IDM & Non SAP app integration

Similar Messages

• Web Server Filter Based SSO to Non-SAP Apps

  Hi,
  I am following SAP Note 442401 for configuring the Non-SAP App for Web Server Filter based SSO using SAP Logon Ticket. Also, I have downloaded the 5_0_2_8.zip file.
  The Readme doc of this zip file says:
  "<b>Changes in Web server filter plugins
  The Web server filter plug ins and the Ticket Toolkit now were separated.
  See subdirectories for further information:
  "C"          the Ticket Toolkit
  "filter"     the Web server filter plug ins
  This is the last released version (5.0.2.8) on SAPSERV.
  Pleaser refer for newer versions to SAP Service Marketplace (http://service.sap.com/patches)
  Technology Components-> SAP SSOEXT -> SAP SSOEXT</b>"
  Zip file has two folders named "C" and "filter".
  "C" folder has cpp code to varify the ticket.
  "Filter" folder has DLLs for the different web servers.
  So far so good . Now, what I want to know is that is placing the  DLL from the Filter folder onto the respective web server and doing some configs, as per the PDF provided with ZIP file, enough?
  Or do I need to do anything else, like writing any class to read and validate the Ticket?
  Thanks,
  Vivek

  See Web Server Filter Based SSO to Non-SAP Apps

• Avaya(Non-java app) integration with ADF

  Hi,
  We have a desktop application Avaya (non-Java) & want to integrate it with ADF. Currently we do it by passing parameters in HTTP URL. If the user clicks on a button in non-java app, it should:
  (1) open search page of an ADF application and execute search.
  (2) if the ADF application is already open, the button on Avaya app should execute search with partial page refresh. However, the whole page is being refreshed.
  Can you please guide, how to do this with partial page refresh? , as the No 1 is almost achieved.
  Thanks,
  NC

  Hi Shay,
  Below Options were tried for integration. Please have a look at them and suggest if there is any other possible way to Integrate Avaya with ADF.
  1) Calling ADF application with URL parameters.
  Reasons to drop:
  Every time a URL is called the entire page will get rendered again taking some 2-3 seconds which is very critical to the application.
  ADF is capable of handling URL parameters without re-loading the whole page(http://oracamp.com/passing-parameters-adf-application-through-url). But we can't use this inbuilt way as we have many customized developments implemented in the page. This way directly works at AMImpl (at Model level) level. We want the events to be fired at View level. That is backing bean level.
  2) Avaya is capable of dealing with ActiveX (OCX). They sent me 2 DLLs which handles communication between web page and Avaya application. A simulator was also sent (bundle attached herewith). The steps to be carried out for testing are-
  Installation procedures:
  i. Register the DTLCRMINT.ocx file. Start->Run-> Type the command
  ii. regsvr32 <ocx file location>
  iii. Register the DTLINTCMP.ocx file. Start->Run-> Type the command
  iv. regsvr32 <ocx file location>
  v. Double click on the Clinet.exe it would open up a windows application with a Textbox and Command button. Put In the data which needs to be sent.
  vi. Open the CRM Page.html. On opening the OCX would be loaded by default.
  vii. Now clicking the Send Data button on the client application, whatever information is there in the Client Text Box would be sent to the web page.
  viii. From CRM side, the application needs to use the OCX provided, and must wait for the event. On receiving the event the data that is retrieved as a part of the event can be parsed to update the text box and click on the search button.
  Reasons to drop:
  It works fine with basic HTML page. But once integrated with ADF page as an inline frame it doesn't work. We tried to embed the OCX object inside <verbatim> tags, but was not successful. The event fired by ActiveX object is triggered at client side by VBScript function. Avaya's ActiveXs seem to be only working with VBScript according to my understanding. So there was no way for ADF to capture VBScript events.
  ADF is capable of javascript up to some extent. To do a critical application like this, my feeling is javascript is never a good option.
  3) To use a text file. Avaya writes, ADF application reads.
  Reasons to drop:
  ADF can read the text files with normal java IO methods. But only the server directories are visible. So, Avaya has to write the information in the server file. With using a parameter like user name, ADF application can read the file in regular time intervals (with using poll feature) and get relevant information and automatically run the search.
  Initially the idea was to do this at client side. But since this is a web application, file reading at client side is next to impossible. Again when one side is reading and the other side is writing, file access violations may occur.
  4) Another option is if Avaya can offer the value in a web service, the ADF application can get it.
  Reasons to drop:
  There may occur a latency as well as Avaya says they can't offer web services.
  5) The ideal solution is, the ADF application's front end control's IDs can be provided. If the Avaya system is capable of accessing or getting hold of DOM and pushing the value to the controls and clicking the button; things would become pretty straight forward. JMeter works like this in testing J2EE applications.
  Any Recommendations how can it be done .
  Thanks.

