SAML 1.1 - Possible to configure NetWeaver Server to allow SSO to Non-SAP ?

Similar Messages

• Web Server Filter Based SSO to Non-SAP Apps

  Hi,
  I am following SAP Note 442401 for configuring the Non-SAP App for Web Server Filter based SSO using SAP Logon Ticket. Also, I have downloaded the 5_0_2_8.zip file.
  The Readme doc of this zip file says:
  "<b>Changes in Web server filter plugins
  The Web server filter plug ins and the Ticket Toolkit now were separated.
  See subdirectories for further information:
  "C"          the Ticket Toolkit
  "filter"     the Web server filter plug ins
  This is the last released version (5.0.2.8) on SAPSERV.
  Pleaser refer for newer versions to SAP Service Marketplace (http://service.sap.com/patches)
  Technology Components-> SAP SSOEXT -> SAP SSOEXT</b>"
  Zip file has two folders named "C" and "filter".
  "C" folder has cpp code to varify the ticket.
  "Filter" folder has DLLs for the different web servers.
  So far so good . Now, what I want to know is that is placing the  DLL from the Filter folder onto the respective web server and doing some configs, as per the PDF provided with ZIP file, enough?
  Or do I need to do anything else, like writing any class to read and validate the Ticket?
  Thanks,
  Vivek

  See Web Server Filter Based SSO to Non-SAP Apps

• How do you configure Enterprise Server to allow WiFi retrieval of email when in WiFi Area

  We have an Enterprise Server and WiFi in offices and homes and lots of free WiFi on our travels.  How do you configure the phones/enterprise server to allow this?  I cant see any easy option??

  Llessur999 wrote:
  That is a reasonable approach. Without changing network configuration, I don't see an alternative. A few considerations:
  Based on your experience, will the length of time to detect unreachability (a network timeout?) cause a usability issue?
  Must you support a scenario where a user transitions LAN-to-WAN or WAN-to-LAN while using the app?
  If this is used by a wide audience, will configuring the primary/fallback be straightforward?
  I don't think there's a usability issue.
  Yes. The app is designed for a brick/mortor location that essentially wants to drive the user to the location. The user has to ability to interact with specific hardware components at the location via server/port communications - some of which they can do while they are remote. While they are on location, they need to retain that ability to interact with local equipment even more. Users could be asked to not go on the location wifi of course but that just seems silly and an overall bad user experience.
  The primary/fallback configuration should all be done within code (no user interaction). For example the WAN IP will always be X.X.X.X (be it Public IP or dyndns - makes no difference), while the LAN configuration will always know that the lan server it needs to communicate will always be at a specific LAN IP (192.168.x.x).
  It would be  godsend to have some sort of API call (or class) that can accept a call to CFStreamCreatePairWithSocketToHost to a specific IP and on seeing that it's unreachable automatically try the secondary IP before returning a failure on the stream.

• Configure sso to non sap

  dear all,
  i would like implement sso from ep to other web application ( non SAP )
  the legacy system is using " PHP and Web Server APACHE "
  there any want can help me how to configure the sso and how to create iview for my legacy system ( using URL iView  or application integrator )
  thanks for your help
  echo

  Hi Echo,
  Single Sign On to non-SAP applications normally can't be done by configuration.
  How SSO can be done depends on your application.
  Maybe these few hints may help you:
  You need the same usernames in portal and in your external application
  You may integrate your app using an application integration iView
  If your external application can be run in some kind of 'trusted' mode (this means, no password, just the username is required to log on as long as the request comes from certain IP adresses / your portal server) you can just pass the userid using the app integrator iView mechanism
  SAP provides a library (currently written in C, but there is at least a java wrapper available) to decode the SAP SSO Ticket
  You may extend your external applications logon mechanism to use the mentioned SSO ticket and do the login without password. Application Integrator is able to send the SSO ticket to your external app.
  In less words: you need to do some coding on your external application
  Hope this helps (or come back for more),
  Carsten

• SSO from non sap application server to SAP systems

  Mysapsso2 cookie has been generated after we are login into the portal https://FQDN/irj/portal for all the backend systems in client browser. Since it is working fine. After login into the portal , while clicking the URL iview of external JBoss application sever in portal home page and it is shows the new windows pop up login page. After login into this external JBoss application server, we have configured work item for SAP ITS WEBGUI login page of the backend system inside this JBoss appliaction. Here we need to pass the mysapsso2 cookie information in SAP WEBGUI, so that login page is bypassed using SSO. Kindly do give some suggestion for fixing this issue. Kind Regards, R Rajavelu

