SAP Portal ESS SingleSignOn

Hi!
We are facing following Problem in our Sap Portal Environment.
First of all SSO was working as intended. But after a Windows DC Migration with new computernames and new physical hosts we had to reconfigure SSO on our Portal-Servers. After the reconfiguration, SSO seemed to work again for everyone....but then some users started facing following problem (maybe 1 out of 100): That user cant login to SAP ESS via SSO. But when that person moves to another computer SSO is working there. So basically AD-Useraccount seems to be ok. So we thought "ok maybe a local computer problem". So a user with a working SSO tried to login on that "problem-computer" that had SSO problems. But SSO was working there suddenly with that user. So basically its not working only with that one useraccount on that specific computer. That user can login via SSO on every other computer and also other users can login via SSO on that "problem-computer". We have several users right now that are facing that problem on their own computers.
Our Windows group says that they cant see any problem in their Active Directory and point with their fingers on the SAP Portal as error source. So my Question: Is there any chance, that this problem really has his roots in the SAP Portal. i mean SSO is working for like 99% of the users. only for like 1% its not working only on their own specific computers. On other computers those 1% can also login via SSO.
i would be really thankful for every idea!
regards Alex

Hi,
for SSO, the browser has to get a HTTP 401 from the server. The browser should than get the token and send it to the server:
Authorization: Negotiate YIIQCQYGKwYBBQUCoII long cryptic text P/TCCDBdxfqo=
If the browser cannot resolve the SPN, or get it wrong, the browser will ignore the 401 or send a short Authorization answer back.
What you can check besides the HTTP trace with the user::
- Check if the computer of the user is in the domain and that the DNS is set correctly on that computer
- Verify the logon process on the server with diagtool (complex but gives you every detail)
- The users are using the same userID in the LDAP and UME?
- All are using IE or some are using Firefox? In both the configuration for SSO has to be enables. IE: Windows integrated authentication + check the security zone. In FF: about:config and enter the correct domain.
br,
Tobias

Similar Messages

Not able to get a link to the fron-end portal(ess) with back-end sap R\3 AB

Hi,
   In the back-end i.e sap abap-hr , the required data (leave types) are available.But on front-end Portal(ESS) ,the drop-down menu in personal LOA forms shows only two leave types(personal & self-funded leave).i got struck in how to make few in remaining also viewable in the drop-down list.Can anyone help me on this?

Bottom line,
to configure the Leaves on your portal you have to do.
1. Configure the Leave Types and all the customizing on T554S.
    opc. If you want to have quota deduction, and everything else you should check V_T559L, T556C, T556A as well.
2. Configure the Leaves on the Portal. This is done on the IMG path colleague replied:
>Personnel Management
>Employee Self-Service
>Service-Specific Settings
>Working Time
>Leave Request
>Processing Processes
   a. Create the Rule Groups - this step you just create them.
   b. Adjust feature WEBMO - The feature WEBMO is used to select the rule group. Most of the times based on MOLGA and Ctrl. Center.
   c. Define Processing Processes for Each Rule Group - define the processes such as how to record partial day leaves, details on to check PTREQ_HEADER tables for unposted leaves, and how to determine workflow's next agent (more info press F1 on each of these fields)
   d. Specify Processing Processes for Types of Leave - Associate the Leaves from T554S that you want to show on the portal. This includes Absences and ATtendances. Here you define data such as if you are allowed to create leaves on the past, present and future; field customizing, and other details.
Since Time Management is an old part of SAP the F1 documentation is very complete so I really advise you to check.
Also, check http://wiki.sdn.sap.com/wiki/display/ERPHCM/LeaveRequestCustom+Messages
for how to have custom warning messages to show on your leaves.
I hope I have clarified.
Kind Regards,
Bentow.

