Accessing SAP JRA programmatically and passing SSO credentials
Hello,
If you don't mind, can you please explain how to pass the SSO2 ticket to the JRA ConnectionSpecFactory class? The createConnectionSpec method doesn't appear to support an SSO2 ticket to generate the javax.resource.cci.ConnectionSpec object. Or is there another way to pass credentials to the JRA object, maybe by setting a "Properties" map to include the SSO2 string?
If this all seems like jibberish the scenario is this. I am trying to perform a JNDI lookup of the JRA object already defined in NW and perform an RFC call to the Application server using my SSO2 credentials. I have setup the ra.xml file authentication mechanism like this:
<!-- used on WEBAS 630 for SAP Logon Tickets -->
<authentication-mechanism>
<authentication-mechanism-type>Kerbv5</authentication-mechanism-type>
<credential-interface>javax.resource.spi.security.GenericCredential</credential-interface>
</authentication-mechanism>
<reauthentication-support>true</reauthentication-support>
What else do I need to do in my Java application to pass my SSO2 ticket to the JRA object? Any and all advice is greatly appreciated. Thanks.
Sam
Showing transaction screen directly without showing login page using webgui
How to pass parameters for second screen to SAP webgui URL
You have several options to do what you want. You can use SSO (Single Sign On), so you have to sign in only first time and with user mapping access all systems.
Another option is pass user&password (security risk) as url parameters:
- sap_user
- sap_password
- sap_config_mode = true
Last one, you can define an ITS service (using SICF transaction) and configure authentication options on "Logon data" tab.
[http://<ServerName>:8000/sap/bc/gui/sap/its/webgui?sap-user=<UserName>&sap-password=<Password>&language=EN&~transaction=*RZ20]
Similar Messages
-
Accessing sap tables data and display in webi
Hi all,
i installed business objects edge series.
i want to access SAP tables data and display in webi for adhoc reporting.
Is there any process to achieve this.Hi
currently (April 2010) you have the following options:
1. You load your R/3 data into an SAP BW and use universes based on BEx queries to create WebI reports
2. You can use SAP rapid marts. They contain Data integrator mappings (you need an installation of the DI for this) to extract and load your SAP R/3 data into a relational database. Additionally they provide universes (based on a relational schema) hich ill allo you to build WebI reports.
3. You can use the R/3 connector for the Data Federator (You need a DF installation for this). Please note that the R/3 connector is not yet a product rather just a PROTOTYPE. Take a look here: SAP BusinessObjects Web Intelligence Reporting for SAP ERP [original link is broken]
4. You can try to access the underlying database directly using the appropriate DB drivers. Please note that this is NOT RECOMMENDED. This way you cannot leverage security defined on the R/3 side in your WebI reports and you will not be able to access all data as available in R/3 since some of them are stored encoded/compressed in the underlying tables.
5. Instead of WebI you can use Crystal Reports and the R/3 drivers (eg. SAP Tables, Functions, Cluster) provided when installing the integration kit for SAP.
Regards,
Stratos -
Security of Service Oriented Architecture and Passing the Credentials
I have posted this in SOA Suite forum, but it is a general and conceptual question and I hope that I can receive educating responses here.
With all agent and gateway concepts and the facilities SOA Suite provides, it seems to me that there is a gap between these modules: Web Service, ADF(Web Applications) and finally Identity Management. It seems to me that the security information does not pass between them smoothly. Please correct me if I am wrong.
It is a common scenario that a BUSINESS PROCESS-consisting and making use of a number of web services-starts from a button in a web application. As I understand SOA Suite let me add gateways and write custom agents, which protect the web service.
But Consider these:
- The user who has logged in to access the web application needs to login again to access the coarse grained web services (the business process)
- Even if we keep the username/password information in the session to pass to the coarse grained web services, it is not passed to the fine-grained web services within the business process. So: they are either unprotected by default, or we need to CODE security inside each while calling the next. In other words the security of web service is dependent on the caller and the called web service.
- SAML and all those credentials do not make any help. You should write code to generate SAML assertions and pass it to the first web service, then pass it to the web services one by one.
I wonder why there is not a scheme (or maybe there is and I don't know) that lets us read session variables or enforce container level security for both web services and web applications at the container or service provider level. (for example I could imagine that we could set the security of the web service in OC4J to be enforced as single sign on for all applications and web services associated with OID)
I really appreciate any comments and wish we could have an informative discussion on this.
