SAP authentication and SSO into BI4 with multiple SAP systems

We have already setup SAP authentication and SSO between ECC6 and BI4, e.g. to run CR 2011 reports with data based on ECC infosets, or BEx (operational BI on ECC). ECC is the main point of entry for users, so ECC user accounts and role imports are used in BI4.
Now if we add BW to this, with Crystal or WebI or Analysis OLAP sourcing data from BW, can we still leverage detailed authorizations in BW on the corresponding BW user - with user accounts and role imports in BI4 still being ECC-based?

Hi,
Let's say the trust relationship is setup between those systems. Then the simple example is to use Enterprise authentication in BI4, and assertion tickets are issued when making requests to ECC or BW. I assume LDAP/AD authentication would work as well.
>> You also have to setup trust between the BI 4 and ECC & between BI4 and BW. Thats part of the setup for the SSO Token Service.
But does this scenario rule out SAP authentication or not? I was hoping that I can still logon to BI4 with an ECC-issued logon ticket, and then BI4 would nevertheless issue assertion tickets for my BW alias.
>> And that is still possible. Setup the SSO Token Service, setup the aliases for the users. then you could logon with ECC credentials and run a BW report because the token service would then generate the token towards the BW system.
ingo

Similar Messages

"Place into Photoshop" with multiple files

I'd love to see this feature in Bridge
Import multiple files into an existing photoshop file (with a predetermined size ) as smart object layers in photoshop.
The options that Bridge currently offers falls short in 2 area
Load Files into Photoshop Layers-- does not import smart objects and creates a new photoshop file that ends up being as large as the largest imported file
Place into Photoshop--only lets you do one at a time
I need "Place into Photoshop" with multiple files
Is there a way to do this?
Thanks!!

I agree, placing multiple files into your PSD as smart objects all at once like InDesign would be a great (and logical) feature for Photoshop to have. The only "workaround" I have is to create a shortcut using Ctrt+Alt+Shift+D (which is not used by anything), so you can place pictures/graphics more quickly, rather than using the menu each time.

I have an ipad I used with a computer which's now broken. I bought a new Macbook Pro and signed into iTunes with my usual Apple id and pw. I connected my ipad to the new Macbook but it won't back up my photos or Apps from the ipad to the new macbook. Help

I have an ipad I used with a computer which's now broken. I bought a new Macbook Pro and signed into iTunes with my usual Apple id and pw. I connected my ipad to the new Macbook but it won't back up my photos or Apps from the ipad to the new macbook. Help

What do you mean " back up my photos or Apps"?
The photo sync is one way - computer to ipad.
You can transfer itunes purchases. Without syncing: File>Transfer Purchases
Copy everything from your backup copy of your old computer to your new one.

Can bookmarks be protable for multiple computers? Is it an option to log on and use my bookmarks with multiple computers and locations? Thanks

Can bookmarks be protable for multiple computers? Is it an option to log on and use my bookmarks with multiple computers and locations? Thanks

Profile is a folder which store all your personal data in a safe place
* https://support.mozilla.com/en-US/kb/Profiles
You can use this button to go to the current Firefox profile folder:
* Help > Troubleshooting Information > Profile Directory: Open Containing Folder
here explain how to backup profile
* https://support.mozilla.com/en-US/kb/Backing%20up%20your%20information
Here explain how to restore it
*https://support.mozilla.com/en-US/kb/Recovering%20important%20data%20from%20an%20old%20profile

How do icloud and itunes match work with multiple libraries?

How do icloud and itunes match work with multiple libraries?

This forum is for troubleshooting compatibility issues between Macs and Windows, not iTunes. You'll probably want to repost your question in the iTunes discussions:
http://discussions.apple.com/category.jspa?categoryID=150

Does SAP test and certify MII against the latest operating system patches?

Does SAP test and certify MII against the latest operating system patches?