  Try to use it Appsintegrator to access the non sap application from SAP Application

• How to configure SQL Server to allow remote connections

  Hi,
  This is RtPrasad.I am working in some software company.I am supporting an application in one of the projects.I am using windows 7 OS and SQLServer 2008 r2.When ever I am trying to connecting to the test server through SSMS from my lenovo thinkpad,I am getting
  an error as shown in the screen shot.I searched a lot in the google and I went through the many sites.In those sites,below is the URL of one site.
  http://blogs.msdn.com/b/walzenbach/archive/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008.aspx.But Still I am getting the same error.Can anybody please solve this problem as soon as possible.Thanks in advance.
  Thanks&Regards,
  RtPrasad.

  are you connecting to office network through vpn? or is it that the sqlserver open to internet access?
  Please Mark This As Answer if it solved your issue
  Please Vote This As Helpful if it helps to solve your issue
  Visakh
  My Wiki User Page
  My MSDN Page
  My Personal Blog
  My Facebook Page

• [Forum FAQ] How to install and configure Windows Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely

  As we all know,
  the Windows Server Essentials Experience role is available in Windows Server 2012 R2 Standard and Windows Server 2012 R2 Datacenter. We can add the Windows Server
  Essentials Experience role in Server Manager or via Windows PowerShell.
  In this article, we introduce the steps to install and configure Windows
  Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely. For better analyze, we divide this article into two parts.
  Before installing the Windows Server Essentials Experience Role, please use
  Get-WindowsFeature
  PowerShell cmdlet to ensure the Windows Server Essentials Experience (ServerEssentialsRole) is available. (Figure 1)
  Figure 1.
  Part 1: Install Windows Server Essentials Experience role locally
  Add Windows Server Essentials Experience role
  Run Windows PowerShell as administrator, then type
  Add-WindowsFeature ServerEssentialsRole cmdlet to install Windows Server Essentials Experience role. (Figure 2)
  Figure 2.
  Note: It is necessary to configure Windows Server Essentials Experience (Post-deployment Configuration). Otherwise, you will encounter following issue when opening Dashboard.
  (Figure 3)
  Figure 3.
    2. Configure Windows Server Essentials Experience role
  (1)  In an existing domain environment
  Firstly, please join the Windows Server 2012 R2 Standard computer to the existing domain through the path:
  Control Panel\System\Change Settings\”Change…”\Member of. (Figure 4)
  Figure 4.
  After that, please install Windows Server Essentials Experience role as original description. After installation completed, please use the following command to configure Windows
  Server Essentials:
  Start-WssConfigurationService –Credential <Your Credential>
  Note: The type of
  Your Credential should be as: Domain-Name\Domain-User-Account.
  You must be a member of the Enterprise Admin group and Domain Admin group in Active Directory when using the command above to configure Windows Server Essentials. (Figure 5)
  Figure 5.
  Next, you can type the password for the domain account. (Figure 6)
  Figure 6.
  After setting the credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 7)
  Figure 7.
  By the way, you can use
  Get-WssConfigurationStatus
  PowerShell cmdlet to
  get the status of the configuration of Windows Server Essentials. Specify the
  ShowProgress parameter to view a progress indicator. (Figure 8)
  Figure 8.
  (2) In a non-domain environment
  Open PowerShell (Run as Administrator) on the Windows Server 2012 R2 Standard and type following PowerShell cmdlets: (Figure 9)
  Start-WssConfigurationService -CompanyName "xxx" -DNSName "xxx" -NetBiosName "xxx" -ComputerName "xxx” –NewAdminCredential $cred
  Figure 9.
  After you type the commands above and click Enter, you can create a new administrator credential. (Figure 10)
  After creating the new administrator credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 11)
  After a reboot, all the configurations will be completed and you can open the Windows Server Essentials Dashboard without any errors. (Figure 12)
  Figure 12.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Part 2: Install and configure Windows Server Essentials Experience role remotely
  In an existing domain environment
  In an existing domain environment, please use following command to provide credential and then add Server Essentials Role: (Figure 13)
  Add-WindowsFeature -Name ServerEssentialsRole
  -ComputerName xxx -Credential DomainName\DomainAccount
  Figure 13.
  After you enter the credential, it will start install Windows Server Essentials role on your computer. (Figure 14)
  Figure 14.
  After the installation completes, it will return the result as below:
  Figure 15.
  Next, please use the
  Enter-PSSession
  cmdlet and provide the correct credential to start an interactive session with a remote computer. You can use the commands below:
  Enter-PSSession –ComputerName
  xxx –Credential DomainName\DomainAccount (Figure 16)
  Figure 16.
  Then, please configure Server Essentials Role via
  Add-WssConfigurationService cmdlet and it also needs to provide correct credential. (Figure 17)
  Figure 17.
  After your credential is accepted, it will update and prepare your server. (Figure 18)
  Figure 18.
  After that, please type “Y” to continue to configure Windows Server Essentials. (Figure 19)
  Figure 19.
  2. In a non-domain environment
  In my test environment, I set up two computers running Windows Server 2012 R2 Standard and use Server1 as a target computer. The IP addresses for the two computers are as
  below:
  Sevrer1: 192.168.1.54
  Server2: 192.168.1.53
  Run
  Enable-PSRemoting –Force on Server1. (Figure 20)
  Figure 20.
  Since there is no existing domain, it is necessary to add the target computer (Server1) to a TrustedHosts list (maintained by WinRM) on Server 2. We can use following command
  to
  add the TrustedHosts entry:
  Set-Item WSMan:\localhost\Client\TrustedHosts IP-Address
  (Figure 21)
  Figure 21.
  Next, we can use
  Enter-PSSession
  cmdlet and provide the correct credential to start an interactive session with the remote computer. (Figure 22)
  Figure 22.
  After that, you can install Windows Server Essentials Experience Role remotely via Add-WindowsFeature ServerEssentialsRole cmdlet. (Figure 23)
  Figure 23.
  From figure 24, we can see that the installation is completed.
  Figure 24.
  Then you can use
  Start-WssConfigurationService cmdlet to configure Essentials Role and follow the steps in the first part (configure Windows Server Essentials Experience in a non-domain environment) as the steps would be the same.
  The figure below shows the status of Windows Server Essentials.
  Figure
  25.
  Finally, we have successfully configured Windows Server Essentials on Server1. (Figure 26)
  Figure 26.
  More information:
  [Forum
  FAQ] Introduce Windows Powershell Remoting
  Windows Server Essentials Setup Cmdlets
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

