commands for Anonymous Group You have to consider about the services you will provide to the anonymous -group. Although the group has only read permissions to a certain folder, the group is allowed to perform several actions. Therefore please refer to note 837898 to find detailed information! Figure05: Hover Menu enabled (without configuration of the Layout Set) Hint: In our example, we created a new Layout Set and we removed the hover-menu from being displayed, so that the anonymous group does not see any commands. Figure06: Hover Menu disabled (Layout Set modified) - 6 -
Search and Search-Result-List To restrict the Anonymous Group to search in an extended way, we have to exclude some search options. (e.g. restrict the group to a certain index or remove the Advanced Options ) This can be done within the Search Option Set. The Rendering Information of the Search Result List can be maintained within a Layout Set. Both sets will be assigned to the basicsearch iview. Figure07: Basicsearch-iView with modified Search Option Set and Layout Set - 7 -
www.sdn.sap.com/irj/sdn/howtoguides