Portal Security (Internet-Intranet)

Similar Messages

• Data Entry Profile for Time Sheet Entry on Internet / Intranet

  hello gurus,
  i am trying to configure Time sheet entry on portal via internet / intranet. I did come across articles on it but am confused as to how to create Date Entry Profile as it seems to be the first step in configuring the time sheet.
  Also mt OT calculation shud be based on the hrs input in the time sheet. How can this be achieved
  Any inputs on this pls??
  rgds,

  At a very high level you will need to:
  1. Create the Data Entry Profiles.  These are the templates that employees see when they go into their timesheet, and there are lots of options depending on what other modules and/or further processing is required for the time entries.
  SAP Customizing Implementation Guide > Cross-Application Components > Time Sheet > Specific Settings for CATS regular > CATS regular > Record Working Time > Set Up Data Entry Profiles
  2. Define the field selection. i.e. the columns that will be visible in the timesheet, and which ones are required/read only
  SAP Customizing Implementation Guide > Cross-Application Components > Time Sheet > Specific Settings for CATS regular > CATS regular > Record Working Time > Define Field Selection
  3. If you are using manager approvals, you will then need to set up the approval views.  The default ones may be sufficient for your requirements or they may need tweaking slightly
  SAP Customizing Implementation Guide > Cross-Application Components > Time Sheet > Specific Settings for CATS regular > CATS regular > Approve Working Time
  4. In order to valuate the entries you will then need to set up a Time Evaluation schema; this will analyse the time entries and convert them into wage and/or time types which can then be processed by Payroll for payment.  There are standard schema which can be used as a basis, but you will need to tailor them to meet your requirements.
  SAP Customizing Implementation Guide > Time Management > Time Evaluation
  For all of these sections it is worth reading the SAP help material either in the IMG itself or in the online SAP library
  e.g. http://help.sap.com/saphelp_erp60/helpdata/en/64/400b2b470211d189720000e8322d00/frameset.htm for CATS,
  http://help.sap.com/saphelp_erp60/helpdata/en/8a/9868bc46c411d189470000e829fbbd/frameset.htm for Time Evaluation

• Portal on Internet IP and R/3 on Local IP

  Hi,
  I have the Portal that is located at an intranet IP Address and Also has an internet IP, but the R/3 just has an intranet IP. So when I try to connect from the Internet to the Portal is ok, but When I tried to execute an Iview it doesn't work. I think is because the iview is trying to connect to an internal IP (where is located the server of the R/3).
  Any Ideas?
  Thanks!
  Matias.

  Hi,
  I can think of 2 possible reasons
  1. Firewall between portal in internet and R/3 in intranet. In this case you need to open up firewall ports for the iView to work.
  2.. The domain of Portal and the domain of R/3 system may be different. SSO will not work. Try user mapping
  Hope this helps.
  Thanks and Regards,
  Prasanna Krishnamurthy

• WDA + External Portal + Security

  Hello friends!
  @Moderator, sorry if I post it in a wrong forum, but I think the wda experts should have already faced this issue.
  I've been reading all forums regarding to this subject. As you are going to see, I'm not used to work with WDA Portal integrations and I'm studying hard for it.
  Could you please just guide me what I have be aware to connect WDA from a ERP server to another server, which has installed the Portal? (portal is accessed externally/internet)
  I'm afraid about security, as the employees will access the portal by internet (it's already working fine, today they can access the portal externally and can use some Webdynpros Java) But for now, we are going to rewrite these WDJ to WDA.
  1) The portal server connecting WDA's from a ERP server, isn't it a best practice?
  2) As it is already working (external access to the portal), for now I have just to create the iViews to the WDA's from ERP server?
  3) What would be the security risk when people access the external link to the Portal and the Portal redirected it to the ERP?
  I would greatly appreciate your help in only guide me.
  Thanks in advanced!