Best Regards,
Farbod
P.S. Ram's reply here was useful but my points are still there:
Re: Web Services Manager Control, SOA Suite, Retrieving Roles from OIDHi ,
Refer these links, it will helps you.
http://www.soa.com/solutions/sap/sap_soa_governance/
http://it.toolbox.com/blogs/the-soa-blog/soa-diagram-16952
http://www.sap.com/services/bysubject/soa/index.epx
with regards,
surya -
C_TSCM52_05 SAP certification for SAP MM pattern and pass percentage
Hi Experts,
Good day every one.
Can any one please let me know if you appear for the sap mm certification.
i need the pattern and pass percentage.I am going to attend in december.
i want share my experiences with you after completion.
please some one who attended most recently or if you have any known informatiom let me know.
Thanks in advance.
Best Regards,
Babu,
9930154536Hello,
Pass grade is 63%.
You will have multiple answer questions, you will be told how many choices you should select, if you miss one the whole question will be marked wrong and you won't get points for the options you got right.
Also you will have single answer question...
I took it last month and passed it, you should study hard and read the material at least 3 times,
good luck -
Access SAP B1 Outlook Integration Add-On credentials in Outlook VBA
Hi.
Is any possibility to get SAP B1 Outlook Integration Add-On credentials(SAP username, DB, Company) in outlook macro after user
logged in SAP with the add-on? I'm creating deliveries in macro and would like not to hardcode login/password in vba code but pick it from the add-on if possible.
ThanksDear Vijay,
Could you explain how did you get this failed status in the first place?
Thanks,
Gordon -
How to access View object programmatically and ...
Hi,
I have a hypothetical situation. I have for example a VO based on Emp and a data table in the UI with a button.
When pressing this button I want to call a method that will programmatically read in teh values of the current row and then update a field in the UI (say an outputText).
My problem is I am not sure where to pu this logic. I thought I shouldI create a new method in the Application module then bind that methid to the button. By having the code in the AM then it can easily access the VO attributes. But how can the method in the AM access the values in my backing bean and set them or read them ?
I am not sure where to put the code - I could put it in teh backing bean and call teh application module from there but the manual doesn't really recommend that I think.This is probably logic that should be in the backing bean in a method that is activated from your button.
The ADF Developer Guide shows you how to do it here:
http://download.oracle.com/docs/html/B25947_01/bcservices005.htm#sthref681 -
Cannot access Apple store.ID and pass are ok
Cannot open apple store, no error message, just stops after a while
Hi Lucifromrom,
Welcome to Apple Support Communities.
The iTunes Store article linked below provides excellent troubleshooting steps conenction issues, which should also help you resolve the App Store connection issue that you described above.
iTunes: Advanced iTunes Store troubleshooting
http://support.apple.com/kb/ts3297
iPhone, iPad, and iPod touch: For best results accessing the iTunes Store on your iPhone, iPad, or iPod, be sure your iOS is up to date.
If you are having issues accessing the iTunes Store after updating to the latest version of iTunes or iOS, please see the steps below for troubleshooting tips. Some sections only apply to specific devices or operating systems; each section header is noted to indicate this.
Isolate the issue: (Mac OS X, Windows, iOS)
Make sure the issue is with the iTunes Store only. (You need an Internet connection to access the iTunes Store).Open a secure website to test if you are online as is necessary for the iTunes Store. This also tests if the main ports 80 and 443 are accessible. If the website works but the iTunes Store does not, it is most likely a firewall blocking the iTunes software or servers. If this is the case, follow the steps in the "Blocked by software firewall" section below.
Test using another device.If possible, another device, ideally on a different network, would help troubleshooting any iTunes Store issues most efficiently. If another device on another network has issues, the iTunes Store may be undergoing maintenance, and will be available soon.
Test using another network.
Connect your computer or device to another network and testing helps determine the next step. This is also helpful if multiple devices are affected.
If your device can connect to Wi-Fi and a cellular network, larger downloads may not be possible over the cellular network.
If the issue disappears while connected to another network, you may need to work with your support options to open access to:
itunes.apple.com
ax.itunes.apple.com
ax.init.itunes.apple.com
albert.apple.com
gs.apple.com
ax.phobos.apple.com.edgesuite.net
mzstatic.com
Note: iTunes may use the fully qualified version of these addresses for additional security.
iTunes uses well known ports and these ports may need to be opened for iTunes: 80, 443, 3689, 5297, 5298, 5353, 8000-8999, and 42000-42999.
It is critical that your date, time, and time zone be correct:iOS:
From the home screen, tap Settings > General > Date & Time.
If the option exists, turn off Set Automatically.
