Application Monitor in the Portal - what authorization to use

Similar Messages

• Closing Server Session of a BSP application deployed on the Portal

  I have a BSP application deployed on the Portal v. NW07.  This BSP application is a tab sitting besides other applications such as My Staff of MSS.
  The BSP sets a lock like "CALL FUNCTION 'ENQUEUE' " and the backend system is SAP R/3 4.7. 
  QUESTION: How can I get the server session to terminate when the user navigates from the tab corresponding to my BSP application to the other tabs. 
  Currently, the session doesn't even close when I logoff completely from the Portal.  This BSP used to be deployed to users alone within the
  IE browser and I was able to handle session management using JavaScript code similar to what's in page 'session_single_frame.htm' of BSP 'SYSTEM'.   However, when deployed to the Portal, that piece
  of code doesn't seem to do anything.
  "Supports Portal Integration" is checked and the BSP application is stateful.
  Thanks in advance for your help.
  Achille

  for managing the backend session, all you have to do at the BSP app level is to set the supports portal integration flag, so that it generates the domain relaxation scripts.
  it (ending backendsession) is the job of portal's DSM terminator. More on this can be read from http://help.sap.com/saphelp_nw04/helpdata/en/ca/a9a7408f031414e10000000a1550b0/frameset.htm

• Hi everyone, to use the portal with many users using the same portal user?

  I have an another question is possible to use the portal with many users using the same portal user with diferent roles in the same time?
  thanks

  Hi Israel,
  It is possible to have same user logged in through differnt terminals or browser windows. However if there are say 10 roles assigned to that user, all 10 will be visible in all the windows. However you may open and work on different roles.. in the different windows.
  Note that the real time collaboration features shall not be available if the same user logs in multiple times.
  Hope this is useful.
  Regards,
  Anagha

• How to store custom application data in the Portal

  Hello,
  Is there a mechanism in the Portal whereby you can put custom application data into persistence and then retrieve it again? I don't want to use the database to store the data. I was hoping there is some API to such a mechanism that will allow you to do this.
  Of course, I also mean that I want to persist the data beyond the lifetime of a session - i.e. when the user logs off and comes back later, I want to retrieve the data again. Also, I do not want to use a KM repository, because I do not want to make the application KM-dependent.
  Any suggestions would be welcome.
  Thanks,
  Martin
  Message was edited by: Martin Ceronio

  Martin,
  do you want to store this data on a per-user basis? Then the personalization functionality might be want you want. You could define some additional properties in the portalapp.xml for your component and set its personalization to "no-dialog".
  Alternatively, you could store this information as additional attributes of the IUser object. See the following code snippet for details:
  IUserMaint mutableUser = UMFactory.getUserFactory().getMutableUser(userName);
  mutableUser.setAttribute(NAMESPACE, ATTRIBUTE, "some user-specific data");
  mutableUser.save();
  (NAMESPACE, ATTRIBUTE being some custom defined String constants that uniquely identify the attribute.
  Repost if you need further details.
  Regards,
  Dominik

• Setting up WPC usage monitoring on the Portal

  Hello Everyone,
  I have been looking for a way to report on the number of portal users accessing different areas of the portal, such as KM documents, but in particular pages and objects that have been created in Web Page Composer (WPC). I know that I can monitor KM documents and have setup reporting for this using the following blog entry.
  /people/michael.kronfeld/blog/2007/12/21/recording-access-to-documents-in-km - thank you Michael Kronfeld.
  Unfortunately, the report generated from the above setup, outputs all logged entries using a GUID rather than the KM document name, example: u201Cpolicy.docu201D.
  Iu2019m assuming that reporting on WPC activity, like the KM reporting may use the GUID method of identification, rather than the WPC object user readable name, example: u201CCareers Pageu201D.
  Following the above description, does anyone know of a way to setup monitoring/logging for WPC pages/objects (article, paragraph, etc) on the portal using a method that identifies objects in a way where user readable names for WPC objects are used?
  Thank you.

  Kiran,
  I have kind of put this one on the back burner as I have not had much luck thus far. I have however found a third party software called "Click Stream" by Sweetlets, and it looks promising.
  http://www.sweetlets.com/click_stream.html
  Hope this helps. I will update when and if I find out more.
  Regards,
  Chris

• Gatewaying an application outside of the portal

  Hello,
  I have a few small applications on a remote server that I would like to gateway without it appearing inside the portal. Is this possible?
  ~Kevin.

  hi Erica,
  take a look these docs
  'how to customize bw logon page' and 'enable bw web functionality'
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ec20a990-0201-0010-f291-d1d039975e41
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/aaa1a890-0201-0010-eb93-ae3d2bb74a78
  hope this helps.

