05 PortalConfiguration PDF

SAP AG 1
SAP AG 2005
SRM 6.0
Por t al Conf i gur at i on
SAP AG 2
SAP AG 2006
Obj ec t i ves
Contents
Portal Setup for mySAP SRM
Objectives
At the end of this chapter, you will be able to:
Download and install SRM Business Packages using JSPM
Configure User Management and Create Users
Setup connections to different SRM components
Understand how to configure Single Sign-On (SSO)
Configure Universal Work List (UWL)
SAP AG 3
SAP AG 2005
SRM Business Packages
Portal User Management
Portal Connections
Catalog Integration into Portal
Portal SSO Configuration
Portal UWL Configuration
JSPM Introduction
SAP AG 4
SAP AG 2006
Busi ness Pac k age f or mySAP SRM 6.0 - Of f er i ngs
The business package for mySAP SRM 6.0 offers
Predefined portal content and roles for SRM-related business processes
Predefined integration with SAP applications and single sign-on to these applications.
A solution for portal user administration when various backend systems are deployed
Ongoing development of additional features with a predefined, reliable release schedule
A fully tested business package
SAP Consulting and customer support
Comprehensive SAP documentation within SAP Solution Manager
The business package includes different roles for specialists in the
procurement process like
Strategic purchaser
Operational Purchaser
Purchasing assistant
Purchasing Manager etc.
SAP AG 5
SAP AG 2006
Wher e t o f i nd SRM Busi ness Pac k ages
choose the sub-component, for example
BP SRM 6.0, and then OS-independent
and download it
6
There are two options for downloading EP Business Packages:
1) From the SAP Software Distribution Center (SWDC)
2) From the SAP Developer Network (SDN)
The preferred option is the SWDC, here is a description:
choose Entry by Component, and Portal Content
5
choose SAP SRM (with SAP EBP), and then SAP SRM 6.0
4
choose Entry by Application Group, then Application Components
3
choose Download, then Support Packages and Patches
2
Logon to the Support Portal: http://service.sap.com/swdc
1
Download the Business Package for SAP SRM 6.0 from SAP Software Distribution Center:
http://service.sap.com/swdc Download Support Packages and Patches Entry by Application
Group SAP Application Components SAP SRM (WITH SAP EBP) SAP SRM 6.0 Entry by
Component Portal Content BP SRM 6.0.
Business Packages are provided as .SCA (Software Component Archive Files)
SCA Files were originally designed for get installed by the SAP Software Delivery Manager (SDM) tool.
As of NetWeaver2004s, SAP provides the JAVA Support Package Manager (JSPM).
The JSPM is used the SDM as underlying tool. The JSPM is now the recommended tool to apply SCA
files.
Similiar to the ABAP Support Package Manager (SPAM), the JSPM uses per default the
\usr\sap\trans\EPS\in as input directory.
For more information, see SAP Note 731386 (refers to JSPM), which applies to business packages on SAP
Enterprise Portal (EP) 7.0.
SAP AG 6
SAP AG 2006
Choose SAP NetWeaver
BP-ERP Busi ness Pac k ages i n SDN
The 2nd option is You can also download the ESS business packages from
the SAP Developer Network. You find it under http://sdn.sap.com
Choose Portal
Choose Portal Content Portfolio
2
3
4
Choose Quick Link List of Packages and download
Business Package for SRM 6.0
5
Logon to the SAP Developer Network: http://sdn.sap.com
1
However, it is recomended to use the SAP Service Marketplace for downloads. The reason why we
introduce the SDN here is that you have access to the BP documentation via a link in the SDN. Please see
the next slide for further details.
Instead of navigating through the SDN, you can jump directly to the Portal Content Portfolio with the
following URL:
https://www.sdn.sap.com/irj/sdn/developerareas/contentportfolio
SAP AG 7
SAP AG 2005
Portal Connections
JSPM Introduction
SAP AG 8
SAP AG 2006
J SPM I nt r oduc t i on (1)
New NetWeaver 2004s Tool: Java Support Package Manager (JSPM)
Most important JSPM features:
Displays support package level information
Checks dependencies between versions of software components
Checks whether a new software component version may correctly
upgrade an existing software component version
Checks deployment dependencies between development
components
JSPM is automatically deployed as part of every AS-JAVA usage type
(as of NetWeaver 2004s)
JSPM uses the former SAP deployment tool SDM (Software Delivery
Manager) as underlying layer
As of SAP NetWeaver Release 2004s, you can use the Java Support Package Manager (JSPM) to apply
support packages to the deployed software components. You can also deploy new software components
that are not part of an SAP usage type, to which you can then apply support packages.
