Forefront Unified Access Gateway (UAG) and SAP portal

Hi Guys
Do you have experience or knowledge about the integration of UAG as a reverse proxy for SAP Netweaver portal 7.0?
We are trying a setup where the SAP NW portal uses SPNEGO/kerberos authentication (and it is working), but when accessing the SAP NW portal through UAG we get a "HTTP basic authentication" prompt, while SPNEGO login module fails.  UAG can be configured to use kerberos contrained delegation, but it does not work for us.
Anyone who have setup UAG - SAP NW portal integration ?  Did you succed with any SSO: Which authentication mechanism' did you configure in UAG and i J2EE?
Best regards
Tom Bo

Hi Tom,
I work as a consultant for various customers who seek my companies expertise in Microsoft Forefront security.  I published SAP Portal 7.0 for my customers and was able to provide seamless single sign with UAG.
We configured NTLM authentication in UAG.   We then configured SPNEGO and enabled fall back to Basic Authentication on SAP.  This should work but you may need to write some authentication modification scripts if you are getting username/password errors.
In addition, we did strong 2-factor authentication with RSA for one customer.  Some of our customers also ask about enabling endpoint detection to do things like,  If you dont have an updated antivirus, then you the user cannot download any documents from SAP.
Thanks!
Dennis Lee
Celestix Networks
Edited by: Dennis Lee CLX on Mar 17, 2010 10:06 PM

Similar Messages

  • Access denied (Object: com.sap.portal.system/security/no_safety)

    We are implementing EP 6.0, currently with SP11. We have developed some iViews, which are using RFC functions to get information from backend system, in this case SRM.
    Everything worked fine, till the day we’ve transported those developments into other systems (production and testing systems). We are getting the following error Access denied (Object: com.sap.portal.system/security/no_safety). This error only comes out if the iView is called from inside another one, if called isolated it works fine.
    Does any one have any idea about how to solve this?

    Hi AA, you can find in the log file in order to identify what is the object that you need to add in the security zone.
    You can find information for the security zones on:
    http://help.sap.com/saphelp_nw04/helpdata/en/25/85de55a94c4b5fa7a2d74e8ed201b0/content.htm
    Regards.

  • Can the KM be accessed by another non-sap portal?

    Company has portals based on Vignette.
    Also has SAP CRM, where a catalog is based in KM.
    Can the Vignette portal or Vignette Content Management System connect to KM?
    Can any other CMS's connect to KM?
    I would ask on a Vignette forum, but I haven't found one yet.
    Thanks!

    Hi Eric,
    >> I know this isn't the ideal place to ask a Vignette question...
    You may feel free to do so.
    But the answer is:
    The SAP Portal can access Vignette through iViews, KM in the Portal offers an API (the Repository Framework API) to which Vignette could connect or via which you could connect Vignette and this would e.g. make Vignette searchable trough the SAP Portal.
    You see the tendency, right?
    If Vignette wants to search (and before this they will have to index and crawl) KM repositories, the connectivity question lies on Vignette's side.
    Regards,
    Karsten

  • Organization announcements Using CRM and SAP portal

    Dear Gurus,
    I am trying to build functionality for an organization to do their announcements using CRM 7.0, Once the announcement is published it should be visible on the SAP Portal. I am planning to do like this:
    1) Create a campaign using mail form (Announcement content) and target group
    2) Select the communication method as e-mail and I have done settings in SPRO to create the activity for an outgoing mail
    3) Release the campaign and execute the campaign
    4) Upon execution the CRM system will create the activity for an outgoing email (announcement)
    4) Create an iView in portal
    5) Pull the activities created on CRM and display on the portal iView
    My questions are:
    1) Is there any standard iView to do this
    2) Is there any other standard functionality available to do this announcement using CRM and Portal
    3) What are the lining table between Campaign activity and mail forms (e-mail content for announcement) - When I go activity search on CRM WEB UI I can see these activities and also I can see these activities on CRMD_orderadm_h, but unable to get the link tables between this activity and outgoing mail forms.
    Thank you in advance and appreciate your help.
    Regards,
    Reddy