• How can I monitor across the enterprise what the Discoverer Activity is?

  I'm told by our FM supplier that the number of Discoverer reports that are being run by users is having a detrimental impact on the general Oracle system performance. However, this is a "gut feel" and no hard facts can be produced.
  Is there a way of seeing a summary of all the reports kicked off during the day / week, and the length of time each takes to run {or some other metric that would show the complexity of the report} ?
  Thanks

  You can enable the QPP Stats on the EUL and this will tell you a bunch of information about the workbooks, who ran them, how long they ran, etc. I can't find the documentation on it right now, but it can be enabled through the pref.txt on your application servers.

• When displaying just One WDiView in the Portal what is the best practice?

  Hi,
  I´m configuring some Roles to display WebDynpro iViews and I´m concerned because when a page has to display just one iView I don´t create the Page but instead I call the iView directly into the Role and the Displayed iView is viewed correctly, my concern began cause I´m checking SAP standard roles, WDiviews and WDPages and eventhough there is just one WDiView to be displayed a WDPage is been created to display it and the WD page id assigned to the Role.
  Does anyone knows what is the best practice in this case?
  Thanx in Advanced and Kind Regards,
  Gerardo J

  there is no harm in assigning iview directly to a role but usually assigning to a page ,page to a workset and workset to a role is followed universally

• Firefox automatically installed the latest version this morning. Suddenly, it wants to download every docx file as 'application.ashx' and asks me what program to use. Even when I tell it MS Word, it garbles the document.

  I'm using Windows XP (I think), and MS Office 97 (I think), on a PC.

  Hi Mac Attack,
  My computer will not disconnect from the internet.  It seems to find a clone router and continues even when I shut down and unplug my my own home iy
  Your main question was 'chopped' in the title. Please reply in the body of a reply box with the full question and anything you have tried. And no, the long report was not helpful .
  If the same website is opening each time you launch a browser (Safari?) hold down the shift key as you launch to prevent previous pages from opening.
  Have a look at your settings in Safari > Preferences. Especially General and Privacy.
  Reset Safari to remove cookies and other stored data.
  System Preferences > General
  Have a look at your settings in System Preferences >  Security & Privacy.
  Call back with more questions.
  Regards,
  Ian

• Can you customize the Portal Page_Path item to use relative paths?

  Why does the built-in Portal page_path item generate absolute paths instead of relative paths? It would seem to me to make sense that a breadcrumb (page_path) link would always be on the current site and that relative paths would make sense.
  Is there a setting that can be changed for it to generate relative paths?
  Thanks,
  Jeff

  I don't think that the portlets lend themselves to a viewing (compact) vs. using (maximized) distinction, beyond what the "Show/Hide Folders" button provides.
  In other words, with the folders hidden, things are as small as we felt we could make them for both viewing and editing. The layout is quite liquid and can be stretched and shrunk to fit, given the realities of the items in each portlet (large quantities, long titles, etc.). The visitor tools allow you to arrange the portlets however you'd like.
  Admittedly, the WYSIWYG editor is quite large and we'd like to provide options for the user to size it for their screen or to show/hide it in a future release.
  One thing that would help would be user-selectable columns in tables I suppose. That way you could hide more columns to save space.
  At one point we put the portlet in maximized mode when the user edited something, but that required a full post of the browser, negating the benefits of the AJAX portlet refreshing only itself.
  Do you have any specific examples of what you'd like to see more compact?
  Your feedback is much appreciated.

• DVD-R vs DVD+R/ Whats the Difference & What should i use w Macbook

  i have the latest macbook. been using dvd-r and was always curious. can i use DVD+ ?
  whats the difference?
  thanks

  http://www.dvd-supply.com/whisdvdvdvan.html
  Your MacBook will burn both.
  -Bmer
  Mac Owners Support Group
  Join Us @ MacOSG.com
  YouTube.MacOSG.com
  iTunes: MacOSG Podcast
   An Apple User Group 