  Hello Alexandre,
  Please find the answers to your queries.
  Alexandre Mendes wrote:
  > 1) The portal server connecting WDA's from a ERP server, isn't it a best practice?
  Not at all, The composition Environment CE is intended for this purpose only.
  Alexandre Mendes wrote:
  > 2) As it is already working (external access to the portal), for now I have just to create the iViews to the WDA's from ERP server?
  First you need to create a system connection in portal to the ERP server.  Later you need to create the iViews
  Alexandre Mendes wrote:
  > 3) What would be the security risk when people access the external link to the Portal and the Portal redirected it to the ERP?
  As per my knowledge there is no security risk involved because while accessing the WDA application from ERP the request will be authenticated again.
  BR, Saravanan

• Webdynpro iview form portal on internet

  Hi ,
  I 've a strange problem .
  I'm using NWDS04 SP13, EP6.0 SP13.
  Problem
  1) I 'm pulling web dynpro iviews to the portal.
  2)They are working fine on LAN,WAN.
  3)when i 'm accessing them from internet IP(real ip)
  first screen is coming with all the data.
  when i click on the button or drop down
  problem
  ===============
  Application expired .need to refresh .
  Although i 've set the expiration time 1hr.
  problem is coming only through internet .
  i 've to made some changes or ??
  plz help very very Urgent
  Regards
  Vikas

  Hi,
  I can think of 2 possible reasons
  1. Firewall between portal in internet and R/3 in intranet. In this case you need to open up firewall ports for the iView to work.
  2.. The domain of Portal and the domain of R/3 system may be different. SSO will not work. Try user mapping
  Hope this helps.
  Thanks and Regards,
  Prasanna Krishnamurthy

• Exposing Portal over Internet

  Hi,
  We have implemented SAP modules like SRM, BI and HR in our landscape and Portal is the single point for accessing all the available functionalities. Now, we want to access the portal from Internet WITHOUT MAKING OTHER SYSTEMS accessible because of security reasons. With this, I am not able to access SRM applications because it tries to connect to Web AS of SRM system as configured in System Object of Portal.
  Please let me know the way or method used in accessing Portal over Internet.
  Thanks,
  Iftekhar

  Hi Iftekhar,
  The ideal scenario should be configuring a reverse proxy which can be place in a DMZ zone. The Reverse proxy will be use to write the rewrite rules.
  Also to ensure the security a SSL implementation is highly recommended.This can be through out the landscpe or from the internet cloud to the reverse proxy depends on the requirement.
  You can find a tons of material in SDN for configuring reverse proxy and SSL in the landscape.This could be starting point for configuring reverse proxy.
  [The Reverse Proxy Series -- Part 1: Introduction]
  and for SSL you can follow this [ADS SSL configuration journal I. / ABAP -> JAVA / 640 - 70x]
  Regards
  Indranil

• Portal on internet

  Hi Gurus,
  Can any body tell me
  how to put portal on internet using External facing (EP7.0)
  if any body have documents please help me
  Thanks and Regards,
  Kishore

  Hi Kishore,
  Please go through these important FAQ regarding External Facing Portal. I am sure that will vary helpful for you.
  Q: What is an external-facing portal?
  A: An external-facing portal is an implementation of the SAP NetWeaver Portal as a public Web site.
  An external-facing portal is open to the internet, providing content to anonymous users, internal employees and business partners and enabling users to self-register in order to access additional content and to personalize the portal.
  An external-facing portal uses features of the portal that provide Web-like behavior (for example, use of the browser navigation buttons) and reduce the amount of resources required to view portal pages.
  Although not always appropriate for certain resource-rich applications, the external-facing portal can boost ROI by using the same platform for the company's internet and intranet implementations.
  Q: What version of NetWeaver do I need to implement an external-facing portal?
  A: SAP NetWeaver ’04 SPS 14 or higher, or SAP NetWeaver 2004s SPS 6 or higher.
  Q: Where can I find documentation about implementing an external-facing portal using SAP NetWeaver Portal?
  A: The most current documentation is available on the Help Portal (help.sap.com) at:
  • SAP  Running an IT Scenarios at a Glance NetWeaver 2004s: SAP NetWeaver Library   Implementing an External-Facing Portal.Enterprise Portal
  • SAP NetWeaver  Portal  People Integration  SAP NetWeaver ’04: SAP NetWeaver Library   Implementing an External-Facing Portal.Special Topics
  Q: Where can I find the limitations of implementing an external-facing portal using SAP NetWeaver Portal?
  A: SAP Note 877188 and SAP Note 853509.
  Q: Why shouldn’t I use the external-facing portal for internal implementations?
  A: It is recommended not to use this solution for internal use because some functionality that is commonly used for internal implementations is not supported.
  Specifically, session management and WorkProtect mode are not supported as they require the use of the client framework JavaScript. Therefore, some standard SAP content – such as Web Dynpro, SAP business packages and KM (especially collaboration) – that uses these features are also not supported.
  In addition, to get the full benefit of the performance improvements in an external-facing portal, the content must be “light” and supported by the light framework page. Content in internal implementations generally does not meet these requirements. For more information on recommended content for an external-facing portal, see the Content section.
  Q: Should I use the provided light framework page for my external-facing portal implementations?
  A: Your external-facing portal should use the light framework page, but we recommend that you customize or replace the out-of-the-box navigation iViews within the light framework page. You can easily do this with the Navigation and Framework tag libraries.