    Dear Gurus,
    I am trying to build functionality for an organization to do their announcements using CRM 7.0, Once the announcement is published it should be visible on the SAP Portal. I am planning to do like this:
    1) Create a campaign using mail form (Announcement content) and target group
    2) Select the communication method as e-mail and I have done settings in SPRO to create the activity for an outgoing mail
    3) Release the campaign and execute the campaign
    4) Upon execution the CRM system will create the activity for an outgoing email (announcement)
    4) Create an iView in portal
    5) Pull the activities created on CRM and display on the portal iView
    My questions are:
    1) Is there any standard iView to do this
    2) Is there any other standard functionality available to do this announcement using CRM and Portal
    3) What are the lining table between Campaign activity and mail forms (e-mail content for announcement) - When I go activity search on CRM WEB UI I can see these activities and also I can see these activities on CRMD_orderadm_h, but unable to get the link tables between this activity and outgoing mail forms.
    Thank you in advance and appreciate your help.
    Regards,
    Reddy

  • Link between SAP R/3 KPRO and SAP Portal

    I'm looking for a link between the archive <b>KPRO</b> of SAP R/3 and the content of <b>SAP portal</b>. In particular I'm interested in a link for the documents loaded in the KPRO archive in SAP R/3 and the SAP portal.
    Theank you for the interest.

    Hello Luca,
    here are some informations about KM Connector for DMS:
    Software:
    Service.sap.com/patches
    -> Entry by application group
    -> BP for DMS Connector KM 1.0
    Or Software and Documentation:
    https://www.sdn.sap.com/irj/sdn/developerareas/contentportfolio
    &#61672;     Browse Content Portfolio
    &#61672;     Choose: Every User – Content & Document Mgmt
    &#61672;     Choose: BP for DMS Connector for KM
    &#61672;     Choose button: Documentation (on the upper right corner)
    Regards
    Thomas

  • Error while accessing System created by  SAP Portal system template

    Hello all,
    I have created one system from SAP Portal system template in .net PDK application. This system have number of properties created in the .cs file of the System using the following code.
    [PortalComponentFieldProperty(PlainDescription = HOSTNAME, PropertyType = PropertyValueType.String, LongDescription = "Host Name", AdminPersonalization = PersonalizationType.Dialog, Category = "Application Settings")]
    [DefaultValue(EMPTYSTRING)]
    public string HostName
    get
    return (string)this.GetValue(HOSTNAME);
    When i created a system in EP from par file, It don't get any error but when i export this   system and again import it gives me the "Null reference exception error" at the line
    return (string)this.GetValue(HOSTNAME);
    Can anybody know the resion of this? Should i set permissions to the system or should i assign roles to the system?
    Please reply soon.
    Thanks in advance,
    Prashant

    Hi everyone
    I have got the solution
    Thanks
    Mumtaz

  • How can I access BOE Universes from SAP Portal?

    I'm trying to access an Universe on BOE server from SAP Portal.  Does anyone know if this is possible or not?  Additions, is it possible to get access to the list of universes from the portal?

    Hi Ingo,
    I think we are talking about the same KM.  Yes, I could see all folders from the BOE server inside portal KM repository.  However, I could not see any of the universes.  If I put a Webi document in one of the visible folders, then I can see the webi document.
    If it is possible, I'd prefer not to go the other route to use SDK.
    Thanks,
    Garry

  • Unable to access user DDIC and SAP*

    +Hi GURUS,+
    +I installed solutionmanager 4.0 and i loggen in the system(000) with DDIC user and check the TCODE SICK.+
    ++When i restarted the server it was not allow me to login awith user  DDIC and SAP in 000 client.++*
    +It's giving error message:+
    +Password log on nolonger possible too many times failed attempts.+
    ++Could you please help me out is there any way to set DDIC and SAP from windows level(i mean sap inst directry..usr/sap/<sid>/sys/profile)*
    Regards
    JAn

    Hi,
    Unlock it at Database level
    UPDATE usr02 SET uflag = 0 WHERE bname = "SAP*" AND mandt = <client number>
    Or
    Run the sql query at sql prompt and then login to sap with sap* and password "pass".
    SQL> delete from usr02 where mandt=<your login client> and banme='SAP*';
    Rakesh

  • Secure Communication between SAP R/3 and SAP portal(WAS Java)

