Outward-facing Portals and R/3 authorizations

Similar Messages

• External Facing portal design for the ESS and MSS

  Hello Portal Gurus!!!
      I need your suggestions regarding implementing external facing portal for the ESS implementation.
  What does it take to implement the external facing portal and what are the pros and cons of going for this external facing portal over just exposing the Portal with ESS over the internet?
  Thanks for your suggestions in advance!!!
  ~~~LB

  For implementing the External Facing portal.
  http://help.sap.com/saphelp_nw70/helpdata/en/04/e5b7c3de384515afeafa0dab8e44e0/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/en/43/031a22dc5d21f0e10000000a155369/frameset.htm
  For Limitations :
  SAP Note :  853509 and 916545
  Regards,
  Sandeep

• External access to Portal and CRM B2B

  Hi,
  We have the sap portal and also CRM Java ..we have deployed the CRM Business package on the portal and used the portal IView to call the CRM java application. What is the best way to expose both the portal and CRM java to the external users?
  I know we can achieve this using sap webdisatcher, but there are certain limitation in sap webdispatcher when dealing with two separte host name..so please let me know how expose both portal and crm to the external users.
  Thanks

  First of all you need to have your network infrastructure in terms of Security Zones, SAP has a standard recommendation that I have always use when possible for growing your landscape and exposing your Solutions to either internal or external users:
  http://help.sap.com/saphelp_nw70/helpdata/en/9d/44d7bc73ddce4f96f09de874350e78/content.htm
  Depending on your security needs you can have 2 portals 1 external facing portal and one internal facing portal, or just 1 portal installed in the Inner DMZ , there is no formula is what your Architects prefer and there are  pros and cons in any scenario.
  Now answering your question you do not need to expose both instances (CRM and Portal)  you only need to expose SAP Portal  because the  purpose of Portal is to provide a single point of access to your u201Cbackendu201D solutions in your case.   So Sap Web Dispatcher will be good choice or you can use a Hardware Load Balancing, if this is for external users then you need HA.
  Hope this helps.
  Juan Jose Alvarado

• What to use instead of HTMLB for external facing portals

  Hi all
  We all know that HTMLB is on it's way out and I was just wondering what to replace it with, especially when dealing with external facing portals and the simple portal framework.
  Since HTMLB and WD won't cut it the only thing there is left is the AbstractPortalConmponent.
  Has anyone had success with implementing another framework, like for instance MyFaces (http://myfaces.apache.org/) or Tapestry (http://tapestry.apache.org/), in the APC. Or perhaps someone developed a entirely new framework for the APC to use?
  If you have knowledge or ideas, please comment them.
  Best regards
  Thomas Bentzen

  Hi Harini
  I was never talking about tags, and I personally like avoid JSP's altogether (strictly personal opinion).
  I was thinking more of what to do in the long run. I mean writing JSP's for the view and using APC as the controller is not a very performant way of doing development, perhaps we should aim a little higher and perhaps implement something there already is a standard and already fulfills the requirements of x509. If we're even a little more clever than that we might choose a framework that already have support for AJAX (HttpXML requests).
  I don't really know what to do at this time and therefore was asking for ideas, on the architectural level, but also implementable.
  Any ideas?

• SiteMinder integration with the internal and external facing portals

  Hi ,
  We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
  and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
  If you maintain  2 diff(external & internal) LDAP Directories in Siteminder Policy Server  what about  external users which are  not exit in portal data source .
  I appreciate if anyone  can help me for my above query .
  Regards
  Tag

  Hey Tag,
  We do have a physical external Portal and a physical internal portal.  The both the external and internal are connected to 2 LDAP directories.
  For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory.  The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
  So each one of them is connected to 2 different LDAP Directories.
  I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server.  Then each of the Policies is configured to connect to the approiate LDAP Directories.
  You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server.  It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
  Hope that helps.
  Regards,
  Keith

• External Facing Portal with access to ITS via Transaction Iview

  Hi Experts,
  We have a requirement to make the portal available externally for third party vendors to access ECC transactions.  We have configured a URL with a reverse proxy to the portal server.  Portal loads fine from outside the network, but when launching a transaction I-view, a page cannot be displayed error comes up in IE-8 and Chrome says it cannot access the ECC server. 
  I've searched the forums and come up with a couple of tips, but that brings on a couple more questions. 
  It seems you can direct traffic from external URL to portal server:port, but when launching an transaction I-view, it needs to be redirected again to the ECC server:port/sap/bc/gui* (or something like that for SICF GUI service).  Question here is, once this redirect happens, technically the ECC box is now available externally vs. only the portal?  Is this recommended?
  Other option I've found is to try and use IAC I-views instead.  Is this really much different than a transaction i-view in how portal handles the opening Iframe?  Does it allow backend connectios without rerouting internet traffic to the backend server?