All JSPM features:
Shares a common GUI with SAPinst and SAPJup
Automatically detects and offers you only components that can upgrade deployed components
Shows only necessary information and additional details at your request
Shows log files in an integrated Log Viewer
Deployed Component Overview
- Displays support package level information
Support Package Level Administration
- Allows the definition of dependencies between versions of software components
- Checks whether a new software component version may correctly upgrade an existing software
component version
Development Component Level Administration
- Checks deployment dependencies between development components
SAP AG 9
SAP AG 2006
J SPM I nt r oduc t i on (2)
New NetWeaver 2004s Tool: Java Support Package Manager (JSPM)
Most important JSPM features (continued):
Allows you to
apply
Allows you to update kernel binaries and the SDM itself
Allows you to restart the deployment of support packages
Informs you if restarting of the J2EE Engine is necessary during the
deployment process
a support
package stack
single support
packages
new software
components that
are not part of
an SAP usage
type
All JSPM features (continued):
Update of Kernel Binaries and Software Deployment Manager (SDM)
- Allows you to update kernel binaries
- Allows you to update SDM
Deployment
- Allows you to apply a support package stack
- Allows you to apply single support packages
- Allows you to deploy new software components that are not part of an SAP usage type
- Informs you if restarting of the J2EE Engine is necessary during the deployment process
- Logs the deployment processAllows you to restart the deployment of support packages
SAP AG 10
SAP AG 2006
J SPM - St ar t up and Logon
Execute go.bat in the <instance>\j2ee\JSPM directory to launch JSPM
Enter SDM Administrator password, so that JSPM can connect to SDM
In the file system, go to the <Drive>:\usr\sap\<SAPSID>\<Central_Instance_Name>\j2ee\JSPM directory.
Depending on the system, the name of the central instance has the following syntax:
For a standalone system JC<xx>
For an add-in system DVEBMGS<xx>, where xx is the number of the central instance.
Run the go script file to start JSPM.
Enter your password for the SDM and choose Log On.
If you enter an incorrect password three times in a row, the SDMserver will be stopped. You must start it
and log on to the JSPM again.
JSPM connects to the SDM server to deploy support packages and software components. The SDM server
performs additional validation of the support packages and software components for deployment.
A software component archive (SCA), Java archive (JAR) or SAP archive (SAR) can be deployed by the
JSPM.
Before the deployment of a software component, the SDM server performs additional version checks.
Only new software components that have a higher counter than the counter of the old software
components can be deployed. For more information, see SAP Note 621928.
SAP AG 11
SAP AG 2006
J SPM Depl oyment Opt i ons
Choose Deployment, and then New Software Components to
apply new Java components to an existing system
JSPM
Allows you to apply a support package stack
Allows you to apply single support packages
Allows you to deploy new software components that are not part of an SAP usage type
Informs you if restarting of the J2EE Engine is necessary during the deployment process
Logs the deployment processAllows you to restart the deployment of support packages
SAP AG 12
SAP AG 2006
J SPM Depl oy new Sof t w ar e Component s
Launch JSPM an log on to JSPM
If you apply SRM business packages to an existing landscape, one of your
tasks will be to deploy a new software component to your Enterprise
Portal System.
In this example, we assume that you want to install:
BPSRM01_0.SCA (contains the SRM Package for the Enterprise Portal)
The JSPM procedure is:
Choose Deployment, and then New Software Components
Choose all .SCA files which you want to install from the
\usr\sap\trans\EPS\in directory. In our example it will be:
BPSRM01_0.SCA
1
2
3
Choose and dowload
Business Package for Employee Self-Service (mySAP ERP) 1.0
4
JSPM builds a queue with the correct deployment order and performs a status check
Choose Deployed Components to check if the SCAs were really applied
5
JSPM builds (similar to the ABAP transaction SPAM) a deployment queue and checks dependencies
within the queue
After the installation, use JSPM to check if the desired .SCA files were applied successfully.
SAP AG 13
SAP AG 2005
Portal Connections
JSPM Introduction
SAP AG 14
SAP AG 2006
Por t al WebDynpr o Aut hent i c at i on
AS-JAVA
Enterprise Portal
SAP SRM Server (AS-ABAP)
Certificate
User: ABC
User: ABC
Important facts:
Identical user name in all systems
Local assignment to roles/
authentications
WebDynpro Application
BP-SRM
The user name (Example user: ABC) must be identical in the AS-ABAP and the AS-JAVA. However, in
each system (AS-ABAP and AS-JAVA) you have to assign individual roles and authentications locally.