    Hi All,
       We have a requirement where client says ,there needs to be a  SSL tunnel established between SAP R/3 and Portal(through ITS) to access R/3 through portal
    Do we have to use SSL for that or SNC?I heard SNC is a mechanism which have to be used here since it uses DIAG protocol to connect but not Http.Is it true?Kindly give some more ideas on this.
    Other thing is to do this they need to open a port between for using Firewall.Can you guide which SAP port has to be open for this connection?
    Thanks In Advance
    Regards
    Rani A

    Hi Rani,
    what the ITS Admin is, is explained in the docs to the <a href="http://help.sap.com/saphelp_nw04/helpdata/en/44/28611e0bd26493e10000000a1553f7/frameset.htm">ITS Admin Tool</a>. This also includes how to access it.
    Usually specifiying the ABAP backend is done by maintaining the <a href="http://help.sap.com/saphelp_nw04/helpdata/en/44/2b67fe369b060ae10000000a155369/frameset.htm">Global Service File Parameters</a>.
    The <a href="http://help.sap.com/saphelp_nw04/helpdata/en/44/2aa8081a3a060ae10000000a155369/frameset.htm">SNC configuration</a> is part of the <a href="http://help.sap.com/saphelp_nw04/helpdata/en/44/2a95a61a3a060ae10000000a155369/frameset.htm">Security Configuration</a> and also done in the ADM instance of the ITS.
    Regards,
    Patrick

  • Adobe Form called from SAP Portal, not executing interface global init code

    Hello!
    I have an adobe form called from both R/3 and SAP Portal and I need to show long text dinamically calculated.
    The deal is at the SAP Portal execution, as scenario characteristics don't allow string definitions, I'm using 255 characters tables (QISR_TAB_TYPE), that I'm trying to convert inside form interface (Global init code).
    The problem is that the interface global init code is being executed when the form is called from R/3, but it is not at SAP Portal.
    Does anybody know how to manage this? It's kind of a problem that the BAdi method int_service_request_init doesn't allow types over 255 characters... and if it is not possible to access the form interface code section (maybe there's any way)... i need to find some code section where i can convert tables before the form context is filled!!
    Thanks a lot!!
    Regards,
    Diana.

    Hi,
    have you searched on SCN? There are some threads with same problem such as [this one|/message/9270216#9270216 [original link is broken];. There is more threads. They may help you to solve your issue.
    Cheers

  • Vendor user in SAP PORTAL

    Hi experts
    I am configuring EBP-SUS and my vendors will use for bid responses, but ineed the vendors access SUS via SAP PORTAL, so when vendor receive an e-mail with user and pass to create a adiministrator after create a user bidder that must have access in SAP PORTAL to receive bids, the problem is in Supplier Relationship Management - Supplier Self-Services - Master Data -Maintain Systems for Synchronization of User Data I can use only logical system and the creation is done using RFC call, and SAP PORTAL IS a java aplication.
    Some help will be welcome.
    Nilson

    Hi Nilson,
    Can you please explain the issue with more clarity.
    Thanks,
    -Devi Swain

  • Please send me com.sap.portal.navigation.masthead.par.bak

    Hi all, My work is to import the masthead.par file to eclipse and modify it and then to re-deploy it into portal. But i don't have access to <b>com.sap.portal.navigation.masthead.par.bak</b> file. So, can any one send it to me please.......
    My email id is [email protected]
    Thanks in advance.....
                              bye
                                  VIJAY

    Hi Vijay,
    first, welcome on SDN!
    About your question: It is quite critical to use some PAR of somebody else. You didn't give your version (SP / Patch Level), and deploying a masthead of a different version may end up in serious trouble, especially if you didn't backup your original version (which you have not, for you say you have no access...).
    If
    > My work is to import the masthead.par file to eclipse
    then you should be provided with the PAR of have access to it. It is to be found on the server under .../WEB-INF/deployment/temp.
    If you don't have physical access to the server, you may also get it through the portal: System Administration - Support -  Support Desk - Portal Runtime - Browse Deployment - [browse to the path given above, download the PAR]. Please have in mind that you're downloading a ZIP, from which you first will have to extract the PAR.
    Hope it helps
    Detlev
    PS: Please consider rewarding points for helpful answers on SDN. Thanks in advance!