• SAP IDM and SAP Ariba Integration

  is there any connector available for the integration from sap ariba? or has anyone any experience with the sap ariba integration?!
  we want create,change and archive the ariba user with sap idm 7.2.

  hi fedya,
  the case is very simple - we must create / change and deactivte Enterprise users on the ariba Portal!
  I attached the ariba screenshot:
  bg thomas

• Compliance Calibrator 5.2 RTA for Non-SAP Apps

  Hi all,
  Can SoD rules be written for analyzing a Users access to SAP and NON-SAP applications across the enterprise?
  If yes will CC RTA need to be installed on the NON-SAP application?
  If yes are there any requirements that need to be met by NON-SAP application and is there a list of NON-SAP applications (other than-Peoplesoft, Oracle, Hyperion, JD Edwards) that CC has an RTA for?
  Is there any documentation specific to aplications that can support CC RTAs and installation on these?
  -Cheers

  Hi,
  Yes SoD rules can be written for analyzing user accesses to SAP and non-SAP applications.
  Basically there is no other application for which an RTA exists, but there is a documentation discussing the technical requirements for file generation from the non-SAP systems for integration of non-SAP Systems with SAP Compliance Calibrator.
  This documentation is available in <a href="http://service.sap.com/rkt-grc">http://service.sap.com/rkt-grc</a>
  under SAP GRC Access Control 5.2 -> SAP GRC Compliance Calibrator 5.2 -> Step2: Prepare for your project -> Cross Application Material
  You'll need your OSS user-id to access that page; in case you cannot access it, please post a message in the OSS.
  Rgds,
  Karim

• Access Enforcer & non-SAP apps

  We were told that you can use AE 5.2 for non-SAP applications.  There are ways to set up roles for any type of system and accross systems.  I do not see any of this information in the user guides that are provided and I have not been able to figure it out by playing around with the tools. 
  I saw some posts with regard to Role Expert so I will begin looking into this tool to see if it helps.
  Is it possible to set this up to perform approvals/reol evaluations for some legacy applications?
  Does anyone know of some web training or anything available for this?
  Any links/pointers is appreciated.
  Also, does the LDAP configuration actually work in AE?  We wer able to set up NetWeaver to map to an ldap instance and then log into AE if we kept the authentication pointing ad SAP UME but when we set up LDAP using the same settings, set up the LDAP mappings and user defaults I cannot authenticate.
  Regards,
  -J

  Hi John,
      in response to the original question - you can use AE with non-SAP applications - basically anything that a Connector can be built to. This is specifically only for data retrieval (eg from LDAPs / Oracle/ Role Expert) - not for user account creation/ maintenance in the target systems (eg JDE / Bespoke systems etc). This doesn't stop you from defining workflows for non-SAP systems - just that you'll need a manual step at the end to execute the change.
  Re the LDAP - connectors work fine for data retrieval (eg User details / User <> Mgr relationship) - which is totally separate from User Authentication for AE. If you are using CC & RE as well then you'll have to make a decision about whether to go with UME as primary point or LDAP (the UME User Persistence store is prob the easiest option long term - as UME roles would still need to be assigned for any user intending to use GRC..)
  cheers
  Paul

• Connect non-sap app to XI

  Hello,
  I have an app able to create Idoc and Idoc-XML, both currently being sent to SAP R/3 up to version 4.6c via RFC (IDOC_INBOUND_ASYNCHRONOUS). Can I keep this way when connecting to XI and if not, what's the alternative? Thanks fo your help

  Hello,
  thanks for your answer. However, I'm confused a little. I thought it's necessary to connect via the RFC-Adapter of XI instead of the IDoc-Adapter.
  Thanks
  Thomas

• SSO from non-SAP to SAP apps

  Hi All,
  Currently We have SAP applications, non-SAP applications(java, .NET, PHP etc) in our landscape.
  If the client tries to access any non-SAP application it should ask for authentication and thereby for any subsequent access to any URL's(SAP or NON-SAP apps) it should not ask for any authentication.
  FYI:
  The client logins into SAP Portal(SAP to NON-SAP) first and thereby able to achieve SSO for non-SAP applications as well.
  Currently we are stuck for the scanerio of  Non-SAP to SAP apps ?
  Please suggest.......
  Thanks,
  Mano.

  Hi samuli,
  Using SPNEGO, we can incorporate windows authentication for SAP Portal ( after desktop authentication user can logon without userid/password). But for non-sap apps this would be challenge.
  I have another option, using webdispatcher if we enable server redirect for all applications(SAP & NON-SAP) and get authenticated centrally by which SSO can be achieved across all the apps.
  Would above solution work ?
  Thanks,
  Mano.

