SSO to multiple BW systems

Similar Messages

• BI 4.1 : SSO to multiple BW Systems

  Dear all,
  I'm setting up SSO To BW.
  From one BI Platform, I want to setup SSO to two BW systems (called "BID" or "BIP")
  - I created the keystore file and certificiate
  - I imported the certificate file cert.der in the two BW systems.
  What is the System ID we have to enter in the CMC : BID or BIP ?
  Many thanks
  Hans

  Hi Josh,
  Many thanks for your reply.
  The SSO to the two systems works. I did it by creating an account in the CMC, containing 3 aliases :
  - Enterprise Alias
  - SAP Alias : of the user in BID (the Development SAP system)
  - SAP Alias : of the user in BIP (the Production SAP system)
  I log on to all tools (Design Studio, BI Launch Pad, Web Intelligence Rich Client, ...) using Enterprise authentication.
  Is this the way to go for all users in the system ? Is this what you mean with "shared aliases to the two systems" ?
  I have noticed that the Enterprise alias is really required.
  If this is the way to go, then we have the next issue : we have more than 1000 users. I do not see how we can automate the manual step of assigning aliases (expect SDK development that I want to avoid)
  Many thanks for your thoughts.
  Hans

• Fall back systemwhen multiple SAP systems trying to acheive SSO with BOEXI

  Friends,
  I need a small clarification on ' SSO between BOE XI 3.1 and SAP BI 7' Scenario,
  Say when multiple users log on through their  SAP EP Portals or Netwever Portals, they use their tokens generated by their respective EP portals which are passed through the 'Web application server' hosting BOE environment.
  1) When  its a Single EP portal , we can have have a fall back system. when we register  its logical name in the CMC of BOE Environment , a typical SNC.But what's the fall back system for multiple SAP systems?
  2) Also Whether there are any pit falls via token method  when more than one SAP system communicating to BOE?
  3) Do we have any documentation for this?
  Thanks ,
  Sivakanth.

  Hi Sivakanth,
  the normal scenario for SSO is the following:
  When you said ''back end system ', i did not get it.
  Enterprise Portal -
  (iView)-------> BOE -
  > SAP BI <- This is your backend system
  Well Could I define more than one logical name there in SNC tab of CMC.?
  I assume you have the following situation:
  (EP1, EP2, EP3) -
  > BOE -
  > (SAP BI 1, SAP BI 2, SAP BI n)
  You can define more than one entitlement systems in the BOE CMC and also configure for each one of them for SNC. Please note that we are talking about server trust and NOT client trust here. It is all about letting your sap system and the boe system trust each other. If you have your portal with client SNC configured (ie. the user logs using a certificate and an SAP logon ticket is created) it is NOT necessary to configure SNC in the CMC (Please refer to the section "Configuring SAP Server-Side Trust" in the installation guide for the integration kit for SAP) side.
  Back to the SSO scenario now: When a user connects from an enterprise portal on the BOE system the logon ticket, generated from the portal, is forwarded to the back-end system, which is defined in the portal iView the user is currently navigating through. If it is a Crystal Enterprise iView then you just have to select the appropriate system alias of your back-end system in the System drop down menu when creating the iView. For URL iViews you must utilize the relevant openDocument parameters. If you do not define anything at all when creating the iView then BOE tries to authenticate the logon ticket against the SAP BI system you selected to be the default one in the "Authentication->SAP->Options" tab of the CMC.
  If what you want is just to distribute the load between your SAP back-end systems then you should consider utilizing an SAP cluster for your pursposes. As explained before BOE will not distribute the requests evenly on the back-end systems. It will try to contact either the system defined in the request (iView) or the default system. To be honest I am not sure what happens if the explicitely defined system is not available but I think that an error message is what you should expect then. I do not think that in this case the BOE system tries to use the system defined as default.
  Another part is what kind of security is defined in BEX querys..as i read from SAP IK guide, we can import all the roles which are defined at ABAB level.
  Will there be any security threats to SAP data via this method.
  It is true that you can import all roles in your BOE system. But keep the following four things in mind:
  1) You can restrict on the BOE side the users which are authorized to logon in the CMC and import the roles (normally only the BOE administrator is authorized to do this)
  2) Importing a role means that an SAP user can try to logon the BOE. Still the logon process can only be succesfull only if the SAP user has special authorization on the SAP side (Please check the Appendix "Authorizations" in the installation guide of the integration Kit for SAP.
  3) You can restrict the access to data by assigning authorizations only for specific infoareas/infoproviders. In order to partially restrict data access in a given infoprovider (e.g infocube or multiprovider) you can utilize authorization variables in your BW query.
  4) You can further restrict access on specific reports either on the BOE side or on the portal side (by rstricting access to the defined iViews).
  For sure you must invest some time to define and implement your security concept.
  More over could you please answer other 2 questions in my original question.
  2) Also Whether there are any pit falls via token method when more than one SAP system communicating to BOE?
  3) Do we have any documentation for this?
  2) As long as your portals, the back-end systems and your BOE system are configured correctly for SSO this should not be a problem. Well just a tip based on my experience: be sure to use full qualified domain names for your systems in the iView definitions. And do not forget SSO works only if all systems are in the same domain.
  3) As said in my previous posting the netweaver documentation regadring SSO setup maybe interesting for you. As far as I know the multiple systems scenario is not contained explicitely in any official BOBJ documentation. I assume that you already went through the installation guide for the integration kit for SAP.
  Please tell me if you have a completely different scenario in mind
  Regards,
  Stratos
  Edited by: Efstratios Karaivazoglou on Mar 22, 2009 12:27 AM