The WebDynpro Application connections can be configured with:
Explicit logon with user/password
- username AND password must be kept identical in both systems
Logon ticket
- Password not used in SAP LogonTicket-based communication
Certificate (X.509)
- certificates must be generated in both system
- ensure that all certificates have the same expiration date
SAP AG 15
SAP AG 2006
Por t al WebDynpr o User Management - Over vi ew
AS-JAVA
AS-JAVA
Enterprise Portal
System Landscape Directory
SAP SRM Server (AS-ABAP)
JCO
RFC LogonTicket
The WebDynpro Server connects to the
SLD via an HTTP connection,
with user Administrator, or an SLD
user which belongs to group
SAP_SLD_ADMINISTRATORS
The WebDynpro Server connects to the
SLD via an HTTP connection,
with user Administrator, or an SLD
user which belongs to group
SAP_SLD_ADMINISTRATORS
User Administrator
SU01: User ABC
UME:
UME:
User ABC
WebDynpro Application
BP-SRM
UME:
The system uses the administration user for the J2EE server with which you are logged on to check the
authorizations. If this user does not exist in the SAP SRM system, the system issues the following error
message when you check the connection:
com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: Unable to check the issuer
of the SSO ticket.
SAP AG 16
SAP AG 2006
Conf i gur e User Management
The users created for the business package must have
a business partner
central person
organization unit relationship
assigned within the EBP system.
In addition to its own user store, the portal can be configured
against the SRM Server systems user management, LDAP, or EBP
Central User Management Administration (CUA) ABAP client.
There are a number of potential scenarios for user management:
Use Database only as Data Source
Use LDAP Directory as Data Source
Use Application Server ABAP as Data Source
SAP AG 17
SAP AG 2006
Logon to the Portal as Adminstrator user and choose System
Administration -> System Configuration -> UME Configuration
or call directly http://<portal-host>:<port>/useradmin
UME Dat a Sour c es
Select ABAP System as Data Source
Please Note:
ABAP System is the default Setting in Double-Stack-Installations
(for example, XI Systems)
Database is the default Setting in Single-Stack-Installations
(for example, Portal Systems)
Select ABAP System as Data Source
Please Note:
ABAP System is the default Setting in Double-Stack-Installations
(for example, XI Systems)
Database is the default Setting in Single-Stack-Installations
(for example, Portal Systems)
Several, so-called Data Source Configuration Files are offered:
dataSourceConfiguration_r3_roles_db.xml
- Create, read, and modify users in the AS ABAP system.
- You view ABAP roles as groups, but cannot modify them. You can create groups in the local AS
Java database only.
dataSourceConfiguration_r3.xml
- The UME reads users from the AS ABAP system. You can only create and modify new users in the
local AS Java database.
- You can create, read, and modify groups in the local AS Java database only.
dataSourceConfiguration_r3_rw.xml
- Create, read, and modify users in the AS ABAP system.
- You can create, read, and modify groups in the local AS Java database only.
The file dataSourceConfiguration_r3_roles_db.xml is functionally equivalent to
dataSourceConfiguration_abap.mxl. The file dataSourceConfiguration_r3_roles_db.xml exists for upgrade
compatibility only.
For information about when to change your configuration file, see SAP Note 718383.
For more information about dataSourceConfiguration_abap.xml, see User Management of Application
Server ABAP as Data Source.
SAP AG 18
SAP AG 2006
User Management of ABAP Syst em as Dat a Sour c e
If ABAP System is selected as Data Source:
an ABAP user SAPJSF with role
SAP_BC_JSF_COMMUNICATION_RO must exist
Users of the ABAP system are visible as users in the
UME and can log on with their passwords from the
ABAP system
Roles of the ABAP system appear as groups in the UME
The hierarchy between collective roles and single roles is
realized as nested group structures
New groups created with the AS Java are created in the
database of the AS Java
If ABAP System is selected as Data Source:
an ABAP user SAPJSF with role
SAP_BC_JSF_COMMUNICATION_RO must exist
Users of the ABAP system are visible as users in the
UME and can log on with their passwords from the
ABAP system
Roles of the ABAP system appear as groups in the UME
The hierarchy between collective roles and single roles is
realized as nested group structures
New groups created with the AS Java are created in the
database of the AS Java
The User Management Engine (UME) can use an SAP NetWeaver Application Server (AS) ABAP as its
data source for user management data. This enables for the following:
Users of the ABAP system are visible as users in the UME and can log on with their passwords from
the ABAP system.
Roles of the ABAP system appear as groups in the UME. The hierarchy between collective roles and
single roles is realized as nested group structures. New groups created with the AS Java are created in
the database of the AS Java.
Different interpretations of the contains in relationship between ABAP systems and the UME results in a
reversal of the visual arrangement of groups. A group representing a collective role is a child element of
the group representing a single role. In the ABAP system, the single roles appear as child elements of
collective roles.
User and role assignments in the ABAP system appear as user and group assignments in the UME. You
can use the ABAP roles for authorization management in the UME, by adding the groups representing the
ABAP roles to the UME roles.