• Integrate 'External non-SAP Purchasing Application' with SAP SD for third party purchasing/ drop shipping?

  What is the best way to integrate 'External non-SAP Purchasing Application' with SAP SD for third party purchasing/ drop shipping?
  Details about expected process Flow.
  Receive PO from customer into SAP > SAP SD creates Sales Order > ?? SAP Integrate with External non-SAP Purchasing Application to trigger purchasing > External non-SAP Purchasing Application creates PO, Ships Material to Customer Ship to address (drop ship), Sends Shipping confirmation (FCR) & Invoices to SAP> ??Receive FCR and Invoice in SAP > ?? Initiate SAP Accounts Payable (Vendor Payments) and Accounts Receivable (Customer Invoice) > ?? Update SAP SD Sales Order with shipping status>
  Questions we need to answer;
    - How to achieve '??' steps from above process.
    - What type of Master Data we will need to configure (Say Materials Item Category, Type etc.)
    - Any standards options to configure SAP SD (Type of Sales Order)
    - We certainly don’t want to trigger SAP MM Purchasing (i.e. PR, PO etc.). How can we bypass it.
    - How to make statistical receipts against sales order line items so that SO status will be updated.
    - How to receive Invoice and FCR from External non-SAP app to trigger AP and AR transactions.
    - Are there any SAP standard configurations/ BAPIs/ BADIs available to achieve this integration.
  Any inputs on above questions are appreciable.
  Anand.

  This question is resolved. We ended up activating purchasing module and used purchasing documents PR/ PO to integrate with third party purchasing system.
  Anand.

• Provision UserID/Password from SAP Ssyetm to Non-SAP System

  Hi,
  I have a requirement to be able to provision UserID & Password from a SAP ECC6 system to a non-SAP thick client application.  All interactions between ECC6 & the non-SAP Application will be via SAP PI.  (SAP EEC6 <-> SAP PI <-> Non-SAP App) 
  Our landscape includes:
  SAP ECC6
  SAP BI
  SAP PI
  SAP SOLMAN
  SAP Portal
  non-SAP App
  SAP IdM has been ruled out due to budget constraints, Active Directory is not suitable due to the requirement that the non-SAP application must be able to authenticate users if the WAN/LAN is down.
  Yes, we could simply maintain the users in both systems, but for the time being that has been deemed not appropriate.
  I have thought about using CUA on SOLMAN to provision to the SAP Systems & then use SAP PI somehow to provision to the non-SAP App, but I have no idea how to pass the raw user password through SAP PI.
  If anyone has any ideas or can point me to links where I can do further research would be much appreciated.
  Thanks in advance,
  Stephen Hall

  The search term "password AND synchronize" will help you further to find "flamewars" from the past.
  You cannot send "raw" passwords from CUA, as the password is represented by a "one way" hash which is not decryptable by mortals, but rather the "raw" password is encrypted and the hashes are compared locally. Non-SAP systems cannot do this... (bar trial-and-error).
  A better option would be to use a SSO mechanism. This is very easy within SAP.
  For bi-directional authentication with non-SAP you will face some challanges...
  The easiest option is to re-use a PKI certificate based authentication or re-use the native Kerberos authentication available for Windows bases PCs.
  In the SAP --> non-SAP direction you can consider using a verification library to extract the user name - but that is not "state of the art" and if such a UID should be encrypted then have fun...
  In the non-SAP --> SAP direction you are best off forgeting about the infrastructure trust or worste-case-scenario is a password sync. Rather re-authenticate the caller using a realm which already exist.
  Active Directory is not suitable due to the requirement that the non-SAP application must be able to authenticate users if the WAN/LAN is down.
  I would consider an application specific password self-service as a failover only and go for the AD or an "identity provider" which your applications trust as a service.
  If your AD or entire network goes down you will probably be in bigger trouble than passwords... so you should not expose "raw" passwords during normal operations for this eventuality...
  Cheers,
  Julius

• Mix of SAP Gateway and non SAP Gateway for Integration with SAP

  Hello,
  I am looking for a document on where SAP NW Gateway fits in as part of an integration overall strategy.  So, for example, my understanding it is primarily for Mobile app integration.  I hear some customers talking about using Gateway for what we normally think of as EAI core integration.   So, it does not seem right to me in many typical SAP integration requirements would be handled via Gateway.  Other traditional SAP integrations via PI or another ESB leveraging enterprise services, SAP API like BAPIs and IDOCS would be more appropriate in many non-mobile type situations.
  Does anyone have general guidance on the above integration advice, thx