• Transfer Data from BW Server to NON SAP(I2) Server

  Hi Experts
  I have a requirement where I want to transfer the data from BW Infocube to a Non SAP System (I2).
  Please let me know the step by step process to accomplish the requirement.
  Regards
  Akshay Chonkar

  I want to make the data available for the I2 server.
  This is a non SAP Logistic system.
  I have got infospoke as an option but i m confused as what do i do do with the data once it is in one of the /BIC/OXXXXXX tables
  What do you mean by saying to a Relational database?
  I got only 2 options in infospokes Dbtable and CSV.
  Please elaborate your points

• Is it possible to configure Webdynpro in Netweaver ABAP/JAVA trial version.

  Hai, all
  Can anyone clear me that, is it possible to configure Webdynpro in Netweaver ABAP and Netweaver JAVA trial versions.

  Hello Senthil ,
  It possible to configure Webdynpro in Netweaver ABAP trial version.
  SAP NetWeaver 7.0 ABAP Trial Version (incl. Web Dynpro ABAP) is available on SDN Download .
  <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/downloaditem?rid=/library/uuid/cfc19866-0401-0010-35b2-dc8158247fb6">to Download !</a>
  Regards ,
  Santosh

• Is it possible to configure Webdynpro in Netweaver ABAP/JAVA trial vers

  Is it possible to configure Webdynpro in Netweaver ABAP/JAVA trial version.