• SSO failing when sap transactions are accessed in portal thru internet

  Hi,
  We are accessing portal through internet on reverse proxy(Apache) but the SSO is failing when accessing sap transactions in portal but other screens(ESS) are accessible. Please let me know does this require any config settings in portal or apache side.
  thanks i advance.
  Marcus

  Hi Rajender,
  I tried doing the same in the ECC system but the iview is throwing error"resource not available".
  We have given just an Apache Ip address in the format  <ipaddress>:80 as we doesn't have FQDN for the apache in the place of WebAs and ITS Host name.
  Also the WEBAS path is /sap/bc/bsp/sap and ITS path is /sap/bc/gui/sap/its/webgui. Does this require any modifications.
  Please also let me know for any changes need to be done on the httpd.config file on Apache server.
  portal.xxxxx.xxx.xx  - Our External URL
  hostname:port/irj/portal - Our Intranet URL
  Please let me know the exact format of the entries to be made in ITS and Web As settings with the apache details.
  Web AS Host Name :   Hostname:port
  ITS Host Name :   Hostname:port
  ITS Path  : /sap/bc/gui/sap/its/webgui
  thanks in advance
  Marcus

• Error while accessing portal via internet

  Hi all,
  I am having problems when accessing portal through internet. I have installed NW04 SR1(WAS, EP & KM). Then I created some iviews and pages.
  Now <u>when I open the portal through internet(using its ip address)</u> and try to access PCD, it is showing <b>undefined</b> in place of the loading message and it is not loading anything. Also <b>the detailed navigation is empty</b> in all pages(eg. System Administration, Monitoring, etc.). But <u>when i access it locally(using machine name) everything works fine</u>. Any idea what the problem is?
  Another problem is with the KM Navigation IView. I have created a custom layout set for this iview. In the iview I am displaying the documents in a folder along with a link for approval process. But <b>when i click on the link, it shows javascript error "Access is denied"</b>. <u>This happens when I access it through internet. When I access it locally, it works fine and show me the context menu for approval</u>. Any idea?
  Please reply fast as it is urgent.
  Thanks in advance.
  Ranjith

  hi
  just check this out
  http://help.sap.com/saphelp_ep60sp2/helpdata/en/37/c1513c388d8f0ce10000000a11405a/content.htm
  http://help.sap.com/saphelp_ep60sp2/helpdata/en/e9/83d5f20ea845b587be83de8554191e/plain.htm

• Page not found error when accesing Portal from Internet

  Hi,
  I'm getting the following error message when accessing Portal as administrator from the Internet:
  The page cannot be displayed 
  Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
  Try the following:
  Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
  Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
  Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
  Technical Information (for support personnel)
  Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)
  The error message shows in the rightmost area of the browser.
  In the left area I can see the Portal Content
  This happens when using Internet Explorer 6, windows XP, sp2.
  When using MozillaFirefox, the error won't show up, but I don't have full functionality when trying for example to right-click to create Systems in the SystemLandscape window....
  To access Portal from internet, I simply go to http://company.com:50000/irj
  Server side Portal installations is as follows:
  EP7, SP11, windows 2003 64bits.
  Any help will be appreciated.
  Regards.