• WD Exception when pointing ESS Travel & Expense to multiple backend systems

  Hi All,
  I have a query regarding ESS Travel Management pointing to multiple backend systems.
  ESS MSS is installed on a single portal(Portal1).
  ESS MSS is currently pointing to Backend System1. The requirement is that ESS Travel from Portal1 should point to various multiple Backend Systems therefore making ESS Travel region-specific.
  Is this possible? and if so what are the pros and cons?
  This is what I have attempted:
  1. Followed the documentation from "Multiple Back End Support for the Adaptive RFC Model" [http://help.sap.com/saphelp_nw70/helpdata/en/af/84a34098022a54e10000000a1550b0/frameset.htm]
  Therefore, I created 2 JCOs namely: SAP_R3_Travel_R1 and SAP_R3_Travel_MetaData_R1 pointing to Backend Sytem 2. SSO and JCO tests successfully.
  2. On the iview properties for ESS Travel & Expenses, I added the following to the Application Parameters: sap-wd-arfc-useSys=SAP_R3_Travel:_R1&sap-wd-arfc-useSys=SAP_R3_Travel_MetaData:_R1
  3. I additionally created a system in the Portal under  System Configuration pointing to Backend System2 and adding the SAP_R3_Travel_R1 as the default System Alias. Do I need to add SAP_ITS_XSS and SAP_WebDynpro_XSS system alias, if so how since it is seeing as redundant because it is added in the system I created for Backend System1.
  4. I then tested one of the ESS Travel & Expenses iviews. I have the following error:
  Accessing System XYZ is not possible because RFC Metadata was retrieved using System ABC. Please assure you have configured the RFC Connections properly. A Server restart may be necessary!
  Your help is appreciated.
  Thanks.
  RD

  Hi,
  Can you please share the solution you got for this problem as we are also facing the same kind of problem.
  thanks
  Gaurav

• One Portal Multiple BI systems

  Hi,
  I have a scenario wherein there are two BI systems and one portal that is used for displaying the data. Now I know we need a BI JAVA on the portal for this scenario.
  My doubts are:
  1. Can we use BI JAVA to connect and pull data from multiple BI systems?
  2. Is SSO essential for the running of BI JAVA? If yes then how can i connect two BI systems to one portal with SSO.
  Federated Portal is NOT to be used. Any other pointers in connecting 2 BI systems to a single portal and use the BI JAVA functionality is welcome.
  Correct answers will be suitable rewarded.
  Thanks,
  Arun E V