Verify the time zone and time (in the status bar) are correct for where you are currently.
If not, adjust the incorrect setting accordingly.
If everything was correct and the option exists, turn on Set Automatically.
Remove any restrictions that may be causing the issue:iOS: Restrictions can limit your ability to purchase some content. Check restrictions via Settings> General > Restrictions if you're unsure about those settings.
After isolating the issue to iTunes by following the above steps:
If the issue still occurs and iTunes displays an alert message with a specific code, please see the section below titled "Specific Conditions and Alert Messages" for additional troubleshooting steps.
If the issue is still not resolved and there is no specific code or alert message, you can visit the iTunes Store Discussion Board to try to find additional information for help resolving your issue:
You can also contact AppleCare to discuss your support options. Depending on your product’s coverage status, you may need to pay for support.
iTunes Store Discussion Board (Mac)
iTunes Store Discussion Board (Windows)
New routers or a new Internet Service Provider (ISP) may limit your ability to connect to iTunes Store. Let your router manufacturer or your ISP know about the ports and servers in this article and confirm that they are compatible.
-Jason -
My experience of SSO between SAP Portal6.0 and non-Sap Application
Firstly I announce that I am not a Sap developer or a Sap Consultant. I am a Cognos Consultant. I need do SSO between Sap Portal and Cognos Portal in my project, So I have to make SSO between two portals.
I tested SSO between the two products on IIS5 of Windows XP and IIS6 of Windows 2003 and passed.
Step 1: Copy sapsecin.exe and sapsecu.dll on any directory where you want, such as C:PortalSecurity
Then add this directory to your Environment variable PATH. You can find the two files on sapserv<x> under general/misc/security/SAPSECU/<platform>;
Step 2: Copy your Filter ISAPI Files IIS_SSO.dll or IIS6_SSO.dll in any directory where you want, such as C:PortalFilter. You can find this two files on SAP note 442401.
Step 3: Get you verify.pse which is located in
<irj>
ootWEB-INFpluginsportalservicesusermanagementdata and put it on the same directory with your ISAPI Files ,such as C:PortalFilter
(According Sap Support articles , IIS_SSO.dll should be used on IIS 5 and IIS6_SSO should be used on IIS 6,but I can not load IIS_SSO.dll on IIS 5 of Windows XP, I use IIS6_SSO.dll );
Step 4: Create a new file named verify.properties , the content of this file see the appendix A;
Step 5: Load the IIS6_SSO.dll on your IIS. On IIS5, Select Website PropertiesISAPI FilterAdd IIS6_SSO.dll and name it wp . On IIS6,do as such and Create a Web Extensions named wp and allocate file IIS6_SSO.dll. Finally restart the www service.
I
If you can load the filter successfully, you will see the filter color is green.
On IIS6,Maybe you find that you cant load your ISAPI file IIS6_SSO.dll, Its state is unloaded and its color is red. I am confused by this question long time. I finally found you must install some R3 dll files on your system! The .dll files which I mentioned can be found in SAP note 684106, put it in a same directory with your security files, such as C:PortalSecurity and restart your web server.
(The steps above I reference Chris beck s topic)
Step 6: I write an ASP file named headerdumper.asp on my website and create a i-view to show my asp file in SAP Portal. If you succeed, you can see the http header variable<your logon name> in ASP page. If you application can receive http header variables, then Congratulations! You have apply SSO successfully.
If your log file show Can't find MYSAPSSO2 ticket cookie for URI "" on host "", dont worry about it. I am confused by this question long time though. I found the key cause the errors are cross domain or different DNS suffix.
I tested 3 scenarios :
1 if your Sap Portal URL is http://sap-server:50000/irj/protal ,and your asp file is located in http://sap-server:80/headerdumper.asp, You cant access this asp page from i-view . I am sorry that I have no idea about this.
2 if your Sap Portal URL is http://sap-server:50000/irj/protal ,and your asp file is located in http://your-server:80/headerdumper.asp, Your log will show Can't find MYSAPSSO2 ticket cookie for URI "" on host "". because they have no domain name, which is seemed that they meant different domain.
3 you must deploy your asp file and sap portal like below ,So you can apply SSO correctly:
you must access SAP Portal like : http://sap-server.domain.com:50000/irj/portal
you must access your asp file like http://yourserver.domain.com:80/headerdumper.asp
then add your asp file as i-view to your SAP Portal which URL is like above , you can get Http header variable correctly.
I am not an native English speaker, I hope you can understand what I said.