If by latest OS patches you mean - does SAP retest MII every time MS puts out a new patch or critical update, then the answer would be no (probably not overly surprising).
This would be more impacted in 11.5 because of IIS and the only-Windows operating system, but with v12.x and the platform/OS combinations supported by NetWeaver, MII is really abstracted from the O/S through NetWeaver so that would be the angle to pursue with regard to re-testing and validation. I most assuredly cannot speak to the validation process for NetWeaver pertaining to operating system patches and updates, but I would assume OS service pack levels would be dealt with according to release cycles, but it would be very reactive for every patch that comes along for each of the operating systems in the matrix (http://service.sap.com/pam).
Regards,
Jeremy

SAP Cloud SDK : Send E-mail with multiple existing attachments

Hi Experts,
I have some requirements from our clients.
1) Can we send email with multiple existing attachments to employee?
I know that we can send email with attachment but how to add existing attachments to the email and send it to user.
2) Can we enhance the standard embed component and add some standard fields under it?
Here below under the Account TI screen Activity tab ->E-Mail Section
I want to add the Category filed exist under the E-Mail Business object in this E-mail Section ( Account TI screen embed component )
anyone have idea how to achieve this requirements using SDK or front end.
Many Thanks,
Mithun

For the emails with attachments: How to send an email with attachments in SAP Cloud Application Studio
For the other requirement, you need to identify wich screen is used in the section that you are referring, and see if you can add custom fields in this screen using extensibility explorer.

Animate sketch (and the drawing hand) with multiple masks

I want to animate a bunch of illustrations (with 100+ path objects) i will draw inside Illustrator with my WACOM tablet and later add my Hand by motion path to draw it live.
What i did was to import the final .ai layer (comp sized 1080), add the path by copy & paste as a mask (or better as 100+ masks) and apply the Generate > Stroke effect. I ended up with a beautiful animation of my illustration, without using the path tool in AE.
Now i want to copy & paste the mask or motion path to the position of the image of my hand. Problem is: this just works by select and copy mask path, not multiple masks.
Is there a way to access the position data out of the stroke effect or another way to copy the exact position data of the motion path to match it with the actual position of the stroke effect?
Would be great!

Thank you for your quick response, seems likely. I will reduce number of masks by using less several strokes in illustrator. And maybe there is a way to automatically join paths chronologically (endpoint of path below to startpoint of path above) in illustrator.
But what i keep in mind is that the stroke effect itself does exactly the same: it uses different masks sequentially as a motion path to locate a position, to where die path is drawn. Couldn't it be possible in the same way to move a null or a layer? Or how does the stroke effect face this "problem"?

ABAP proxy with Multiple PI system and Single SAP ECC

Hello Folks,
In my current project i have 2 SAP Pi system, PI7.0 and PI7.11. Currently 80% of the interfaces are on PI7.0 and we are planning to move interfaces to new PI7.11 next year. Old environment has lot of ABAP proxies ECC is configured to send data to it.
All the new developments will be done in new SAP and i need to use SAP PI7.11 for that. I have an interface where i need to use ABAP proxy.
How can i configure ECC so that it sends new ABAP proxy interface data to new PI7.11 and old proxies to old PI7.0.
As far as i know we can make ECC point to one integration server at one time. Any thoughts or suggestion ?
Regards
Inder

Hi,
Multiple connection to ESR in sproxy can be done by switching host value in RFC destination SAP_ESR_PROXY and for maintaining multiple PI runtime you should use subparameter for parameter SXMB_ADM->Runtime->IS_URL (you can define combination of Sender/Receiver for subparameter in transaction SXMSIF).
This way for every sender/receiver combination you can use different integration server.
Regards,
Gourav

SSO regapp registration with multiple net names

Hello!
I succesfully configured my apex engine to work with SSO authentication.
I used in regapp.sql
l_listener_token := 'HTML_DB:myhostname.mydomanin.com:7777';
and now the home page link works fine:
http://myhostname.mydomanin.com:7777/pls/htmldb/f?p=504:1
The problem is that I have some other network names (aliases) for the same IP (10.10.10.10) and I want these links to be functional as well:
http://myhostname2.mydomanin2.com:7777/pls/htmldb/f?p=504:1
http://10.10.10.10:7777/pls/htmldb/f?p=504:1
But when using them I get this error:
Error in portal_sso_redirect: missing application registration information:
p_partner_app_name:g_listener_token:HTML_DB:myhostname2.mydomanin2.com:7777
Please register this application as described in the installation guide
I tried to reuse the tokens I have for myhostname.mydomanin.com and register again regapp.sql with:
l_listener_token := 'HTML_DB:myhostname2.mydomanin2.com:7777';
But this violates unique constraint WWSEC_SECI_UK1 on WWSEC_ENABLER_CONFIG_INFO$.SITE_TOKEN column.
Question:
Is there a way to make functional the alternate links without getting new tokens (new SSO registrations to iAS)?
Thanks,
Sorin