When you use an AS ABAP as the data source for user management data, the following constraints apply
when using the tools of the AS Java:
Password Administration
- Due to the security policy of the AS ABAP, users can change their passwords only once per day. This
is true, even if an administrator resets the users password. However, if the administrator provides a
new password, the user can and must change his or her password the next time he or she logs on.
SAP AG 19
Read-Only and Read-Write Access to the ABAP User Management
- The file dataSourceConfiguration_abap.xml grants the UME read-write access to the AS ABAP by
default. Write access to the AS ABAP system fails if one of the following is true for the system user
communication between the UME and the AS ABAP (default name SAPJSF):
- The user has no ABAP role
- The user is assigned to an ABAP role with read-only access
When the AS Java starts, the UME checks the roles assigned to the system user and if it finds no roles or
only the role SAP_BC_JSF_COMMUNICATION_RO, the UME switches to read-only access for users
located in the ABAP system.
If the UME has read-only access, you cannot modify user attributes stored in the ABAP system, like first
name, and last name. You can modify attributes stored in the UME database, like street. Even if read-only
access is assigned, users can still change their own passwords.
If the UME has read-write access, you can create users using the AS Java tools. They are stored as users in
the AS ABAP. Extended user data that cannot be stored in the standard AS ABAP user record is stored in
the database of the UME.
To enable read-write access to the system user, assign the system user the ABAP role
SAP_BC_JSF_COMMUNICATION.
You can activate the self-registration and maintain-own-profile functions provided by the UME. In this
way users can change their e-mail address, which they cannot change using the tools provided in the
ABAP system
SAP AG 20
SAP AG 2006
User Mappi ng
Please Note:
In Identity Management you dont need a user mapping if you have identical user
names in the portal and the backend system
On the other hand, you need user mapping if you DONT have identical user
In the Portal Alias, you can select EITHER user mapping OR normal sap logon
You cannot mix both methods within a Portal Alias
Please Note:
In Identity Management you dont need a user mapping if you have identical user
On the other hand, you need user mapping if you DONT have identical user
In the Portal Alias, you can select EITHER user mapping OR normal sap logon
You cannot mix both methods within a Portal Alias
SAP AG 21
SAP AG 2006
Cr eat i ng User s
Users need to be created for the business package. You can create users
manually in the portal; alternatively, purchasers can create their own
portal users through the process of self-registraton in SRM Server.
Log on to the SAP Enterprise Portal with the SRM Administrator user.
In the SRM Administration workset, navigate as follows:
Enterprise Buyer Manage User Data
Click the Create Users button
Complete the information in the Enter User Data form that appears on the far
right side of the screen
Save
User Creation by Purchasers via Self Registration
Execute the following URL in a browser:
http://<SRMhost>:<port>/<ITS Path>/bbpat03/!
This will start an internal workflow that needs to be approved by a
manager.
The SRM Manager of the backend system ensures that the user, business
partner, and central person in the organizational structure are associated
correctly.
Now, users can log on to the portal with their SRM user data password.
SAP AG 22
SAP AG 2006
SRM Rol es - Por t al
The portal provides standard roles for SRM applications
1
3
2
Besides the SRM roles, a user should have the roles eu_core_role, eu_role and Everyone assigned.
SAP AG 23
SAP AG 2006
Assi gni ng Busi ness Pac k age Rol es t o User s i n SAP EP
Users in the SAP Enterprise Portal must be assigned the appropriate roles within the
portal for access to the content of the Business Package for SRM 6.0.
Logon to the SAP EP as a portal administrator.
Assign a BP role to each portal user according to the users business responsibility
For information on how to assign business package roles to portal users, see the documentation on
Assigning Roles to Users and Groups on the SAP Help Portal.
In the portal choose User Administration -> Identity Management
Enter Role, All Data Sources and *srm* as search critera and press GO
Double-click on a role, for example Strategic Purchaser to display the role details
In the Details, choose Assigned Users
Enter All Data Sources and * as search critera and press GO
SAP AG 24
SAP AG 2006
SRM Gr oups - Por t al
The portal provides standard groups for SRM applications
1
3
2
Instead of assigning roles directly, you can also assign roles to a group and assign the groups to the users.
SAP AG 25
SAP AG 2006
Assi gni ng Bac k end Syst em Rol es t o User s i n t he Bac k end
Syst em
You need to assign
roles to existing users
in the backend
systems that
correspond to their
portal role
assignments.
In each backend
system, use
transaction SU01 to
assign users to
backend system roles.
SAP AG 26
SAP AG 2005
Portal Connections
JSPM Introduction
SAP AG 27
SAP AG 2006
Syst ems and Syst em Al i ases
To use the Business Package for SRM 6.0, you must create a system that
points to the SAP SRM 6.0 server.