Do we need to install SAP Portal for implementation of ESS & MSS

Hi All,
We are implementing SAP (ECC 6.0) for one of our client, Due to some contractual limitations, we do not want to implement SAP portal though it is a part of standard delivery, I want to know that is it absolutely necessary to install and implement SAP portal for implementation of ESS & MSS.
What i know and understand is that with the new architecture ESS & MSS can be deployed and accessed as a stand alone application on an internet browser by (Web dynpro client) without any need of enterprise portal. While ESS & MSS application can be hosted on Web application server.
Please validate my understanding if it is correct, Also does the new Web dynpro based client support all the functionality and authorization related issues for ESS & MSS ??
Regards
Amit Ajmera

Hi Amit,
Yes, you can run ESS/MSS as WebDynpro application without having to deploy on Portal. However, the look and feel and user accessibility is much better when deployed as Portal page. For WebDynpro, you will still need to publish the individual URL link to application somewhere...
Another point is that on portal you can deploy standard Business package specific to ESS and MSS which contains lots of readymade iviews/page/roles etc so it can reduce your development cost dramatically.
But, at the end it all depends on your individual requirement and project scope.
Cheers !!
Satya.
PS: Points always encourage me to reply...:-)

PeopleSoft ESS to be surfaced through SAP Portal

Hi - We have a client who is considering using SAP Portal platform and surfacing the PeopleSoft ESS pages through it... Easy way of doing that would be to either open a new window with the PeopleSoft ESS pages (transactions) or to surface the entire PeopleSoft portal within the SAP Portal framework... Both of them will potentially reduce the user experience. I am very interested in knowing if other organizations have faced this issue - and what have been the various options considered to surface each ESS page (transaction) from PeopleSoft separately.
Thanks
Huzaifah

Huzaifah
Hope you are doing good. Firstly send and receive the DATA the ERP system should be configured with the required adaptors like Crystal Reports, Siebel, People soft ...... . We have differant adaptors available in the market for SAP.
To configure the system pl follow the below blog.
Integrating JDEdwards system with XI using IWAY adapter part - I
Here is a good link
Note: Exercise gives handson on " Collecting and Bundling vendor records from different multiple interfaces (file system,Peoplesoft ) "
Collecting and Bundling vendor records from different multiple interfaces (file system,Peoplesoft ) and sending to SAP-R/3 system. part-2
Ashok Babu
Enterprise Business process Architect
SAP BI/XI Senior Consultant

TIME on ESS/MSS with the SAP Portal, release ERP2005 ECC6.

Hello,
I need to implement TIME (Leave request) on ESS/MSS with the SAP Portal, release ERP2005 ECC6.
Any informations about the customizing for a proof of concept would be appreciated.
All the back-end (R/3) as allready been customized.
Thanks for your responses.
Olivier

Hello,
If you already have all the templates and such configured then its easy. We don't have ESS and only one MSS scenario. However we support the web environment via BSP HAP_DOCUMENT. You can include our list pages in an Iview and assign that to the ESS or MSS scenario in the portal.
They also run stand alone, so you can test it as well without configuring the portal.
See also <a href="/people/sap.user72/blog/2007/02/20/objective-setting-appraisals-the-web-environment bloggy</a> on OSA and the web Environment, especially the last part will be of interest for you.
Regards and Groetjes,
Maurice

SAP Portal Custom Themes to change ESS/MSS UI Look and feel , possible ?

Hi,
I have a requirement where the look and feel of the UI controls of the ESS/MSS applications have to be different - Jazzy
I know XSS homepage framework is for the customisation of Areas, Sub Areas. What I am more interested is only the look and feel UI of ESS/MSS applications.
If I change the standard theme of portal using Theme Editor and create a new custom theme with different back ground colors, fonts, sizes for all the UI controls,.Will the customised Theme apply on the standard ESS / MSS screens ? Also my doubt is we are using EHP3 and I am not sure how many are Webdynpro java based or webdynpro Abap based.
Will the theme apply to both WDA and WDJ application UI controls?
Any inputs in this regard will be of great help. thanks in advance.
Regards,
Sreeram

Hello,
Check :
[Overview on changing the Portal look and feel.|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d077fa17-7fbf-2a10-d983-fb12decf63c7]
FYI :- Search for wiki on : Stylesheet for WDA without integrating in SAP Portal
Cheers,
Remi

SingleSignOn without SAP Portals?

