Skip to main content

How to .. Integration Non-SAP J2EE-based Web Applications into SAP Portal with SSO Part 1

We are going to integrate Non-SAP J2EE-based Web Applications into the SAP Portal with Application Integrator and SSO.

In this part, I will discuss the overall of these posts and configure the iView with Application Integrator

Overview of Integration.



To perform this integration must take into account the following steps:



  1. Deployment of the portal application for the creation of the system portal object
  2. Create and set the type of Application Integrator iView that will contain the applications to integrate.
  3. Installing SAPSSOEXT and SAPSECU libraries
  4. Deployment of the application gateway called SsoGatewayWeb
  5. Changing the target application.


This integration has the following restrictions:

  • It applies only for web applications based on J2EE Servlet.
  • Depend exclusively on the sucessful load of the libraries supported by SAP (sapssoext and sapsecu) in both Windows and UNIX environments.

  • The target application must have created a profile for the user id
    logged to the SAP portal, this should be equal to the id with which the logged user is
    in the portal.
  • It must have well-defined a web resource in the
    target application that allows the "login" to be used by iView of type
    "Application Integrator".
  • This solution is only applied to a SAP NetWeaver Portal 7.0.


These steps are broadly outlined below each of these steps.

Detailed Description.

1. Deployment of the application for establishment of portal partner.


We will need to deploy the application of type "Portal Application" on the portal. The name of such applications is:

com.cts.portal.appintegrator.webapp.par (link)

To install this applied to the portal will use the iView prescribed in:

"System Administration"> "Support"> Link "Portal Runtime"> "Administration Console".

To perform the action "Upload" ont "com.cts.portal.appintegrator.webapp.par" file as shown in Figure 1.

Figura 1. Admnistration console - “Portal Anywhere Admin Tools”

The purpose of this portal application is to define an object of the type "system" that will use with the Application Integrator component.

Now create the system object type in the PCD, based on the deployed file.

For this we must go to the iView "System Landscape Editor":
"System Administration"> "System Configuration"> "System Landscape.

Next, we will create a template system that use to create system objects to be
used individually by each iView of this type, as discussed below.




2.Template Creation System.



we will need to create a folder within "Portal Content" /
"My Personal Content" with the same name of the application to integrate.
Within it we'll create the folders: iView, Role and System.


a. Inside the folder "system" will create an object "system" by making use the option "System from PAR", see the Figure 2.

Figure 2. Creation of the System Template

b. Choose the option "com.cts.portal.appintegrator.webapp" associated with the portal application already deployed.

c. In Step 2, choose the unique option shown: WebApplicationIntegrator



d. In the step 3, complete the following information:

System Name: Web Application

System ID: WebApplicationIntegrator

System ID Prefix: com.cts.portal.appintegrator.webapp.



Then we click on the button "Finish" and choose to open the object
for editing, where you choose "Yes" in the attribute "Is a Template".
See Figure 3.


Figure 3. Edit Object "Template System.



Finally, we must save the changes. And we have created a template system that
will be used for any type SSO integracción using the Application
Integrator.

Next, we are going to detail the steps to integrate any web J2EE applications in the
SAP Portal using SSO. In this case we show the integration of the
application "My Struts Demo Web" which is deployed in an
application server instance (SAP
Netweaver Application Server 7.0).

Before proceeding we should have in mind:

  • Must be configured Single Sign-On between both servers.
  • The target server must accept SAP Logon Ticket.
  • The servers to integrate must be in the same domain, in this special case: mydomain.com.pe
  • Every communication must be using the POST method and possibly
    encrypted communications using SSL, HTTPS could be configured on both
    servers

3. Creation of System "MyCustomizeStrutsSSO"

Now we will create an object system from the previously created template. Shown in Figure 4.

Figure 4. Creation of system
MyCustomizeStrutsSSO

1. First, we will choose the option "Web Application", as in Figure 5.

Figure 5. Template Selection

2. In Step 2, fill the following information:

System Name: Talking to Management

System ID: MyPersonalSystem.

System ID Prefix: pe.com.mydomain.ssointegration

Then we click on the button "Finish" and open the object for editing.


3. Within the "Property Editor", choose from the attribute "Property Category" (the drop down component) the option: "Show All by Category".


4. In the group "System Definition" adds the following values.


Name of Server: myserver1.mydomain.com.pe

Port Number: 50100

Protocol of the Target system: http
URI of the web application: /strutsdemoweb/autentificar.do

Here the values that could vary, for this demonstration
applications would be the server name, port number and perhaps the
protocol of the target system.


5. In the group of attributes "UserManagment, put the following values:


Logon Method: SAPLOGONTICKET

User Mapping Type: User

See Figure 6.


Figure 6. Property Editor



6. We ensure that not be a template within the group properties "Info", and save our changes.


7. Finally, we create an alias to our system. We choose from the drop down list of
attribute "Display" under "System Aliases". And add the alias called
"myStrutsAlias.


Since the created system specifically for our target application, we will create the iView of "Application Integrator" type .

4.Creating iView “MyStrutsWebSSO”.