You must assign the alias SAP_SRMto the system you create.
For the Business Intelligence (BI) Reports to be displayed, you must create
an additional system that points to a SAP BI system, You must assign the
alias SAP_BWto the BI system you create.
This following slides outline how to configure the following:
Creating System Objects
Configuring System Objects for Backend Systems
Creating and Adding a Backend System Alias
SAP BW 7.0
BI_CONT 7.0.3
Basis plug-in
mySAP
SRM 6.0
server
WD
EBP
SAP R/3 back-end
system
SAP R/3 plug-in
FI/CO
Portal layer
Business package
for mySAP SRM 6.0
http(s)
Portal core
SAP AG 28
SAP AG 2006
Connec t i on Al i as t o SRM Syst em
Logon as Portal Administrator and choose
System Administration -> System Configuration
Browse the content tree for system objects,
for example choose Content Provided by SAP -> Systems
Logon as Portal Administrator and choose
System Administration -> System Configuration
Browse the content tree for system objects,
for example choose Content Provided by SAP -> Systems
This procedure outlines how to add a system alias for each system object.
You are logged on the SAP EP as a portal administrator.
You have created system objects.
You have configured system objects for corresponding external backend systems.
Use the alias name that corresponds to each backend system as indicated in the graphics
From the System Administration workset, navigate as follows:
System Administration System Configuration System Landscape and select your previously-
created system object
Choose Open System Aliases.
Enter an alias from the table below and choose Add.
Save your entry.
SAP AG 29
SAP AG 2006
Connec t i on t o AS-ABAP (i n SRM Syst em)
Enter the hostname and port number
of the ICM, which is running in the
WebAS of your SRM Server
WebAS of your SRM Server
Create a system object for each backend system you decide to integrate with the Business Package for SRM 6.0.
You must log on to the Portal as System Administrator.
Identify if your system landscape includes SAP System with Load Balancing or a Dedicated Application Server for
R/3.
The decision to choose either SAP System with Load Balancing or a Dedicated Application Server for R/3 was
made when your backend systems were implemented.
We recommend SAP System with Load Balancing
Create the system objects. To do this, go to the SRM Portal Administration workset, navigate to the System
Landscape iView as follows:
System Administration System Configuration System Landscape and select the desired location where
you want to create the system objects, for example, you might create a folder called Systems.
Using the context menu (right-click), select New System (from template).
Depending on your system landscape, select one of the following:
- SAP System with Load Balancing or Dedicated Application Server for R/3 System
Choose Next.
Enter at least the values in the following fields:
- System Name
- System ID
- Choose Next.
- Choose Finish.
If you want to create a connection to a BSP, ITS, or BW BEx Analyzer, you must fill in additional fields, like
WebAS Path, WebAS Protocol.
SAP AG 30
SAP AG 2006
Connec t i on t o I TS (i n SRM Syst em)
Enter the hostname and port number of the
integrated ITS, which is running in the WebAS of
your SRM Server.
Also, enter /sap/bc/gui/sap/its/webgui as ITS path
This path can be found in the Service Tree of
transaction SICF.
your SRM Server.
transaction SICF.
Enter the Host Name always in the form: <server>.<domain>:<port>
R/3.
Choose Next.
- System Name
- System ID
- Choose Next.
- Choose Finish.
SAP AG 31
SAP AG 2006
Connec t i on Al i as t o SUS (i n SRM-SUS Syst em)
Save your entry.
SAP AG 32
SAP AG 2006
Connec t i on t o SUS (AS-ABAP i n SRM Syst em)
WebAS of your SRM-SUS Server
WebAS of your SRM-SUS Server
R/3.
Choose Next.
- System Name
- System ID
- Choose Next.
- Choose Finish.
SAP AG 33
SAP AG 2006
Connec t i on t o SUS ( I TS i n SRM Syst em)
your SRM-SUS Server.
transaction SICF.
your SRM-SUS Server.
transaction SICF.
SAP AG 34
SAP AG 2006
Connec t i on Al i as t o BW Syst em
Save your entry.
SAP AG 35
SAP AG 2006
Connec t i on t o BEx Anal yzer (i n BW Syst em)
Enter the hostname and port number of the ICM,
which is running in the WebAS of your BW Server.
Also, enter /sap/bw/bex as BSP path of the BEx
Analyzer.
transaction SICF.
Enter the hostname and port number of the ICM,
which is running in the WebAS of your BW Server.
Also, enter /sap/bw/bex as BSP path of the BEx
Analyzer.
transaction SICF.