Try this
Replace the < and > with their corresponding HTML escape characters , &lt an &gt (The escape characters need a trailing ; )
Under Column Formatting for this column
<a hre="mailto:#IDS#">#IDS#</a> varad

Exchange ADFS 2.0 integration to provide federated authentication and SSO

Hello,
I've recently been researching methods to provide federated authentication to users of a multi-tenanted Exchange & Lync environment. Currently I am tackling the first challenge which is OWA. I have used the following guides:
http://allmsft.blogspot.com/2012/02/owa-sp2-and-adfs.html
http://www.theidentityguy.com/articles/2010/10/15/access-owa-with-adfs.html
Combined with some other various guides on general ADFS configuration in order to successively configure OWA to allow for ADFS 2.0 to authenticate using the "Claims To Windows Token Service" integration with the OWA site in order to authenticate.
This seems promising, from my novice perspective I am assuming that enabling federation with another domain would simply be a matter of adding the other domain's ADFS 2.0 Proxy as a claims provider trust on the ADFS server in which Exchange exists and then
having a mailbox in the exchange domain which has the UPN that gets passed through from the proxy server.
I've done this much and I am able to authenticate on the ADFS 2.0 proxy page of the user domain, however I am getting a failure which I think is coming from the WIF part of the OWA integration:
Request
Url: https://webmail.lab1.local:443/owa/
User host address: 192.168.23.77
OWA version: 14.2.247.5
Exception
Exception type: System.IdentityModel.Tokens.SecurityTokenException
Exception message: ID1054: The IClaimsIdentity did not contain
a valid UPN Claim. The automatic Windows identity mapping feature requires exactly one non-empty UPN Claim to be provided.
Call stack
Microsoft.IdentityModel.Tokens.WindowsMappingOperations.FindUpn(IClaimsIdentity claimsIdentity)
Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
I am wondering whether this is an issue with the way that I have the Claim Provider setup, or if it's simply an issue with the claim rules either on the Claim Provider or on the Relying Party Trust within the ADFS 2.0 server in the user domain for the Exchange
domain's ADFS 2.0 STS url.
I realize that providing ADFS 2.0 for Outlook, Activesync, and Lync are a whole other animal. If anyone knows of anyone who has actually published a guide on how to achieve this or possibly a third party product that provides the same result I'd appreciate
that information as well.

The main thing was just getting the web.config right in regards to that article. I had the most trouble using ADFS 2.0 as I'd never used it before.
Web.config follows:
The one undocumented change I made was to add a "homerealm" tag which makes it so the user doesn't have to select their home organization/sts.
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<appSettings>
<add key="FederationMetadataLocation" value="https://sts.lab1.local/FederationMetadata/2007-06/FederationMetadata.xml" />
</appSettings>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
<compilation>
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>

</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
</system.webServer>
<microsoft.identityModel>
<service>
<audienceUris>
<add value="https://webmail.lab1.local/owa/" />
</audienceUris>
<securityTokenHandlers>
<add type="Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<samlSecurityTokenRequirement mapToWindows="true" useWindowsTokenService="true" />
</add>
</securityTokenHandlers>
<applicationService>
<claimTypeRequired>
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" optional="true" />



















</claimTypeRequired>
</applicationService>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://sts.lab1.local/adfs/ls/" realm="https://webmail.lab1.local/owa/" requireHttps="true" homeRealm="http://sts.lab2.local/adfs/services/trust" />
<cookieHandler requireSsl="true" path="/" />
</federatedAuthentication>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="0FD7F936AC9589983AAD5AD3E655C493B8FCA07E" name="http://sts.lab1.local/adfs/services/trust" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
</configuration>

Is it possible to group the dimensions and measures into respective folders in SAP BO Analysis office - excel?