Appendix A The Content of Verfy.properties
remote_user_alias=REMOTE_USER
pse_file=C:PortalFilterverify.pse
application=portal
log_file=C:PortalFilterverfy.log
log_level=3
cache_size= 1000
Appendix B The Code of headerdumper.aspI'd recommend to cross-post your inquiry to the Security
-
Hi there,
I like to use SAP JRA within a JBoss Application Server, I use the rar-file provided by Web AS. I knew that there were other posts regarding this topic, but they did not really answer my question:
The Thread
JCO and JRA under JBoss
says:
u201Cthat you use in JBoss the standalone JCO. But JRA needs the JCO provided withing SAP Web AS.u201C
I get the same error mentioned in the Thread above. Does the above mentioned mean if I use the JCO provided within SAP WEB AS in JBoss than this will work? Iu2019m really confused can you help me??
Thank you all!!A few more hints, the quick version
JRA via BLS logfiles are usually placed in
C:\usr\sap\<SID>\JC00\j2ee\cluster\server0\, in my case called dev_rfc.trc.
JRA Connections can be found and verified with the following tool.
http://localhost:port -> Web dynpro -> Web dynpro console -> Jco connection pools.
In Visual administrator -> Server0 -> Services -> Connector container -> Your JRA name. Select the connection name belov and select tab Managed connection factory, then properties.
Here you can add one of the following
Trace - Enable/disable trace on all middleware layers(true or false). On default is false.
TraceRFC - Enable/disable RFC trace (true or false). On default is false.
TraceJCO - Enable/disable JCO trace (0 for none, 10 for highest level). On default 0. Type Integer.
TraceJRA - Enable/disable JRA trace (0 for none, 10 for highest level). On default 0. Type Integer.
Which enables further logging, also found in the dir.
C:\usr\sap\<SID>\JC00\j2ee\cluster\server0\. -
How to access SAP netweaver development Studio and PDK?
Hi All,
I have access to EP server on my machine with super admin role .Is there any way I can acess SAP netweaver Developer Studio and PDK through EP server or I have to install in my local machine?
Thanks in advance,
Jasmine.You'd want to install the NWDS application locally no matter what (unless everyone has a thin client/citrix connection via dumb terminal). You can however, opt to install a local instance of EP or use a central instance. Here's how I see the two approaches:
1-install the NWDS on developers' machines and deploy to a development instance of EP
<b>PROS:</b>
i-developers can develop locally and only connect to the EP server for deploying/testing
ii-share development (although not very efficiently) and test each others' iViews etc.
iii-demo your work online to business users directly
iv-connect to the corporate SAP R/3 and other ERP systems
<b>CONS:</b>
i-you can only use this while connected to the network
ii-could be slow over a slow/remote network connection
iii-developers may not be able to do everything on the portal server (may not have super admin access)
2-install the NWDS on the developers' PC along with a test EP environment
<b>PROS:</b>
i-develop and deploy locally, without a network connection, anywhere and anytime, fast and efficient
ii-enjoy full access (super admin) to the Portal - to be able to test pretty much everything
<b>CONS:</b>
i-may not be able to connect to the company SAP R/3 and other ERP systems, unless you're connected to the network and have configured the connections
ii-not able to get others to test or demo your development without having to port them to a central EP instance
I think a developer needs every resource they can get, therefore I suggest a combination of the above two scenarios, an instance of EP locally and a central instance of EP for the best of both worlds -
NW Business Client and accessing SAP services via web pages
Hi all,
We currently use Business Connector to access our SAP environment via web pages. We looked at NW eSOA but decided against implementing it. Does Business Client offer anything that helps access SAP apps and data from a custom web site better the Business Connector?
Thanks in advance,
TomTom
I am assuming you are using SAP Business Connector in your landscape to connect to back end SAP systems from your web applications. Your question now is that if business client can let you access SAP data for your web pages instead of the business connector. Point to not here is that Business client, as the name implies, is just a client with single point of access for SAP screens. That means, you can access traditional SAP transactions, WebDynpro screens, BSP pages, Portal screens etc in one single client. In very raw terms, Business client acts (or replaces) as your browser. It is not going to provide you any out of the box integration with backend system rather just act as a window. You options at this point are
1) Use your existing webpages but instead of getting data from the backend system through business connector, get the data using webservices.
2) Use PI as middleware tool and get the data from backend SAP system
3) Stay were you are but deal with high cost of ownership.