SAP AG 36
SAP AG 2006
Por t al i Vi ew t o ABAP WebDynpr o Assi gnment
As you can see here,
the Portal iView My Purchasing Documents is assigned as WebDynpro for ABAP
to the Application powl with the Configuration /SAPSRM/WDA_SRM_PA_PURCHASING
Technically, the WebDynpro is called via URL
http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sap/powl
Please note: This iView is shipped as part of the SRM 6.0 Business Package
the Portal iView My Purchasing Documents is assigned as WebDynpro for ABAP
to the Application powl with the Configuration /SAPSRM/WDA_SRM_PA_PURCHASING
Technically, the WebDynpro is called via URL
http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sap/powl
Logon to the Portal with a user who is a Content Administrator.
Choose Content Administration -> Portal Content
Expand the content tree to Portal Content -> Content Provided by SAP -> specialist -> SRM 6.0 -> iViews
In the example, we selected the iView Purchasing Assistant -> My Purchasing Documents
SAP AG 37
SAP AG 2006
Fi ndi ng t he Cor r espondi ng WD i n t he SRM Ser ver
As you saw on the previous slide, application powl with configuration /SAPSRM/WDA_SRM_PA_PURCHASING
was assigned to a portal iView
In the SRM Server, call transaction SE80, select Web Dynpro Comp./Inf. and search for *POWL*
Expand the tree until you find /SAPSRM/WDA_SRM_PA_PURCHASING
As you saw on the previous slide, application powl with configuration /SAPSRM/WDA_SRM_PA_PURCHASING
was assigned to a portal iView
In the SRM Server, call transaction SE80, select Web Dynpro Comp./Inf. and search for *POWL*
Expand the tree until you find /SAPSRM/WDA_SRM_PA_PURCHASING
If you double-click on POWL, you can see the URL
http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sap/powl in the right frame of the window
Remember that this URL only works, if you previously activated the path /sap/bc/webdynpro, and the
corresponding sub-paths in transaction SICF.
SAP AG 38
SAP AG 2006
Por t al i Vi ew t o BW Quer y Assi gnment
the BW Query 0SR_MC01_Q0007 which belongs
to the BW InfoCube 0SR_MC01 is assigned to
the portal iView ABC Analysis for Suppliers
Please note: This iView is shipped as part of the
SRM 6.0 Business Package
the BW Query 0SR_MC01_Q0007 which belongs
to the BW InfoCube 0SR_MC01 is assigned to
the portal iView ABC Analysis for Suppliers
Please note: This iView is shipped as part of the
SRM 6.0 Business Package
Logon to the Portal with a user who is a Content Administrator.
Choose Content Administration -> Portal Content
Expand the content tree to Portal Content -> Content Provided by SAP -> specialist -> SRM 6.0 -> iViews
In the example, we selected the iView BI Reports-> ABC Analysis for Suppliers
SAP AG 39
SAP AG 2006
Connec t i on t o Cat egor y Management
The SRM Scenario Category Management requires the Business
Package BP for Category Management to be installed in the
Enterprise Portal
The Package uses the SAP WebDynpro JAVA Programming Model
A WebDynpro JAVA-based application does not only use Portal
System Objects and Aliases, but also JCO Connections
For setting up the JAVA WebDynpro JCO Connection for Category
Management, refer to the Unit WebDynpro Configuration
mySAP SRM
6.0 server
CatMan
Bids,
contracts, and
master data
SAP BW 7.0
BI_CONT 7.0.3
Basis plug-in
Portal layer
Knowledge management /
collaboration room / UWL
cProjects
4.0
cProjects
4.0
CatMan
Web Dynpro
Java application
RFC
Business package
for mySAP SRM 6.0
Business package
for CatMan
Business package
for project portfolio management
and design collaboration 4.0
http(s)
SAP AG 40
SAP AG 2006
Per f or mi ng a Connec t i on Test
Please perform a SAP Web AS connection test
for each portal system object you created.
Please perform a SAP Web AS connection test
for each portal system object you created.
Logon to the Portal with a user who is a System Administrator.
Choose System Administration -> System Configuration
Edit a system object, and choose Connection Tests
SAP AG 41
SAP AG 2005
Portal Connections
JSPM Introduction
SAP AG 42
SAP AG 2006
Por t al Ac c ess t o Mul t i pl e Cat al ogs - Ex ampl e
a user called the shop iView in the Portal.
In this example, the iView offers access to four
different catalogs.
The next slide shows, how this can be configured
a user called the shop iView in the Portal.
In this example, the iView offers access to four
different catalogs.