  Hello Senthil ,
  It possible to configure Webdynpro in Netweaver ABAP trial version.
  SAP NetWeaver 7.0 ABAP Trial Version (incl. Web Dynpro ABAP) is available on SDN Download .
  <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/downloaditem?rid=/library/uuid/cfc19866-0401-0010-35b2-dc8158247fb6">to Download !</a>
  Regards ,
  Santosh

• Configure SSO Connection from SAP Enterprise Portal to BOE Server

  Hi Guys,
  We recently installed a BOE Server and want to connect it to our SAP Enterprise Portal. What we need is just to display the Crystal Reports via Enterprise Portal. We have set up the following:
  SAP EP with AD Authentication
  SAP EP configured with SNC to SAP BI7 system
  SAP BOE XI 3.1 - SAP Integration Kit
  BOE Server configured with SAP Authentication via SAP BI7 System
  We've also set up BOE IK iviews and URL iviews pointing to existing reports in BOE. However, when we access it from EP, it prompts for a username and login to BOE. Is there a way to configure these so that there is no prompt for login to BOE server and SSO is used? Is it also possible to have a service account (e.g. domain/crystal) that will run the reports in BOE everytime a user accesses a report from SAP EP?
  Let me know if this is at all possible

  Hi,
  You should configure InfoView for SSO first, which required infoview.xml file modification, using windows AD default authentication. If you want to utilize the OpenDocument URL for iView then you also need to configure OpenDocument.xml file for SSO also. The SAP portal must have trust relation with the SAP BW server so the Windows AD token can be authenticate with SAP BW server.
  If you want crystal user to run all the report then you will lose data security. It can be done by hard coding user name and password in the report properties and database logon but the SSO capability can be accomplished only by windows AD, SAP or LDAP.
  For more details check BOXI Admin guide and SAP Integration Guide.
  Thanks,
  Muhammad

• How do I configure snow leopard server to allow local client to access the server using its public domain name

  I have SLS 10.6 running on my local network with DNS configured.
  I can access the server from a client on the lan using server.local or server.domain  where domain name is my publically registered domain,
  From the internet I can access my server using the registered domain name i.e. www.domain.com. 
  Is it possible to set my server up so that www.domain.com  also reaches the server when used by a client locally?   At present I get a page not found error.

  The configuration you're aiming for is called split-horizon or split-brain DNS, and it's quite possible.  It can get slightly hairy when you have different stuff using the same host name for different purposes, for instance, and you'll need to track all external DNS entries in your internal DNS server when you're running "split". 
  Here is how to set up DNS services.   Split-horizon is one of the options listed there.
  My preference is to use a different domain or subdomain within the network, and to avoid using split-horizon where I can reasonably manage it.  One domain name is configured for and reachable outside and is effectively public, and the other domain (or a subdomain) is inside and private and only reachable directly or via VPN, for instance.

• Facing issue in configuring soa server in local jdev 11G

  Hi All,
  I am facing an issue in configuring local soa server in jdev 11G. I was trying to do the practice excercises in the local jdev and while configuring soa server followed following steps :-
  1. Configure SOA to install the Integrated OC4J Server
  a. In JDeveloper, select Tools -> Preferences, Run, and then select Integrated OC4J Server.
  b. Next, select Tools -> Configure SOA…
  c. Complete the dialog for your configuration specifying the database location and the SOA schema user name and password
  d. Use the Test button to test the database connection and then click on Ok
  This will take 8-10 minutes to run and when finished will end with "Build Successful."
  In the end I am getting following log file
  [echo] ==Starting standalone oc4j. Check server log D:\FMW\JdevInstance\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\log\startsoa.log.
  [echo] ==Waiting max 420 second(s) for startup of URL http://LAP1-RBAGRI-IN:8988...
  [echo]
  * Configuring SOA Infrastructure has FAILED. *
  * Please check following logs for possible cause: *
  * D:\FMW\JdevInstance\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\install\tmp\soa-infra-java.log
  * D:\FMW\JdevInstance\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\log\startsoa.log
  [echo] ==Stopping oc4j standalone...
  BUILD SUCCESSFUL
  Total time: 7 minutes 11 seconds

  Hi Heidi,
  Thanks a lot for your response. The solution you provided worked for me. I am able to configure SOA now and the SOAConsole is coming up properly.
  One issue I am facing while deploying my application . The application is getting deployed properly but it does not show up in the console if I look at Default server console I can see this error message :-
  Incorrect db schema version.
  The database schema version "11.1.6" from the database does not match the version "11.1.7" expected by the server.
  The database schema for your SOA installation was not properly installed or your installation is using a database schema installed for a prior release.
  The database schema currently in place has probably been configured for a previous release; please re-install the database schema and try to start the server again.
  Though I have configured the database locally just like mentioned in the training material. Please let me know if you have any thoughts on this.
  Regards,
  Ranjana

• How to configure ML Server to send Alert Notifications by mail?