  Are they any other options to make this type of setup work for external facing portals using transaction iviews to access ITS?
  Thanks for the help!

  Hi
  Did you able to resolve the issue. We have installed Web Dispatcher through we are able to call the EP but when calling the transaction iViews page not found error pops up, since from EP server request to ECC goes via the URL http://<ecchost.domain>.:8000/sap/bc/gui/sap/its/webgui?sap-client=100.
  Thanks
  Murthy

• The problem about  integrate  Portal and R/3

  Hi everyone :
     We want to achieve that our vendor can query R/3 report via our Portal. I had done SSO configuration.
     But we had about 500 vendors, it is impossible that we create 500 R/3 users for our vendors,  because the cost is too much .
     And there is another problem, vendor who had the authorization to query report can query the other vendor's data at same time. But we expect that certain vendor can query his data only.
     I think this is a general problem when integrate Portal and R/3, BW .
     Is there somebody had solved this problem or give any advice?
     Any discuss is welcome.
  Best Regards,
  Jianguo Chen

  Hi,
  I would say: get in contact with your SAP account manager anc check which options SAP can offer you...
  Normally every user using a R/3 system has to have a valid user license in that system. Expecially when you want to access control to data on user (vendor) level you nedd to identifiy the user clearly and uniquely which by standard means you need a user for every vendor.
  Hth,
  Michael

• The problem about  integrate  Portal and R/3 : vendor query report problem

  Hi everyone :
     We want to achieve that our vendor can query R/3 report via our Portal. I had done SSO configuration.
     But we had about 500 vendors, it is impossible that we create 500 R/3 users for our vendors,  because the cost is too much .
     And there is another problem, vendor who had the authorization to query report can query the other vendor's data at same time. But we expect that certain vendor can query his data only.
     I think this is a general problem when integrate Portal and R/3, BW .
     Is there somebody had solved this problem or give any advice?
     Any discuss is welcome.
  Best Regards,
  Jianguo Chen

  Hi,
  I would say: get in contact with your SAP account manager anc check which options SAP can offer you...
  Normally every user using a R/3 system has to have a valid user license in that system. Expecially when you want to access control to data on user (vendor) level you nedd to identifiy the user clearly and uniquely which by standard means you need a user for every vendor.
  Hth,
  Michael

• Change Password Screen error in - External Facing Portal

  HI,
  We have developed an external facing portal for anonymous users and the EFP has protected content which will redirect the users to enter logon information to access it.
  The process of authentication also working well in EFP but we are getting some strange error when the password was "reset' by administrator.
  Here is the process...
  1. Password 'reset" by administrator
  2. user clicks on "protected content"
  3. Logon screen displayed
  4. After entering details, should be redirected to change their password but instead of that we are getting "Java iView Runtime error"
  I need expert views on this to solve.
  This is happening only when accessing EFP, user will be redirecting successfully to change password screen when accessing through "/irj/portal"
  Any solution.
  Thanks
  MMK

  Here is the scenario ..
  1. User's password was reset by administrator.
  **That's fine.
  2. User gets redirected to change their password when logging (first time after reset) ... when accessing via .. http://<server>:<port>/irj/portal
  **That's ok too, this is just a redirection.  At this point I would be doing https for external customers though.
  3. Occured "Java Ivew run time error" when the user trying to login from External Facing Portal ... via .. http://<server>:<port>/irj/portal/anonymous?guest_user=partners
  **At this point you will have to look at your .trc log files. (logviewer)   If this is just an access denied issue then look at permissions in the roles or groups.  If you are assigning a new password, is that effecting a group or system membership?  The .trc files will give a heads up.

• Help needed in Externtal Facing Portals

  Hi  all ,
    Grateful if anyone can help me in configuration & implmentation of External Facing Portal .
  I need to convert my intranet portal to a webportal .
  Thanks in advance ,
  Ravi Shankar

  Hi Ravi,
  Along with those links check the following also,
  Nuts and Bolts of the External Facing Portal (EFP)
  http://help.sap.com/saphelp_nw04s/helpdata/en/43/8976ab39a90c8ce10000000a11466f/frameset.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/c0f228d2-0901-0010-7aaa-835b1f836f78
  Regards,
  Tamil K

• Connecting to R/3 system from External facing portal

  Hi folks,
  We have implemented an external facing portal where all the users are been stored in a separate CRM system. Hence for checking whether the user id and password is correct we are using a CRM BAPI call. For making a CRM BAPI call we have created an alias from the portal end to the CRM system and the authentication type which we choose was SAP Logon ticket. Now my question is:
  1. Will the SAP logon ticket will be created automatically or not as the users are not stored at the portal but in CRM. If it is not going to create a SAP logon ticket then how this can be achieved.
  Your thoughts are highly appreciated.
  Regards,
  Ponraj M

  You have to user user mapping. Choose UIDPW for the logon method.