The next slide shows, how this can be configured
SAP AG 43
SAP AG 2006
Assi gnment of Por t al i Vi ew t o Cat al og URLs
the Portal iView Shop is assigned as WebDynpro for ABAP
to the Application wda_l_fp_gaf with the Configuration /SAPSRM/WDAC_GAF_SC
Technically, this WebDypro Module is called via the URL
http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_gaf
the Portal iView Shop is assigned as WebDynpro for ABAP
to the Application wda_l_fp_gaf with the Configuration /SAPSRM/WDAC_GAF_SC
http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_gaf
Retrieving the corresponding WebDynpro on the SRM Servers works exactly the same way a described
earlier:
In the SRM Server, call transaction SE80, select Web Dynpro Comp./Inf. and search for
/SAPSRM/*WDA_L_FP_GAF*
Expand the tree until you find /SAPSRM/WDAC_GAF_SC
Double-click on /SAPSRM/WDAC_GAF_SC
Now you can see the URL http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_gaf
in the right frame of your window
SAP AG 44
SAP AG 2006
Def i ni ng t he Cat al ogs i n t he SRM Ser ver
SAP AG 45
SAP AG 2006
Typi c al Test i ng Er r or User not i n Or g. St r uc t ur e
Administrator users might run into testing problems, because
their user is not assigned in the Organizational Structure
(Transaction PPOMA_BBP in the SRM Server)
Here is an example for a typical error message:
SAP AG 46
SAP AG 2005
Portal Connections
JSPM Introduction
SAP AG 47
SAP AG 2006
Cer t i f i c at e Conf i gur at i on
ABAP
J2EE
Enterprise Portal
+ Web Dynpro Java
System
SRM
System
1. Create Portal Certificate
2. Export Portal Certificate
3. Import Portal Certificate
4. Distribute Portal Certificate
For a detailed description, see SAP Note 711768
For a detailed description, see SAP Note 711768
To implement Single
Sign-On (SSO),
Certificates must be
created and distributed
To implement Single
Sign-On (SSO),
Certificates must be
created and distributed
Single sign-on must be configured for the SAP Enterprise Portal and for each backend system to be
integrated with the business package; the configuration procedure is the same.
The system objects for the mySAP SRM system within the system landscape have been configured with
the logon method saplogonticket.
Users must have the same user ID in all SAP Systems that are accessed using SSO with logon tickets
If you want to use SAP Logon Tickets for SSO between different systems (J2EE Engines and ABAP
Stacks), you have to exchange the ticket verification certificates.
Typically, users first logon on to the Enterprise Portal before starting an application on the backend
system. Then the general guideline is:
Export the public key certificate of the cryptographic key pair that is used for ticket signature generation
out of the store that stores it in the Enterprise Portal.
Import this public key certificate into the store in the Backend System that stores the certificate of all
trusted Single Sign-On parties.
SAP AG 48
SAP AG 2006
Ent er pr i se Por t al - Cr eat e Por t al Cer t i f i c at e
Create a new Portal
certificate, by using the
Keystore Administration
utility in the Enterprise Portal
Create a new Portal
certificate, by using the
Keystore Administration
utility in the Enterprise Portal
2
1
Log on to the SAP EP as a portal administrator. From the System Administration workset, navigate as
follows:
System Administration System Configuration KeyStore Administration
Choose Download Verify .der file.
Save the file to your user-specified location.
In the backend system:
Extract the .zip file to upload the .der file into the systems trust center.
To upload the file, go to the backend system and use the transaction strust.
Save your changes.
SAP AG 49
SAP AG 2006
Ent er pr i se Por t al Ex por t Por t al Cer t i f i c at e
Export the Enterprise Portal
Certificate to a local file
Choose (*.key) as file type
Example: KTP.key
Export the Enterprise Portal
Certificate to a local file
Choose (*.key) as file type
Example: KTP.key
2
3
4
1
5
Please Note:
SAP J2EE Engines 6.30 SP4 or later use the UME as user store.
Procedure:
Log on to the Visual Administrator.
In the list "views" mark "TicketKeystore".
Then, mark "SAPLogonTicketKeypair-cert" in the list "entries" and click "export".
Save under verify.crt, for instance. The file extension "crt" in this ui means the same format as "der" in
the previous cases.
Exporting the ticket verification certificate:
- Start SAP J2EE Engine Visual Administrator (C:\usr\sap\<SID>\JC<nr>\j2ee\admin\go.bat):
- On the lefthand tab, click "cluster and navigate in the tree to Server->Services->Key Storage
- On the right panel, select the view TicketKeystore.
- The list of entries in this keystore view shows up.
- Select the entry SAPLogonTicketKeypair-cert and press button Export.
- Both supported export formats for the certificates are also supported for import in the ABAP stack, so
its your choice
SAP AG 50
SAP AG 2006
SRM Syst em - I mpor t Por t al Cer t i f i c at e
Import the Portal Certifcate (Example: KTP.cert)
into the backend system (/nSTRUSTSSO2)
Choose type Base64 and Add to certificate List
Now, the new System (here:KTP) appears in the SSO List
Import the Portal Certifcate (Example: KTP.cert)
into the backend system (/nSTRUSTSSO2)
Choose type Base64 and Add to certificate List
Now, the new System (here:KTP) appears in the SSO List
1
2
3
4
Importing the ticket verification certificate into an ABAP Stack
In order to use SAP Logon Tickets issued by your engine to authenticate against an ABAP Stack, you
have to import the ticket verification certificate of the issuing engine.