• Weird case involving NTLM, Windows XP and the portal

  I have a very peculiar case here for a few users.
  The users have in common that they are all using windows xp (and just migrated), though most other person (even ones using windows XP do not have the problem).
  We have implemented SSO to the portal, and done this using IIS on the portal servers. In front of that we are using IBM edge loadbalancers.
  From a troubled user perspective, when the he opens the browser against the portal, he gets the portal logon page with a message saying user authentication failed.
  I've found out what happens behind the scene and why the portal fails, but I can't explain it thoroughly.
  The user's browser reaches the portal.company.com address. IIS requests NTLM login and after a few packets, the browser sends the user's userprincipalname ([email protected]) via the NTLM login (i've documented this in the network traces from ethereal). That the browser sends the userprincipalname is the core of the problems, all other user's send the SAMaccountname. The portal reads the NTLM information and parses the userinformation (here the userprincipalname) However, we have configured our portal to use the SAMaccountname when authentication against AD, and therefore the login fails.
  If I use an DNS alias for the portal.company.com addresse, say aliasportal.company.com (actually portal.company.com is an alias for aliasportal.company.com, but don't let that confuse you), the same client that sent userprincipalname earlier, now sends the SAMaccountname and therefore gets SSO (and goes through the loadbalancer). And if I try to access one of the portal servers directly (without going through the load balancer), it also sends SAMaccountname. So basically, there has to be something with the address portal.company.com that makes the user's browser to send the userprincipalname.
  Also, this problem is not tied to the user's profile, because if he uses another pc, it works like a charm.
  <b>If you have any idea at all what could have caused this, please do contribute.. No answers are stupid (in this case). I am especially looking for details to what causes IE to send userprincipalnames, and what causes it to send SAMaccountname.</b>
  Network sniffing(some minor changes to hide information):
  This is the NTLM packet which "wrongly" contains the userprincipalname.
  No.     Time        Source                Destination           Protocol Info
       17 0.107258    xxxxx        xxxxxx        HTTP     GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1, NTLMSSP_AUTH
  Frame 17 (792 bytes on wire, 792 bytes captured)
  Ethernet II, Src: 00:11:43:7d:52:94, Dst: 00:d0:05:04:8f:fc
  Internet Protocol, Src Addr: xxxxxxxxx , Dst Addr: xxxxxxx
  Transmission Control Protocol, Src Port: 2201 (2201), Dst Port: http (80), Seq: 403, Ack: 741, Len: 738
  Hypertext Transfer Protocol
      GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1\r\n
      Accept: /\r\n
      Accept-Language: da\r\n
      Accept-Encoding: gzip, deflate\r\n
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
      Host: portal.company.com\r\n
      Connection: Keep-Alive\r\n
      Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAACkAKQAkgAAAAAAAABIAAAAIAAgAEgAAAASABIAaAAAAAAAAAA2AQAABYKIogUBKAoAAAAPZABqAHcAbABAAHMAdABhAHQAbwBpAGwALgBjAG8AbQBQAEMALQAzADkAMwA3ADEANAAjkf2i0gE5YfLWa6LaFWq/QOJVBMBK+X/0eZk41NRM7wDew37l6/jmAQE
          NTLMSSP
              NTLMSSP identifier: NTLMSSP
              NTLM Message Type: NTLMSSP_AUTH (0x00000003)
              Lan Manager Response: 2391FDA2D2013961F2D66BA2DA156ABF40E25504C04AF97F
              NTLM Response: F4799938D4D44CEF00DEC37EE5EBF8E60101000000000000...
              Domain name: NULL
              User name: [email protected]
              Host name: PC-393714
              Session Key: Empty
              Flags: 0xa2888205
      \r\n
  And this is the packet against the dns alias which works
  No.     Time        Source                Destination           Protocol Info
       17 0.103528    xxxxx          xxxxx         HTTP     GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1, NTLMSSP_AUTH
  Frame 17 (788 bytes on wire, 788 bytes captured)
  Ethernet II, Src: 00:11:43:7d:52:94, Dst: 00:d0:05:04:8f:fc
  Internet Protocol, Src Addr: xxxx, Dst Addr: xxxx
  Transmission Control Protocol, Src Port: 1825 (1825), Dst Port: http (80), Seq: 403, Ack: 741, Len: 734
  Hypertext Transfer Protocol
      GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1\r\n
      Accept: /\r\n
      Accept-Language: da\r\n
      Accept-Encoding: gzip, deflate\r\n
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
      Host: aliasportal.company.com\r\n
      Connection: Keep-Alive\r\n
      Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHgAAACkAKQAkAAAABYAFgBIAAAACAAIAF4AAAASABIAZgAAAAAAAAA0AQAABYKIogUBKAoAAAAPUwBUAEEAVABPAEkATAAtAE4ARQBUAEQASgBXAEwAUABDAC0AMwA5ADMANwAxADQAyhO3U1uCz0jn55samc+TUJmnyefvp0tXQN0VMytYEG3YDADHwRicxwEBAAA
          NTLMSSP
              NTLMSSP identifier: NTLMSSP
              NTLM Message Type: NTLMSSP_AUTH (0x00000003)
              Lan Manager Response: CA13B7535B82CF48E7E79B1A99CF935099A7C9E7EFA74B57
              NTLM Response: 40DD15332B58106DD80C00C7C1189CC70101000000000000...
              Domain name: COMPANY-NET
              User name: DAPA
              Host name: PC-393714
              Session Key: Empty
              Flags: 0xa2888205
      \r\n
  I'll be truely impressed if anyone solves this one!