Hi,
we want to use SingleSignOn on the Mobile Client, so I looked into all the documentation about the SSO and how you have to configure the client and all that.
But the documentation is all for the SSO between the SAP Portal and the MI client, but I would like to use the Windows authentication and not a SAP Portal with an online connection. Unhappily we have a multiple user szenario on the client, so that depending of the windows user a different mobile user has to be logged on.
Has anyone done something similar? Is it possible to do this via a specific configuration? Can I replace the authentication module and implement something by my own?
Greetings,
Kai

Hi Kai
For SSO to work in MI, you can rely on any ticket issuing system that can issue an SAP Logon Ticket. But what is tested, documented and released is, the SAP Enterprise Portal is the ticke issuing system for MI and not any other system. Windows authentication can never be used for SSO on MI.
Can I replace the authentication module and implement something by my own? I am afraid, you cannot do this.
Hope this helps
Best Regards
Sivakumar

ESS\MSS implementation in SAP Portal

Hi Friends,
Just need your help.
I need some screen shots of mss functionalities in SAP Portal ....It will great if someone can just send me those.
Thanks,
Shyam

Hi,
here you go:
1. General information, you should read these first:
http://wiki.sdn.sap.com/wiki/display/ERPHCM/HCM+ESS
http://wiki.sdn.sap.com/wiki/display/ERPHCM/HCM+MSS
2. Homepage Framework (Frontend <--> Backend)
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/b0e3a488-cdc2-2b10-209b-e01a0ed934b4
3. Stack Matching - Explanation/Guide (Frontend <--> Backend)
https://wiki.sdn.sap.com/wiki/display/ERPHCM/HOWTOGETRIDOFSPSTACKMISMATCHISSUES?focusedCommentId=233472296&#comment-233472296
best regards,
Lukas

ESS in NWBC or ESS in SAP-Portal

Dear experts.
I am begin with the configuration for ESS & MSS and I have the following doubt:
1. What roles should I use if use ESS in NWBC?
2. What roles should I use if use ESS in SAP Portal?
With this two option , What is the better option for work ESS? And who should define what option use (Basis)?
Thanks in advance
Regards

Hi Juan
we can Use T-code LPD_CUST & PFCG based on the scenarios, you can use SAP_ESS_EMPLOYEE_WDA_2 Composite Role from PFCG.
Having EP is a benefit for using WDA & WDJ services, but if you go for NWBC you only have a provision to use WDA. if you are in EHP 5 then few services are still in Java & its not suggested much to use NWBC. For NWBC we don't need to buy any licenses as it comes by default. only thing we need to do is to activate the appropriate Business Functions.
check this link
http://nicx.co.uk/attachments/File/Business%20Client.pdf
Tips & Recommendations for customizing ESS Menu (WD ABAP)
Difference between Netweaver Business Client and Netweaver Enterprise Portal
Hope this Info will be useful
Cheers
Pradyp

SSO for portal ESS applications

Hi all,
We have implemented ESS in Portal.
But we need to access the ESS modules outside the portal .. i.e,
We need to access ESS applications from a .net portal..
goal is to acheive SSO from a .net portal to SAP Portal..
How to Acheive this. any approches/ best practices??
Points for useful answers..
Hari

Hi,
can you take a look at this thread: Re: SSO from SharePoint CMS to SAP EP that is connected to CUA
The idea would be to "force" the users to log on to the portal (so that they have a SAPLogonTicket), redirect the users to your .Net application and from there they can access ESS scenarios (since they do have a SAPLogonTicket now).
Regards,
Holger.

502 error in sending the request from F5 to SAP PORTAL

Hi All,
I face a problem in NW04S SP13 Level:
I have my Production and Development landscape where I get an HTTP Request from a Oblix Server and pass it to SAP ENTERPRISE PORTAL through F5.
In my Development Landsacpe this request is process by SAP PORTAL
but in my Production landscape it Intermittently fails.
The Only difference between my Production and Development landscape is I have multiple portal instances in my Production where as I have a single instance in my Dev.
When in my Dev landscape I login to portal and Open a ESS - Benefits application it works fine but in the Production Landscape it throws 502 ERROR.
I tried Routing the HTTP Request from my Dev Environment's F5 to Production Environments Portal, and even then it throws error Intermittently.
But If I Pass the request from my Production Environment's F5 to Development Environments Portal it works perfectly fine.
What might be the issue?
Any Idea? Your help is really appreciated.
Thanks & Regards,
sirisha.RS