  Your approach is very interesting and I'd like to comment why FPN might be your best option in this case.
  If you are running new 7.0 web functionalties each BI 7.0 system must have usage types:
  ABAP side: AS ABAP and BI
  JAVA side: AS JAVA, BI JAVA, BI EP
  See: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d0606dd7-011d-2a10-e1a8-d66b35bb0767
  If in your case you would like "federate" your users (and subsequently the content for those users..roles, iViews, etc) across several BI systems then having an overall EP ("corporate portal") using FPN would be the best option.
  Now, If you have two seperate BI systems (with a BI Portal on each) the only way your users can switch from one BI to the next is via SSO, however you are still logging into each BI system and have to maintain portal content (user roles, iviews, etc) on two seperate systems. By using FPN can you maintain this all from one single point of access.

• Multiple Logical Systems in Partner Profile for one instance

  Can we create multiple Logical Systems in Partner Profile (WE20) for one instance or one System?  If it is possible, can we create Logical System with respect to Plant/Country?

  I am not quite sure if I understood your problem completley. But let's see...
  Usually you use on on MSCS Cluster Group per SAP instance. So you have your already existing NW 7.0 ABAP stack in a separated Cluster Group, and you create a new Cluster Group for your new Java system.
  You can find more information about it in this guide here on SDN:
  Link: [High Availability;
  More information about High Availability Setups for SAP System can be found here on SDN:
  Link: [High Availability]
  If you want to use the same database for your clustered ABAP stack and your new Java stack you can do a MCOD installation.
  Please see Link: [SAP Note 388866 - Multiple Components on One Database - Installation|https://service.sap.com/sap/support/notes/388866]
  Hope this helps.
  Best regards,
  Mathias

• Please help me get my laptop back someone has cracked the master password and is running multiple operating systems which I have no access to

  Okay so I am not a computer expert by any means and have no clue how to fix my system. My father worked for intel for over 20 years as an engineer I asked him to restore my laptop to its original factory state and instead he cracked the master password
  installed multiple operating systems and made himself the administrator or domain controller. Many features and options I do not have access to so reading the trouble shooting and going through the steps always leads me to a dead end. The laptop is TOSHIBA
  SATELLITE L875D-S7332 a6 VISION AMD WINDOWS 8. As far as I can see my profile is actual running a version of windows 7. I do see reference to a windows 8RT windows 2003 windows vista wow64 and 32 I don't know what all that means I would just like to know how
  wipe everything and get back to the factory condition I bought it in. If anyone can help it would be much appreciated

  Do you have Win 7 installation disk? If yes, then go ahead and format the laptop if you don't need any data. If you need the data it it, then copy the same to USB disk and format it. Removing OS and deleting these things will anyhow keep some remains on
  HDD. TO get the speed and performance back, you might need a fresh installation. 
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• How to use a Web Template with queries from multiple BW Systems?

  Hi all,
  can anybody help me how to use a Web Template with queries (DATA PROVIDER)in it from multiple BW Systems?
  Thanks in advance, best regards
  Frank

  Great! Thanks for the quick response.
  Have you tried this for XMLA datasources created within the EP system also?
  i.e use Web Analyzer to create a view from the XMLA source and use that view within WAD?
  Thanks.

• How can I handle deploying multiple test systems on the same PC that have been developed using different versions of LabVIEW, TestStand, and/or Switch Executive?

  The major issue here is that the test systems must be documented and validated before being released to the production floor. Given this if a test station has multiple test systems deployed on it that have been developed on various versions of LV, TS, and Switch exec how can I force the test system selected to use the correct versions of TS, LV, and Switch exec.? I understand that the solution would be to recomplie everything and bring them up to the latest version but that would then require re-validation according to the QA department. Any advice would be greatly appreciated.
  It would be nice if theTS deployment was more like an LV executable... meaning when a LV executable is launched it always knows what LV runtime engine to use when there are multiple engines installed on a PC.