  Hi Dagfinn,
  There are a few things I would check in the Internet explorer settings on the client, namely :
  -The security zones (which addresses are in Intranet, Trusted sites, etc.)
  -Check in the security settings if automatic logon with current username is enabled.
  -Look if "Enable integrated Windows authentication" is enabled in the advanced settings.
  Are you using Kerberos authentication? There's a long article on Microsoft's website about troubleshooting Kerberos errors which might give a few clues :
  http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx

• BI & Portal integration. Import BW certificate to the Portal -

  Hi
  We are in the process of integrating our newly upgraded BI 7.01 system with EP 7.01.
  We are trying to integrate BI system with our central portal, which has BI components installed. Also, this portal has been configured with SPNEGO for windows integrated authentication and we use Microsoft LDAP as our UME.
  As per documentation,  I could not find option for com.sap.security.core.server.jaas.evaluateticketloginmodule, as I can only see SPNEGO template, since we configured SPNEGO for windows integrated authentication. Can I skip this step? If so, what are the implications.  I see that this step (see below) is required for accepting SAP logon tickets from the BI system as an external system.
  In the Service Security Provider under Ticket, perform the following steps to ensure that the SAP J2EE Engine accepts the SAP Logon Tickets from the BI system as an external system.
  7. Start the Visual Administrator with %INSTALLATION_ROOT%\admin\go.
  8. Connect to the portal server.
  9. In the tree, choose <SID>/Server<#>/Services/Security Provider.
  10. Under Component, choose Ticket.
  11. Choose the Authentication tab page.
  12. Change the options for com.sap.security.core.server.jaas.EvaluateTicketLoginModule and enter the following values:
  trustedsys<Number>=<BW_SID>, <BW_CLIENT> (for example, BWP, 000)
  trustediss<Number>=<ISSUER_DISTINGUISHED_NAME> (z. B. CN= BWP, OU=SAP Web AS, O=SAP Trust Community, C=DE)
  trusteddn<Number>=<SUBJECT_DISTINGUISHED_NAME> (z. B. CN= BWP, OU=SAP Web AS, O=SAP Trust Community, C=DE)
  I also noticed that this steps is introduced from BI 7.0, as previously this step did not exist for BW 3.5 and EP 6.0.
  Thanks in advance,
  Regards
  Chandu

  If a user is to access an application deployed on the java server via SSO, using the SAP logon ticket for authentication, the login module stack that the application uses must include the EvaluateTicketLoginModule and this EvaluateTicketLoginModule must contain these ACL entries (trusteddn, trustediss etc) if the logon ticket was issued by a different system. What this means is that trusteddn, trusediss, trustedsys are required in EvaluateTicketLoginModule in order for SSO to work. You cannot skip
  them.
  If you have configured SPNego authentication, the EvaluateTicketLoginModue will still be required. So if you have a policy configuration called SPNego, and the 'ticket' logn module stack is using the SPNego configuration as a template, you simply have to configure the EvaluateTicketLoginModule in the 'SPNego' template and the 'ticket' login module stack will be updated accordingly
  If the 'SPNego' policy configuration/template does not already at least include EvaluateTicketLoginModue I would be very surprised, it is required for all ticket evaluation, even tickets issued by the same server and should exist in the template that the 'ticket' authentication stack points to. See here for an two example LM stacks for SPNego
  http://help.sap.com/saphelp_nw04/helpdata/EN/43/4bf48061215f6be10000000a1553f6/content.htm

• Unable to see an iView in the Portal

  Hi All,
  I have a scenario, where in I have an iview in a page, the page can be in the workset,this workset has assigned to a role, and this role has been give to a user,now I have a user login to the portal , i am unable to see the iview in the portal, what could be the possible reason?
  Regards
  Chandra

  If U r not getting the Role navigation structure in the portal then make sure that the "Entry point" for the role has been set to True.
  If you are getting the Role structure in the portal but not getting the iView then check the iView Property "Invisible in Navigation Area" property set to false.
  Next you can check for the iView Permission , if the User has permission for te iView or not.
  Hope now u can get the iView in the portal
  Cheers
  Chinmaya
  Reward for helpful answers

• Forcing user to save data in the portal

  Hi
    We have developed some WebDynpro applications. When these applications are in the portal , we dont want the user to navigate to another link without saving. Is there any way we can force this check.
  regs
  Steve

  Hi
    Well use the WDPortalWorkProtectMode  in Webdynpro. Check out this link
  http://help.sap.com/saphelp_nw04/helpdata/en/17/76d93f130f9115e10000000a155106/frameset.htm
  Hope that helps you.
  regards
  ravi