  • Iviews not working in SAP Portal in DHTML viewer

    Hi
    We are using BOXI 3.0 with SAP Integration Kit with SAP R/3 and SAP Portal.We are implementing Single Sign On from SAP Portal to BOXI 3.0 and have created few iviews in SAP Portal pointing to the reports in BOXI 3.0.
    The Single Sign On works fine when the viewer in the Iview is selected as Java or Activex Viewer but goes in the logon loop when the viewer is selected as html_frame(i.e dhtml viewer).Have followed the installation and user guides very closely as well.Any help will be greatly appreciated.
    Thanks and Regards
    Kamal

    Hi Ji
    Thanks for your reply.Yes we are using the master iview templates provided in the XI R3 media.
    There are few things noticed in this case which I would like to point out:
    1)Our environment is a distributed environment where Server 1 is the BO Server and Server 2 is the Web Server.
    2)When we are trying to the run the sample iviews(Alert and Thumbnail) we are getting the error as below:
    "Error: Server not found or server maybe down (FWM 01003) null"
    Point to note here is that this error is reproduced when the CMS System is selected/entered wrongly but how come the message is showing Server02 which is the webserver instead of Server01.
    3)When we trying to run Iview template it is redirected to login loop where the SAP Authentication is not seen.
    Regards
    Kamal

  • Difference Between IBM Websphere portal SAP  Portal

    Hi Everyone,
       Could anybody tell me whats the difference between IBM Websphere Portal and SAP Portal?
       And how IBM Websphere portal can be implemented in Netweaver Portal?
    Regards
      Sireesha.

    Hi Michal,
       I Know that its both are different products.
       Actually my question is What  can be done in the SAP portal and in the Websphere portal?
       How the organization would be benifited by implementing which portal ?
      i.e, do's and don's in the both the portals.
    Regards
    Sireesha.

  • Can I access Webi queries and Xcelsius dashboards from SAP portal?

    Hello,
    Can I access Webi queries and Xcelsius dashboards from SAP portal?  And how?
    Thanks

    Portal Part 1
    /people/ingo.hilgefort/blog/2010/03/29/sap-businessobjects-enterprise-sap-enterprise-portal--part-1-of-4
    Portal Part 2
    /people/ingo.hilgefort/blog/2010/03/30/sap-businessobjects-enterprise-sap-enterprise-portal-part-2-of-4
    Portal Part 3
    /people/ingo.hilgefort/blog/2010/04/08/sap-businessobjects-enterprise-sap-enterprise-portal--part-3-of-4
    Portal Part 4
    /people/ingo.hilgefort/blog/2010/04/21/sap-businessobjects-enterprise-and-sap-enterprise-portal--part-4-of-4
    Ingo

Maybe you are looking for

  • Little visibility issue in my game

    Alright, so I got bored at work and started writing this game, and I grasp the concept of polymorphism, and inheritance, but the implimentation eludes me a bit. Anyway the run down is, I have a super class called Mob, from that two classes are extend

  • Mysql 5 Functions HELP

    Heres a recap of the problem. Im migrating from coldfusion using oracle db with packages to coldfusion using mysql5 and hoping to use mysql 5 functions in place of the oracle packages. Now the problem is when I try to use a function inside of a sql s

  • HR ABAP Learning.

    Hi Friends,       Iam working as an ABAP Consultant.       I want to enhance it to HR ABAP. <removed - requesting copyrighted material is prohibited > regards, phaneendra p Edited by: Arun Varadarajan on Apr 7, 2009 3:35 PM

  • Photos disappeared from Library and Rebuilding with iPhoto Libr. Mgr worse

    1. For several days, when I attempted to transfer photos from Iphoto to Ofoto, the programs would freeze and I couldn't do the transfer. 2. When that problem disappeared, I created a few small albums, uploaded them on Ofoto, and sent them out via the

  • Posting Idocs with different users

    Hi folks, I have a simple scenario, File -> PI (7.0) -> ECC (Idoc) I would like to know if there is a way to post the Idocs with different users, for example, in the source file a field contains the user that has to post the Idoc, so I'd like to map