  A good discussion..If I can add few things
  1) PI REST Adapter is planned, should be available sometime in near future..
  I do not think every integration scenario should be handled in Gateway (rather oData style) just because it can or it might work thinking. Doing it odata style means you need to re-write all functionalities as Web Based Services (eSOA anyone??)
  2) Gateway (oData Services) - should be used in User to System scenario ( mobile, browser light weight type) , where you would want to transfer minimal data to the user and back
  3) PI - System to System as you mentioned. e.g. Master Data/Customer Synchronization between ecc & crm etc. Doing them in oData style seems like overkill to me when you can use the IDOCs/ALEs and you do not need the data to be transferred over HTTP.
  Both Gateway and PI are targeted for different scenarios and have their own place, and as such the right product should be evaluated carefully for each scenario.
  Just my two cents.
  Sandip

• About integration between SAP and non-SAP applications via javaidoc classes

  Hi,All
  Now we are implementing a SAP-Retail project,we encounter a problem of integration between SAP and non-SAP applications(POS),we want to set Inbound/Outbound between SAP and POS applications realtimely,POS can connect to the SAP system via VPN,weather it can be implemented?
  I conceive to implement it with SAP Java Connector IDoc Class,I don't know weather it is the best solution?If not,please give some other proposal.
  I have download the classes from SAP website and try it with the samples provided by SAP(JCoIDocSample1.java/JCoIDocSample3.java),In my testing,Inbound is succeed,but,in SAP-Retail IS,standard Outbound message type is defined via file port,some one told me that SAP Java Connector IDoc Class can only receive idocs from tRFC port?is it true?If not,please tell me how to deploy in SAP so java program can receive idocs from file port?

  We too are interested in finding information on integration between SAP and Intergraph.  Were you able to obtain information and I was wondering if could share this with us.
  Thanks,
  Sue
  City of Edmonton

• Integration of SAP XI and none SAP tools

  Hi!
  I would like to start working with SAP XI.
  Where can I find the Step by Step case studies describing different SAP XI scenarios (IDOC/ALE, RFC, File, etc.).
  What is the most famous example of integration of SAP XI and none SAP tools?
  Are there tool free of charge and can be downloaded?
  Thank you very much!
  regards
  Axel Schulze

  Axel Schulze wrote:
  > Where can I find the Step by Step case studies describing different SAP XI scenarios (IDOC/ALE, RFC, File, etc.).
  /people/sravya.talanki2/blog/2006/12/25/aspirant-to-learn-sap-xiyou-won-the-jackpot-if-you-read-this-part-i
  /people/sravya.talanki2/blog/2006/12/26/aspirant-to-learn-sap-xiyou-won-the-jackpot-if-you-read-this-part-ii
  /people/sravya.talanki2/blog/2006/12/27/aspirant-to-learn-sap-xiyou-won-the-jackpot-if-you-read-this-part-iii
  thats sud be a good start !!!

• Ale master data scenario integration with non sap syetem i.e seebeyound

  hi
  we have a business process scenario integrating with non sap system (i.e seebeyound)
  action code      itemnumber    plant code
  a(add)          material1     plant 2
  d(delete)       material 3    plant 6
  etc
  we have upto one million materials assigned to 300 plants
  we have to send all the above data to non-sap system (see beyound)
  should we go for a custom idoc and setup the rfc configuration for the two sytems.
  or can you please help how to go for this scaneriao

  this is not one time.it is on daily basis.
  please look at this scenario.what i need is how should i go for ale/idoc scenario for this one
  Business case for Heiler Part/Plant Interface:
  A key function of the Heiler PBC tool is to provide users a choice
  between a "Global Catalog View" (e.g. all parts in the catalog) or a
  "Local Catalog View" (e.g. the subset of parts in the catalog that have
  a Material Master established for the user's plant in SAP).  The "Local
  Catalog View" is the default condition and encourages users to procure
  parts that are on contract for their plant and potentially already
  stocked as an inventory item at their plant.  Parts that are not in a
  user's "Local Catalog View" can only be procured as a spot buy purchase
  order, requiring processing by a buyer.
  The new Part/Plant interface is required in order for the Heiler PBC
  tool to provide this "Local Catalog View" function.  The Heiler
  Part/Plant table will document what plants in SAP have a Material Master
  record established for each part.  SAP will maintain the Heiler
  Part/Plant table using this interface.  When a user performs a part
  search in the Heiler PBC tool, the Part/Plant table determines if a part
  is included in the user's "Local Catalog View".

• SSO for  non sap applications in EP on which siteminder sso is integrated

  Hi ,
  we have implemented Siteminder SSO on   SAP PORTAL 6 SP16  for authentication.I would like integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder sso external authentication is implemented.
  can anybody help for getting  step by step document.
  Thanks
  Tag

  Hi ,
  we have implemented Siteminder SSO on SAP PORTAL 6 SP16 for authentication.I would like to integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder sso external authentication is implemented.
  can anybody help for getting step by step document.
  diff rewards to be given...
  Thanks
  Tag