Hi Rk,
I am not sure about it. Will talk to the Admin and get back to you.
Thanks & Regards,
Sirisha.RS

Installing NWDI in Existing SAP Portal

hi experts,
My project currently require to retrieve and modify ESS (personal information) standard code since the standard personal information in ESS will not meet our requirement.
I found out that i need NWDI installed in our environment in order to retrieve ESS (personal information) standard code.
my consideration is that we already implement several custom ESS using NWDS for SAP Portal.
By installing NWDI, will it have any impacts to existing custom ESS (using NWDS)?
I already tried to search through forum, but haven't find the answer.
Thanks in advance

Dear Rica,
Download the NWDI Component from service market place with same version and SP level.
DTR
CBS
CMS
SLD
Deploy the NWDI component througth SDM or JSPM. Once finished you can access with http://<Host>:<Port>/devinf
For designing track for ESS/MSS, refer to the JDI cookbook. for your custom development you can migrate to the NWDI.
Refer to SDN Page for NWDI [Click Here |SAP NetWeaver Development Infrastructure (NWDI)]for more details.
Hope it will helps
Best Regards
Arun Jaiswal

Multi SAP ECC Server Connection to Single SAP Portal

Dear Experts,
We have connected multiple SAP Client of same ECC server to Single SAP Portal and we are able to view data using various standard SAP ESS/MSS Objects.
Is it feasible to connect Multiple SAP ECC Servers to one SAP Portal Server for showing data from varios servers using Standard ESS/MSS Objects.
Any help appreciated.
Rgds
Gulshan

Hi Gulshan,
You are right....these are the JCO names being picked up by standard ESS/MSS applications.
The Standar DCs will be calling these JCO names only while connecting to the SAP Server.
As you described,
The portal do have system alias name as unique name.
You may need to use some customizations.....plz find the below threads...they may be of your help.
[Thread1 - Change the JCO name (RFC_META_DATA) |Change the JCO name (RFC_META_DATA);
[Thread2 - How to change the JCO reference to an existing model|How to change the JCO reference to an existing model;
Good Luck!!!
Biroj Patro.

SAP delivered ESS/MSS services

Hi Gurus
What are all the standard SAP delivered ESS/MSS services available for Indian market in ERP 2005.
Regards,
Samba.

Hi,
I assume, your portal language and also all the tabs and even all the MSS services which are based on Java (par files) are in French and all the WebDynpro services (almost all of the ESS services) are still in English.
If that is the case, some of the services of ESS only have English and German, basically because you probably are using the US version of the ESS services. For example essusaddr only has English and German. But some of other services (like the MSS services and ess~cat) have all the languages. If you still see English for those service, you can manually change the language in the iView property of your service if you have an iView for them.

SAP Portal Network Sizing.

Hi Friends,
We are implementing SAP Portal for ESS/MSS.
We would like to know whether, we have required computer network resources or not.
How we can check whether we have enough bandwidth that SAP Portal would need.
Please advise how we can check existing network. And what are the values SAP recommand to have ?
Thank you.
Regards,
Prashanth.R.G.

Prashanth,
Portal sizing is based on SAPS. Based on the number of users, please use the Sap Quick Sizer tool and calculate the SAPS. You need to work with hardware vendors such as IBM, SUN, DELL, and HP to find out the best server platform that you can use for your requirements considering different metrics in to account such as Processor, Virtualization, OS, Memory, DB per CPU, High-Availability, Implementation cost, server consolidation ratio, hardware/software breakdown cost and etc.,
You can find some info at http://www.sizinglounge.com
Specific to the enterprise portal, you need to check several tuning parameters to fine-tune the performance, Most of these can be identified in SAP Going-Live GA, GO, and GV checks.
When you talk about bandwidth, you need to work with your network admin based on where your user base comes from? Intranet? Extranet? Internet? There are different tools available such as sniffers to do an end-to-end testing. Hope this helps.
~Yasin

SAP Portal ESS SingleSignOn

Similar Messages

Maybe you are looking for