Thanks
KK -
Cant login with sap* and pass
Hi,
I created a new entry in SCC4 for new client 100 in nw2004s and now i saved them and tried to login with 100 client sap* and password as pass, but i am not able to login with this default password for client copy.Surya,
In NW2004s by default the "automatic" SAP* user is not created. This is controlled by a parameter setting in the profile, which you can edit with RZ10. Open the instance profile, create parameter "login/no_automatic_user_sapstar" and set the value to 0. Save and activate the profile, restart your system, and now you'll be able to login with SAP* and pass.
After you finish the client copy, you may want to deactivate this parameter again, for security.
--Matt -
Hi,
I have both SAP BI 7 and 3.5 in our test environment. I have BO XI 3 also. Is it possible to get the credentials from both the SAP environment into a single BO XI 3 instance.
I am newbie. So please bare with my questions.
Thanks & Regards,
Subbu SHi,
in CMC under Authentication you can define more than one authenticating SAP systems. Just make sure that you have imported the related transports and that you have defined a technical user with a related authorization profile in each of the systems you want to use for authentication.
Regards,
Stratos -
Problem: Accessing BAPI using SAP System Connector and setting SELOPT_TAB
Hi,
I am trying to use the SAP System Connector (based on JCA) to connect to a BAPI and do a search for a customer with EP SP15. (Using BAPI_CUSTOMER_FIND).
I established the connection and can set simple input parameters, however I didn't find a way for setting the SELOPT_TAB in the IInteraction instance.
This is what the table should contain:
Table SELOPT_TAB
Field Content
COMP_CODE SPACE
TABNAME KNA1
FIELDNAME NAME1
FIELDVALUE Ma*
Here the import parameter:
IMPORT-Parameter
MAX_CNT 100
PL_HOLD X
And here the code for the IInteraction without the SELOPT_TAB that I want to include.
// Get the Interaction interface for executing the command
IInteraction ix = connection.createInteractionEx();
IInteractionSpec ixspec = ix.getInteractionSpec();
String functionName = "BAPI_CUSTOMER_FIND";
ixspec.setPropertyValue("Name", functionName);
String function_out = "RESULT_TAB";
RecordFactory rf = ix.getRecordFactory();
MappedRecord input = rf.createMappedRecord("input");
// put function input parameters
input.put("MAX_CNT", "100");
input.put("PL_HOLD", "X");
MappedRecord output = (MappedRecord) ix.execute(ixspec, input);
Does anybody know how to set the SELOPT_TABLE as input parameter?
Any help would be appreciated.
Regards, AndyMaybe your application isn´t run in x84
#Go to properties of your project ->Build -> changed platform target of "Any CPU" to "x86"
#Copy these libraries from our 32-bit environment :
*SAP.Connector.dll
*SAP.Conector.Rfc.dll
*librfc32.dll
*msvcp71.dll
*msvcr71.dll
In 64 bits environment:
1. librfc32.dll to C:WINDOWSsystem
2. msvcp71.dll to C:WINDOWSsystem32
3. msvcp71.dll and msvcr71.dll to C:WINDOWSSysWOW64
4. SAP.Connector.dll and SAP.Conector.Rfc.dll to C:WINDOWSassembly (DRAG) -
Open SAP window from browser and pass values
Hi,
I am developing JSP application and I want to open and pass some values to mm03. Is there any possible way to do this .Hi,
You will need to do a function module with a bdc to call MM03.
Then you can pass the parameters to the function module and run MM03.
Maybe you are looking for
-
Will having one apple id on 2 devices cause problems
i have an ipod and will soon be getting an ipad. i want to share apple id's but dont know if doing that will cause anything deletd from yhe ipad to delete off my ipod or if downloading wil download on everything please help p.s they are running diffe
-
HT4528 itunes is not recognizing my new iphone 5c when i plug into my lap top
my new iphone 5c is not recognized by itunes when i connect with a cable to my win 7 laptop. when i plugged in a new ipod itunes immediately asked me to register it with itunes. no iphone icone when i plug into itunes??? any ideas
-
In the past week Facebook has stopped working correctly and it is only happening with Firefox. Can't comment. click like. update status edit settings, send messages or chat.
-
Want to make a "small book" theme that works with "buy book" function
I have made a handful of custom themes with the intention of having them printed via the Aperture "Buy Book" function. It seems like this should be possible, given the correct parameters being used when creating a theme. Not so fast... I have had zer
-
hi, i am using oracle 11gr1 in windows server service pack2.i have generated scripts to kill the user using alter system kill session 'sid,serial# and then dropping the same user.But at times i get the error that cannot drop user who is currently con