We need to go to the iView "Portal Content Studio" and choose the folder "iView" "we have created previously under the following path:


"Portal Content" / "My Personal Content" / "MyStrutsWebApplication"


Newxt, we'll create a new iView in the selected folder, and we follow the following steps:


1. First, we choose the type of iView to create: "Portal Component".


2. In the first step select "com.sap.portal.appintegrator.sap.


3. In the second step, selection of the portal component, choose "Generic".


4. In Step 3, General Propeiedades we enter our View details for this case as follows:

iView Name: Talking to Management

iView ID: strutssso
iView ID Prefix: pe.com.mydomain.ssointegration

Master Language: English


Finally, make click on the "Finish" button and open the iView for editing, after we choose the property to be viewed by category.


In the section "Content - Generic Launcher", configure the following attributes:

  • HTTP Request Method: POST
  • System: myStrutsAlias
  • URL Template: <System.protocol>: / / <System.server>:
    <System.port> <System.uri>? <Authentication>
  • Template URL Fragment for Single Sign-On: MYSAPSSO2 = <Request.SSO2Ticket>



Finally save the changes.


This would be all we need about portal configuration worth
mentioning that this iView must be assigned to an existing role or
create a new one and assign the role to a existing portal user to
visualize the result of the integration.


5. Installing Libraries SAPSSOEXT and SAPSECU



Having identified the operating system where our target
application is deployed, we need to download the libraries from the SAP
market place.

In the following link, these components are mentioned.

http://help.sap.com/saphelp_nw04s/helpdata/en/12/9f244183bb8639e10000000a1550b0/frameset.htm


Within the section "Dynamic Link Library SAPSSOEXT", we find the following:

"....
Download

From SAP Service Marketplace at service.sap.com / patches ®
(Downloads tab) ® SAP Support Packages ® Support Packages and Patches ®
Entry by Application Group ® Additional Components ® SAPSSOEXT ®
<platform> ® SAPSSOEXT lib for SAP logon ticket

..."

We must copy these libraries into the target server's file system. In case of Windows, should be under the system folder
called "Windows" or any directory within the% PATH% directory. In the case of
Unix or Linux, we must copy them into the folder $ LD_LIBRARY_PATH or $
LIBPATH, depending on the platform.




Please observe the following notes:

sapssoext (SAP note 1040335)

sapsecu (SAP note 870138)



6. Recovery and Installation of SAP Portal Digital Certificate


We will recover the certificate file installed on the SAP Portal through the iView "Key Store Administration, under the following path:


"System Administration"> "System Configuration"> "Keystore Administration.


Once inside the iView select "SAPLogonTicketKeypar-cert" from the
drop down list, then click the button "Download file verify.pse. As
shown in Figure 7.

Figure 7. Keystore Administration


The obtained file is copied into the file system folder of target application server. This location (URL) will be used later in the java coding.


Another important aspect is the ACL string we must have to generate,
which also will be used in coding. This value is generated by following the next sintasis template:



"the id of the issuing system" + "|" + "the client of the issuing
system" + "|" + "certification subject" + "|" + "certification issue" +
"|" + "serial number certification"

For our case will be:



PNW | 000 | OU = J2EE, CN = PNW | OU = J2EE, CN = PNW | 00

Where:

the id of the issuing system: PNW

the client of the issuing system: 000

certification subject: OU = J2EE, CN = PNW

certification issuer: OU = J2EE, CN = PNW

certification serial number: 00



Almost all this information is found in the previous picture.

In the second part of this blog, we will review to the code.

Labels:

Comments

Post a Comment

Popular posts from this blog

My first serious Groovy class ..... decompiling java classes with closures

After I read the chapter 6 "closures" of the book Groovy and Grails Recipe, and I decided to use the power of closures of Groovy for resource (files) with other problem that I had, decompile in one step every class of jar library. Well, the purpose of this class is call an external java decompiler (jad) from a Groovy class and execute the command into directory where the jar file was decompressed. And by using the power of closures executes recursively into this directory until find the classes. Well, no more words, here the class package demo class Executor { // directory where the library(jar) was decompressed def path /** * Execute the decompilation of the classes into the directory defined in the path * @return */ def decompileClasses(){ def directory = new File(path) //make use of closures defined in the Object class directory.eachFileRecurse { def name = it.absolutePath //if the current resource hasn't a .class extension continues with
Post a Comment
Read more

WebDynpro for Java: Tutorial of the Basic Usage of RoadMap Component

We will create a local Development component project of the type Web Dynpro as follow Our project will contain only 3 views with the purpose of show the basic usage of the roadMap object. After, we create our component controller RoadMap and the RoadMapView view as follow Now, we will create the 2 views more, the previous one will contain only the RoadMap Object (RoadMapView) used in all the project, the other ones show the flow between screens. Here the list of the 3 views: RoadMapView,  InitView, and ConfirmView. Now, we will add the component RoadMap object (it is on the Standar Complex Group) to the RoadMapView view, but first delete the default object added to the view, after we will need to add two steps (it could be more, depends of your logic) to our roadmap object. In order to do that we will use the Outline view of the NWDS. We add the two steps as follow The type steps to add at the RoadMap object will be ot the "RoadMapStep" type. The name of the steps are: Init
Post a Comment
Read more