Hi Guys,
We can group the similar dimensions or measures into folders in Universe which can be further consumed in other BO reporting tools.
Is it possible to do the same while connecting AO with HANA?
I want to group similar dimensions and measures so that it comes as respective folders in AO and makes the experience for the user better. Is it possible?
Regards,
Krishna Tangudu

Hi Michael,
Thanks for your reply. If this feature is not present or not in the roadmap too then i might have to follow the same solution as well.
Hoping Tammy Powlas has some answer for this.
Regards,
Krishna Tangudu

Value mismatch in ME23N and MIRO for PO with multiple account assignments

Hello All,
I've a PO for indriect material procurement with no material master and I've a single PO item with Account Assignment Category as "K" (Cost Center) and Net Price as "1,357.91". Account Assignment has been distributed by percentage such that 50% goes to a cost center and the remaining 50% goes to another cost center.
When I do MIRO, the amount comes as "1.357,92". This is because, the actual PO price "1,357.91" is divided by 2 equal half due to multiple account assignment and the individual amount comes to 678.955. And this is rounded off to 678.96 and multiplied by 2 in MIRO and the final amount comes to "1357.92". So as you see, the variance between PO price and MIRO price is 0.01.
How to get rid of this variance? Can something be done to match the PO value and MIRO value the same?
Thanks for your inputs.
Sankar

HI Sankar,
This is a standard behaviour as Currencies with 2 decimals will be getting rounded off. One work around to avoid posting of Small differences in Invoices (DIF accounts) is to maually change the amount in the Account assignment in the Invoice line to match to PO line total.
Regards,
Kathir

Unsorted Flat File into IDoc with multiple use of nodes

Hi Experts!
I am facing a little problem. I have a source flat file for a classification where some fields appear several times.
My source flat file looks like this:
item1; field1a
item2; fieldA
item3; fieldxa
item1; field1b
as you can see the item1 exists twice (further appearances are also possible).
Now i have to map the flat file into an IDoc structure
My target IDoc looks like this
Header
-- node1
attribute1
-- node2
the "field1a" and "field1b" has to be mapped into the "attribute1" in "node1". "node1" has to be duplicated for each time an "item1" appears (.. and if item2, item3 etc. appears twice, three ... four times...).
So how can i reach it that the node1 will be duplicated automatically when an item appears twice or more times? I know that it could be possible to work with "SplitByValue"... but for this i need all item1 in an straight order.... but i dont have them in a correct order.
I am looking forward to your suggestions.
Thank you in advance.
Udo

Complex sorting is not or not easy possible with the grafical mapping tool.
Use a sequence mapping. The first mapping is a simple XSLT which does the sort. The second mapping works as usual.
I have an example XSLT which I used for a different purpose:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
    <ORDERLIST>
      <xsl:for-each select="ORDERLIST/ITEM">
        <xsl:sort select="ID"/>
        <xsl:copy-of select="."/>
      </xsl:for-each>
    </ORDERLIST>
</xsl:template>
</xsl:stylesheet>
Regards
Stefan

ESB: inbound file and outbound ftp adapter with multiple directories

Basically I want to scan directories and write new files ftp directories. I could figure out how to do that for one directory. However I need to scan multiple directories and ftp upload files contained in those directories to corresponding ftp directories. Number of directories and their names are only known at run time. All directories are under one parent directory, both locally and the remote ftp site. We can assume all ftp directories exist.
I could not figure out how to this. Is this possible at all? Directory names seem to be only specified at design time, for both inbound file adapters and outbound ftp adapters.
Pranab

Chris, I am not really sure this is the right place to ask this question. But hopefully you might have something in your armour to help me out.
My requirement is to configure an inbound File/FTP adapter to read from a Directory which can be known only at runtime. A webservice call returns the file name and network path of the file to be read, but that happens only during the run time. I guess one way possible is, you configure a File/FTP Adapter with a logical name for directory and set the physical directory path using the endpoint property. But in that case, I should know the Physical directory @ deployment time.
I would like to know whether it is possible to manipulate the Endpoint property of an ESB Service (SOAP Service/Routing Service/Adapter Service) during runtime.
So is there any way to get the enpoint property configured during runtime??? Otherwise dO you recommend some other solution for this use case???
Any help would be appreciated.
-Sudheer

SAP authentication and SSO into BI4 with multiple SAP systems

Similar Messages

Maybe you are looking for