  Hi,
  Multiply versions of teststand can reside on the same system, but only one version can run at a time. They is a utility that has to be run to set the active version.
  The SequenceFiles have a version number, and you will find an error will be generate if you try to Load the sequencefile in the wrong version of TestStand.
  The labview VIs will only work providing the correct version of the RTE is also installed on your system, even a labview executabe requires the correct RTE to be installed, either as part of the executable installation or as a seperate installation, before the labview exe will work correctly.
  I'm not fimilar with the Switch exec but I would expect that it will also require the correct lower level device drivers to be available for the version you are using.
  Therefore, as you are indicating that some of your system are at  a older version, its difficult to image how you could achive this, considering if you say you have different versions of the software(s). For a start, you may have the problem that newer code/ sequencefiles using additional functionatily not available in the older versions.
  I would think your only solution would  be to have different deployments covering the different versions you have, or at least bring all your test systems up to the same version of teststand.
  Regards
  Ray Farmer
  Regards
  Ray Farmer

• Creation of sales order in CRM and replicating it to Multiple ECC system.

  We have a requirement for creation of sales order in CRM and replicating it to Multiple ECC system.
  We have checked the following standard Adapter objects in transaction R3AC1.
  BUS_TRANS_MSG
  The initial flow contexts does not support target site type as R/3(SMOF_ ERPSITE). So we are not able to replicate the sales order from CRM
  to ECC.
      2. SALESDOCUMENT
  Here the initial flow contexts does not support flow from CRM -> R/3 as we don’t see the target site as CRM.
  Please let us know if the standard sap middleware objects don’t support the sales order flow from CRM to multiple ECC or is there any
  other adapter object we need to use for this.

  Hey Vijay Duvvada,
  I hope you are already referred below sap note  and which explains scope & how to do   -
  1084315 - Consulting: Information about the multiple backend scenario
  1763516 - How-to: Basic Setup of MEP
  As explained by Rohit Sharma data should be start flowing to multiple sites.
  please let me know if it does help.
  Regards,
  Arjun

• CRM single sign on (SSO) to R/3 system via ITS 6.20

  Hi all
  I try to configue CRM2007 single sign on (SSO) to R/3 system via ITS 6.20.
  my configuraion process
  1. on CRM2007
  -profile : login/accept_sso2_ticket = 1
                login/create_sso2_ticket = 2
  - t-code : strustsso2 --> export system PSE
  2. on R/3 system
  - profile : login/accept_sso2_ticket = 1
                 login/create_sso2_ticket = 0
  - t-code : strust --> import certification --> add certification list --> save
  - t-code : oss2 --> execute with crm rfcdestination --> all green.
  3. ITS
  ~appserver      r/3.domain
  ~client     
  ~clientcert      1
  ~cookies      1
  ~exiturl     
  ~hostsecure      itshost.domain
  ~hostunsecure      itshost.domain
  ~language     
  ~login     
  ~logingroup     
  ~messageserver     
  ~multiinstanceservices      1
  ~password     
  ~portsecure      443
  ~portunsecure      80
  ~routestring     
  ~runtimemode      pm
  ~systemname      R/3 SID
  ~systemnumber      R/3 system no
  ~theme      99
  ~timeout      600
  ~urlimage      /sap/its/graphics
  ~urlmime      /sap/its/mimes
  ~usertimeout      240
  ~xgateway      sapdiag
  ~xgateways      sapdiag,sapxgwfc,sapxginet,sapextauth
  ~mysapcomgetsso2cookie 
  ~mysapcomusesso2cookie  1
  ~mysapcomssonoits  1
  for SSO check, execute web ui and then log on web ui
  I go to the Interation center and then go to the ERP information.
  but ITS log on screen appear.
  crm user and r/3 user is same.
  how can I do ??

  You use Server Port 3600, message server.
  It means, while creating a system you used wrong template and picked "SAP system using dedicated application server".
  You should use "SAP system with load balancing", since message server is doing load balancing.
  Once you selected correct template you will see "Message Server" instead of App and GW servers.
  Make sure to fill in
  Group  - Logon group to use. If not defined in R3, use SPACE
  Message Server - ansapdev01
  SAP Client = 150
  SAP System ID <SID> = DEV
  Server Port 3600
  System Type = SAP R/3
  It should work.
  Regards,
  Slava

• Multiple SRM Systems One SRM-MDM Catalog?