  Hi Claudio Roca,
  I have encountered the same problem. Do you found the solution for this issue? I will much appreciated if you willing to share your solution and email to [email protected] Thank you so much.
  Regards,
  Hau Chee

• Oracle Forms and Portal. & Portal Security

  I need the following questions answered for a client who is
  trying to move from IIS to Oracle Portal. any pointers would be
  extremely helpful
  1. How to configure Oracle Forms to run with Portal.
  2. Is it possible to display forms inside a Portlet. If so, will
  the forms hold the same state when the page is refresed.
  3. Is it possible to display WORD/PDF/EXECL documents in their
  native format inside a Portlet.
  4. Any information on how IIS security integration is possible
  with POrtal. i.e ( if there are ASP pages running on IIS
  security, how to integrate it with Portal Security mechanism
  -Thanks
  ganesh

  You can create roles in Oracle with the appropriate privileges to access the application. For example,
  you could create a role that has only read access to all the tables in the database. You could assign this role to the menu. Also, you may want a role for a manager that whould enable him to insert data or to see a few special forms. You could assign this role to the menu associated with the form.
  Using Form Builder, you can manage menu security with Oracle server roles. After defining the roles to use for a menu module, you could then specify the roles that have access to each menu item. When you set the 'Use Security' property of a menu module to 'Yes', the form enforces security. After setting the 'Use Security' property to 'Yes', you can use 'Module Roles' property to construct the entire list of roles with access to that menu module.
  I hope it helps.

• Difference between the Internet & Intranet

  `Difference between the Internet & Intranet

  mnvamsi wrote:
  `Difference between the Internet & Intranet[http://www.letmegooglethatforyou.com/?q=Difference+between+the+Internet+%26+Intranet]
  ~

• How to get current IUser (com.sapportals.portal.security.usermanagement)

  Hi,
  does anybody know how to get IUser for the current user?
  I know how to get current IUser from com.sap.security.api package:
  IWDClientUser wdcu = WDClientUser.getCurrentUser();
  IUser sapUser = wdcu.getSAPUser();
  but I need to have IUser from com.sapportals.portal.security.usermanagement package.
  Regards,
  Ladislav

  Ladislav,
  Try this:
  Get the IUser uisng the API com.sap.security.api.IUser and store it in a variable, say <i>sapUser</i>.
  Then,
  // Convert the logged in user to old EP5 usermanagement API
  com.sapportals.portal.security.usermanagement.IUser user = null;
  try
       com.sapportals.portal.security.usermanagement.IUser user = WPUMFactory.getUserFactory().getEP5User(sapUser);
  catch (UserManagementException e)
       e.printStackTrace();
  Bala

• How to set portal security context for a procedure

  Hi, I have procedure that needs to call some of the PDK APIs (WWSBR_API), but outside the scope of the web browser, i.e, automatically via a DBMS_JOB or queue. There is no HTML outputted, but rather a log entry made to a custom table.
  The schema that this custom pkg belongs has all the necessary grants made to it from provsyns so that it should run.
  How do I programatically set the context of the portal security so as to make the PDK APIs think it has been invoked by a Portal Adminstrator or a user with sufficient privs to perform the actions against the PDK and therefore not bomb out with security exceptions? I have seen this documented quite some time ago, but cannot find the details.
  Regards
  John

  You need to use the wwctx_api.set_context procedure.
  http://portalstudio.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/PDK/plsql/doc/sdk11scp.htm

• Doument Access - using Portal security or Document Database security

  I originally posted this on the Security Form, but realized that it might be solved using the PDK.
  I have a table in my database that contains information about a document (Name, Rev, Author, groups that have access). I want users to login to my portal and in a portlet, I want them to be able to click which docs they have access to see; based on who they are logged on as.
  Would I use the PDK for this? If I use portal security, I think I will be maintaining the security twice (database and portal).

            Hi Wendell,
            There is a patch available for this known problem. Please contact BEA support and
            ask for patch CR075892_70.jar for WLS 7.0.
            Thanks!
            Deb
            Wendell Nichols <[email protected]> wrote:
            >I have the opposite problem. My ejb always is denied access to the adapter
            >resource. I'm a Weblogic novice, (but the adapter works on other servers,
            >I'm testing on WL to ensure it works there).
            >How do I get the minimum security in place to test my adapter?