Start transaction STRUSTSSO2
In the left panel tree expand the node Logon Ticket.
In the right panel frame Certificate press button Import certificate to import your certificate.
Add the certificate to your certificate list by pressing the corresponding button Add to Certificate List
Add the certificate to your SSO ACL by pressing the corresponding button Add to ACL
In the following popup type in your engines <SID> in the field WPS system and the client ID you
configured for ticket creation in your engine in the field Client (default is 000)
Save your changes.
Import the public key certificate of J2EE engine into the ABAP Stack:
for each client (for example: 000, 004, 888), import the certificate and add it to the ACL (enter 000 in the
field client)
Distribute the tickets on all application servers (using STRUSTSSO2)
SAP AG 51
SAP AG 2006
SAP SRM Syst em Di st r i but e Cer t i f i c at e
Do not forget to distribute the Certificates
Do not forget to distribute the Certificates
1
SAP AG 52
SAP AG 2005
Portal Connections
JSPM Introduction
SAP AG 53
SAP AG 2006
Conf i gur e t he Uni ver sal Wor k l i st (UWL)
Configure the Universal Worklist for the Business Package for mySAP SRM 6.0
A system connection for the SRM backend must already exist
Create the UWL system: SystemAdministration System Configuration
Universal Worklist & Workflow Universal Worklist Administration New
Register the UWL system under: System Administration System
Configuration Universal Worklist & Workflow Universal Worklist
Administration
Configure the Universal Worklist for the Business Package for mySAP SRM 6.0.
A system connection for the SRM backend must already exist.
Create the UWL system: System Administration System Configuration Universal Worklist &
Workflow Universal Worklist Administration New.
Create the WebFlow Connector (for the Tasks pane):
Set the System Alias as the one used for configuring the backend system.
Set the connector type as WebFlowConnector.
Create the Alert Connector (for the Alerts pane):
Set the System Alias as the one used for configuring the backend system.
Set the connector type as AlertConnector.
Register the UWL system under: System Administration System Configuration Universal
Worklist & Workflow Universal Worklist Administration.
Choose Register.
SAP AG 54
SAP AG 2006
Assi gnment of Por t al i Vi ew t o UWL
the Portal iView UWL is assigned as WebDynpro for ABAP to the Application wda_l_fp_oif
with the Configuration /SAPSRM/WDAC_OIF_SC_PROF_PURCH
http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_oif
the Portal iView UWL is assigned as WebDynpro for ABAP to the Application wda_l_fp_oif
with the Configuration /SAPSRM/WDAC_OIF_SC_PROF_PURCH
http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_oif
Retrieving the corresponding WebDynpro on the SRM Servers works exactly the same way a described
earlier:
In the SRM Server, call transaction SE80, select Web Dynpro Comp./Inf. and search for
/SAPSRM/*WDA_L_FP_OIF*
Expand the tree until you find /SAPSRM/WDAC_OIF_SC_PROF_PURCH
Double-click on /SAPSRM/WDAC_OIF_SC_PROF_PURCH
Now you can see the URL http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_oif
in the right frame of your window
SAP AG 55
SAP AG 2006
Summar y
Contents
Portal Setup for mySAP SRM
Now you are able to:
Download and install SRM Business Packages using JSPM
Configure User Management and Create Users
Setup connections to different SRM components
Understand how to configure Single Sign-On (SSO)
Configure Universal Work List (UWL)
SAP AG 56
SAP AG 2006
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained
herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP,
Intelligent Miner, WebSphere, Netfinity, Tivoli, and Informix are trademarks or registered trademarks of IBM Corporation.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C
, World Wide Web Consortium, Massachusetts Institute of Technology.

Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are
trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are
the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without
the express prior written permission of SAP AG.
This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended
strategies, developments, and functionalities of the SAP
product and is not intended to be binding upon SAP to any particular course of business, product strategy,
and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice.
SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links,
or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the
implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of
these materials. This limitation shall not apply in cases of intent or gross negligence.
The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot
links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.
Copyr i ght 2006 SAP AG. Al l Ri ght s Reser ved

05 PortalConfiguration PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

05 PortalConfiguration PDF

Загружено:

Авторское право:

Доступные форматы

SAP AG 1

, World Wide Web Consortium, Massachusetts Institute of Technology.

Вам также может понравиться