  Hi
  I'm currently upgrading our SRM 5.0 to SRM 7.01 with SRM-MDM Catalog 7.01.  Is it possible to use one SRM-MDM Catalog in our non-production environment and connect multiple SRM systems to it?
  For example our sandbox, development and QA SRM 7.01 systems would all connect to the same SRM-MDM Catalog 7.01.
  Thanks.
  Neil

  Hi,
  for non-production use and if it is just a catalog without custom coding running I see no problem in using one MDM server for multiple SRM systems (especially sharing one for sandboxes and dev). It is a setup I have seen multiple times and it worked always without problems.
  You should set up different repositories for each SRM system so that you don't interfere with each others data (i.e. suppliers or other lookups tied to SRM).
  You have to keep in mind that you have to upgrade all systems together. But you can always use separate MDM servers during the upgrade process and then consolidate onto one server when the upgrade is done.
  If you are running custom coding with your MDM catalog I would recommend having a separate MDM system for the QA SRM in order to be closer to the production set-up when testing your custom solution.
  Regards,
  Martin

• Find exact RFC Destination for Multiple backend Systems In SAP Gateway

  Hi Gateway developers,
  I have requirement,if gateway hub system has multiple backend systems( for example two backend systems: ECC and SRM ) then  how  hub system can get the suitable backend alias for exact entity collection..
  Here i have developed two entities one entity regards: ECC and second one regards SRM system..within this when I run the service it is always taking any of the same alias for both the collections..
  Can you please suggest me..
  Thanks
  Sreenivas Pachva

  Hi Srinivas,
  You can add the respective system Alias Name: Like logical system name in your URI also.
  Example:
  /sap/Service Name;mo=ECCCLNT210/zentity1?Customer1='0001'
  /sap/Service Name;mo=SRMCLNT400/zentity2?Customer2='ABCD'
  May this help you.
  Thanks,
  Saurabh Gupta

• Unable to define connector for multiple backend systems in BRM

  Hi,
  I am on GRCFND_A V.11 and SP04
  I have multiple backend systems integrated with GRC box. So far I was using one backend connector as default one for role maintenance but it is not feasible if you have to create roles in variuos backend connected systems. I know one way to do so, i can keep changing the default connectors whenever i need to create roles but that is obviously not at all the onw any one would like to go with.
  So, I tried to create unique connector groups for every individul backend connectors. But the issue is, the moment i assign the backend connector to the respective connector groups, the same gets reflected to other connector groups as well. So, whenever i either add or delete some of the connectors to any connector groups it gets modified/changed from all of the connector groups.
  These are the backend connectors where i have to create roles from BRM whenever needed.
  These are the connector groups:
  I followed to the ink: GRC AC 10 BRM: Default Connectors with Multiple Back-end R/3 Systems , which is the same as mine issue, but not able to come to the solution point.
  would appreciate for your quick response.
  Thanks,
  Ameet

  Could anyone suggest solution to the above mentioned issue please?

• Multiple SAP systems in MSCS

  Hello,
  We would like to install an ECC 6.0 and a CE in a cluster MSCS of two nodes.
  I've found the SAP documentation "Installation of Multiple SAP Systems in MSCS: Oracle" but the doc version is 03/30/2007. Could you please tell me wether there is a new version of this document? or where can I find more documentation about this?
  Is it recommended to create a domain between the cluster nodes? We're going to have 3 MSCS clusters with two systems in each cluster, should I create a domain for the three clusters, one domain per cluster or no domain at all?
  Thanks and regards,
  Ana.
  Edited by: systems2111 on Feb 3, 2010 9:46 AM

  Hello Shailesh,
  The scenario is the following:
  - MSCS between ECC and CE.
  - MSCS between Solution Manager and nothing.
  - MSCS between Websphere and SAP Business Objects
  Every MSCS has two machines. for example, ECC will run on one machine, CE oon the other machine and in case of problems the cluster will run the ECC in the CE node.
  I don't know if I have explain myself, but, anycase, please ask me with your doubts.
  Regards,
  Ana.