  From user mapping menu choose the generic user/password which you will be using to call the BAPI.
  Regards,
  Prasanna Krishnamurthy

• Short URL in the Form of Text Message like SDN for Enternal Facing Portal

  Hi,
  For the External Facing Portal, We are using the Light Frame work with Light Top Level Navigation and customized it for look and feel.
  When we publish the Anonymous User role for the EFP, and navigate through the roles, The Portal URL is getting added with Short URL's (NavigationTaeget.....)
  How to make this Short URL's in the form of Text Messages like example in SDN
  After clicking the Forums the URL shown is like https://sdn.sap.com/irj/sdn/forums instead of Short URL.
  We are looking for some thing same.
  Regards
  Sumanth

  Hi Sumanth,
  Short URL is automatically created by portal.
  So you cant make the short URL in the form of text message.Refer the following link
  <a href="https://weblogs.sdn.sap.com/pub/wlg/2452">https://weblogs.sdn.sap.com/pub/wlg/2452</a>
  <a href="http://help.sap.com/saphelp_nw70/helpdata/en/b3/7b8163404448e7aad7899c0b30313e/content.htm">http://help.sap.com/saphelp_nw70/helpdata/en/b3/7b8163404448e7aad7899c0b30313e/content.htm</a>
  Regards,
  Hemalatha

• Flickering Problem in external Facing Portal

  Hey
      we had some problems developing our external facing portal mainly because of general flickering of the web page ( the page height is set to automatic and it causes the borders to adjust constantly to the current content height).
    we have a partial solution for this with:
  meta http-equiv="Page-Enter" content="blendTrans(Duration=.01)"
  meta http-equiv="Page-Exit" content="blendTrans(Duration=.01)"
  this works just as we want, but it seems to have no effects on the first page of every new browser window. have anyone faced a problem like this before?
  P.S - Our isolation method is URL and thats
  thanks

  thanks for the reply , i would like to wait a bit more for similar answer to this problem. so far all the external facing portals i have seen with URL isolation method on IViews have this problem.
  With my partial solution the render time looks a lot faster compared to the embedded Isolation tought.
  please reply if you know why the meta tag is not working on the first time you open a page on a window
  thanks
  Edited by: Phatinox on Jun 28, 2011 1:03 AM

• ISE Guest Portal and one more SSID using internal accounts

  Hi Guys,
  I have two SSIDs on WLC, the first is related with ISE Guest Portal and the second is related with employee but i realize that the
  Guest user can access the employee SSID and employee accounts can access the Guest portal page.
  I guess this is happen because i cannot split these databases under "Internal Users" on Authentication Policy.
  How can i restrict the access even if i am using the internal databse?
  thanks a lot

  using the Authorization policy is the right way.  Match the corp ID store to the corp WLAN SSID ID in the AuthZ policy, for example (where Employee is your corp ID store and yyyy is the name of your corp SSID):

• Error when execute an external-facing portal

  Hello world,
  I would like to make  an external-facing portal for anonymous users who want to access to my iviews created by Visual Composer (I don't know if it's possible)). I have read some documentation about it. I began create a Light Portal Desktop and a Light Framework Page, I gave permission to user called Guest to my Role,.... When I execute this link http://localhost:50000/portal/anonymous, I have this error in Log Viewer :
  com.sapportals.portal.prt.component.PortalComponentException: Error in service call of Resource
  Component : pcd:portal_content/com.bycn.fdContentBYCN/com.bycn.fdPortalDisplay/com.bycn.fdPortalDesktop/lightDesktop/frameworkPages/lightframeworkpage/com.sap.portal.lightinnerpage/com.sap.portal.lightDetailedNavigationTree
  Component class : com.sap.portal.navigation.LightDetailedNavigationTree
  User : Guest
  My version of SAP Netweaver is 2004s 7.00 SP11
  Have you an idea please ?
  Best regards
  Francois

  Hi marcus,
  Finally i use Default Desktop Portal instead of Light Desktop Portal because his limitation, and now I can
  see my iView (it a Visual Composer iView) always for anonymous user (here "Guest"). My problem is in my
  iView I have some drop down lists filled dynamically with the java web services. In fact, it seems these web
  services don't work with anonymous user, only with authenticated user.
  From portal System Administration / System configuration, I added to alias of the web
  service a permission for 'Guest' user ("Administrator" = "Read", "End User" = "checked") and in System
  administration / Permissions /  Security Zones / sap.com / Netweaver.Portal / low_safety /
  com.sap.portal.systems.webservices / components / webservice_system, I added also permission
  for 'Guest' user ("Administrator" = "Read", "End User" = "checked"). My web sefvices don't have authentication polycies and in his property the Logon Method = "NONE".
  With these modifications, the web services don't work always. Is it possible anonymous users cannot access to back-end system through iViews ?
  Best regards
  Francois