  Is it possible to configure Mountain Lion Server to send out Alert notification by e-mail without enabling full Mail services?
  I don't want to run the Mail service on the Server. I'm quite happy with my ISP's mail service. Besides, I have a dynamic public IP address, hence no rDNS entry (so I couldn't run Mail if I wanted to).  And I don't have the expertise to configure and maintain the Mail service.  But I would like to get the Server to send me any important alert notifications by e-mail.
  I have access to an authenticated SMTP server I can use to relay the outbound alert notification emails. But I don't know how to coerce the alert service into using it.  Is it possible to do so, or does one need the full-blown Mail service to be configured (with both dovecot and postfix running) in order to get Alerts to be e-mailed?
  Thanks for any help.

  @MrHoffman,
  Thanks for the pointers and suggestions.
  The config for my ISP's SMTP server is correct. I specified the port (:465), and double-checked userid/password. It's the same as used by all our e-mail clients (a half-dozen or so on various Macs, iPhones, iPads, Linux boxes), all of which work fine from my LAN.
  As for DNS, it seems OK.  (I am indebted to you for the excellent series of articles on servers and networking  at http://labs.hoffmanlabs.com/node/1705 )
  The changeip command reports:
       The names match. There is nothing to change.
       dirserv:success = "success"
  However, I should point out that I do not have the DNS service enabled on ML Server.  I already have a local DNS running on my gateway router. (it's an instance of the dnsmasq process that is part of Tomato firmware).  It has local names defined for all the servers and hosts on my LAN, and provides rDNS for them as well.
  However, what I haven't done is enabled the Mail service.  You've (slightly) misunderstood the core of my plan.  My intent is not simply to secure the local mail server against remote access.  I don't want either remote or local users from accessing the mail server. I don't want it listening for POP or IMAP connections from anywhere (on my LAN or remotely). I don't want it receiving inbound mail from anywhere. I don't want it relaying outbound mail for any client on my LAN. All I want the ML Server to be able to do is to send me alerts (by e-mail) when it's in need of attention. Other appliances on my LAN (eg. a NetgearReadyNAS) can send me e-mails when they are unhappy, and I hope I can coerce the ML Server to do the same.
  I know I don't have the expertise to operate and maintain my own mail server, and I'm quite happy with the mail service provided by my existing network service provider. Plus, I'm behind a cable modem with a dynamic IP address, so I'm unable to establish my own rDNS record (which I understand is required to handle inbound mail).
  It looks like the next step is to turn on the Mail service. But I'm sure it's going to be unhappy since there's no MX record set-up. I was hoping there was a way that ML Server could simply send out its own outbound alerts (using my ISP's SMTP relay) without having the incoming part of the mail service active. But perhaps Apple didn't anticipate that sort of configuration.

• How do you configure the server in this situation?????????????

  Hi,
  We have Oracle 10.2 and Windows 2003.
  We have Oracle on Cluster (with Windows software).
  When the System are without cluster all it’s OK!!!!!!
  We have 2 Resources Cluster Group: Oracle and Applications.
  We have Oracle in Oracle cluster group.
  We have “W” Drive and a ftp program in Application cluster group.
  We have C drive in both nodes. We have installed Oracle in both nodes but we have “W” drive only associate to the Active Node because is a Cluster resource (Application cluster group).
  All days we receive text files by ftp and we put it on W Drive. This text files are readen with external tables in Oracle.
  We have a problem when oracle fails and it goes to the another node (for ex. node2) because the external tables fail because the files are on Node1 on W Drive. If we move manually Applications cluster resource to Node2 then all it is OK.
  We think to put UNC pathes instead of “W” but it’s not possible (Metalink: Note:290703.1)
  How do you configure the server in this situation?????????????
  Thanks!

  We run a similar configurations and i doubt you have a chance other then reconfigure your setup. The way we do it is to have an ftp client in our database group and periodically transfer the files a second time (not elegant but it's working).
  If that's not an option you might be able to use unc names in your ftp server and set the ftp root to a directory hosted on a disk which is part of the database group.
  Or move to unix (that's what we do now). Than you don't have to bounce your server once in a month to apply security patches...