sapportalconfiguration

© SAP AG 1

©SAP AG 2005

SRM 6.0 –Portal Configuration

© SAP AG 2

© SAP AG 2006

Objectives

ContentsPortal Setup for mySAP SRM

ObjectivesAt the end of this chapter, you will be able to:

Download and install SRM Business Packages using JSPMConfigure User Management and Create UsersSetup connections to different SRM componentsUnderstand how to configure Single Sign-On (SSO)Configure Universal Work List (UWL)

© SAP AG 3

©SAP AG 2005

SRM Business Packages

Portal User ManagementPortal ConnectionsCatalog Integration into PortalPortal SSO ConfigurationPortal UWL Configuration

JSPM Introduction

© SAP AG 4

© SAP AG 2006

Business Package for mySAP SRM 6.0 - Offerings

The business package for mySAP SRM 6.0 offersPredefined portal content and roles for SRM-related business processes

Predefined integration with SAP applications and single sign-on to these applications.

A solution for portal user administration when various backend systems are deployed

Ongoing development of additional features with a predefined, reliable release schedule

A fully tested business package

SAP Consulting and customer support

Comprehensive SAP documentation within SAP Solution Manager

The business package includes different roles for specialists in theprocurement process likeStrategic purchaser

Operational Purchaser

Purchasing assistant

Purchasing Manager etc.

© SAP AG 5

© SAP AG 2006

Where to find SRM Business Packages

choose the sub-component, for exampleBP SRM 6.0, and then OS-independent

and download it

6

There are two options for downloading EP Business Packages:1) From the SAP Software Distribution Center (SWDC)2) From the SAP Developer Network (SDN)The preferred option is the SWDC, here is a description:

choose Entry by Component, and Portal Content5

choose SAP SRM (with SAP EBP), and then SAP SRM 6.04

choose Entry by Application Group, then Application Components3

choose Download, then Support Packages and Patches2

Logon to the Support Portal: http://service.sap.com/swdc1

Download the Business Package for SAP SRM 6.0 from SAP Software Distribution Center: http://service.sap.com/swdc → Download → Support Packages and Patches → Entry by Application Group → SAP Application Components → SAP SRM (WITH SAP EBP) → SAP SRM 6.0 → Entry by Component → Portal Content → BP SRM 6.0.

Business Packages are provided as .SCA (Software Component Archive Files)

SCA Files were originally designed for get installed by the SAP Software Delivery Manager (SDM) tool. As of NetWeaver2004s, SAP provides the JAVA Support Package Manager (JSPM).

The JSPM is used the SDM as underlying tool. The JSPM is now the recommended tool to apply SCA files.

Similiar to the ABAP Support Package Manager (SPAM), the JSPM uses per default the\usr\sap\trans\EPS\in as input directory.

For more information, see SAP Note 731386 (refers to JSPM), which applies to business packages on SAP Enterprise Portal (EP) 7.0.

© SAP AG 6

© SAP AG 2006

Choose SAP NetWeaver

BP-ERP Business Packages in SDN

The 2nd option is You can also download the ESS business packages from the SAP Developer Network. You find it under http://sdn.sap.com

Choose Portal

Choose Portal Content Portfolio

2

3

4

Choose Quick Link „List of Packages“ and download„Business Package for SRM 6.0“

5

Logon to the SAP Developer Network: http://sdn.sap.com1

However, it is recomended to use the SAP Service Marketplace for downloads. The reason why weintroduce the SDN here is that you have access to the BP documentation via a link in the SDN. Please seethe next slide for further details.

Instead of navigating through the SDN, you can jump directly to the Portal Content Portfolio with thefollowing URL:

https://www.sdn.sap.com/irj/sdn/developerareas/contentportfolio

© SAP AG 7

©SAP AG 2005



JSPM Introduction

© SAP AG 8

© SAP AG 2006

JSPM – Introduction (1)

New NetWeaver 2004s Tool: Java Support Package Manager (JSPM)

Most important JSPM features:Displays support package level information

Checks dependencies between versions of software componentsChecks whether a new software component version may correctly upgrade an existing software component versionChecks deployment dependencies between development components

JSPM is automatically deployed as part of every AS-JAVA usage type(as of NetWeaver 2004s)

JSPM uses the former SAP deployment tool SDM (Software Delivery Manager) as underlying layer

As of SAP NetWeaver Release 2004s, you can use the Java Support Package Manager (JSPM) to apply support packages to the deployed software components. You can also deploy new software components that are not part of an SAP usage type, to which you can then apply support packages.

All JSPM features:

Shares a common GUI with SAPinst and SAPJup

Automatically detects and offers you only components that can upgrade deployed components

Shows only necessary information and additional details at your request

Shows log files in an integrated Log Viewer

Deployed Component Overview

- Displays support package level information

Support Package Level Administration

- Allows the definition of dependencies between versions of software components

- Checks whether a new software component version may correctly upgrade an existing software component version

Development Component Level Administration

- Checks deployment dependencies between development components

© SAP AG 9

© SAP AG 2006

JSPM – Introduction (2)

New NetWeaver 2004s Tool: Java Support Package Manager (JSPM)

Most important JSPM features (continued):

Allows you to apply

Allows you to update kernel binaries and the SDM itself

Allows you to restart the deployment of support packages

Informs you if restarting of the J2EE Engine is necessary during the deployment process

a supportpackage stack

single supportpackages

new software components that

are not part of an SAP usage

type

All JSPM features (continued):

Update of Kernel Binaries and Software Deployment Manager (SDM)

- Allows you to update kernel binaries

- Allows you to update SDM

Deployment

- Allows you to apply a support package stack

- Allows you to apply single support packages

- Allows you to deploy new software components that are not part of an SAP usage type

- Informs you if restarting of the J2EE Engine is necessary during the deployment process

- Logs the deployment processAllows you to restart the deployment of support packages

© SAP AG 10

© SAP AG 2006

JSPM - Startup and Logon

Execute „go.bat“ in the <instance>\j2ee\JSPM directory to launch JSPM

Enter SDM Administrator password, so that JSPM can connect to SDM

In the file system, go to the <Drive>:\usr\sap\<SAPSID>\<Central_Instance_Name>\j2ee\JSPM directory.

Depending on the system, the name of the central instance has the following syntax:

• For a standalone system – JC<xx> • For an add-in system – DVEBMGS<xx>, where xx is the number of the central instance.

Run the go script file to start JSPM.

Enter your password for the SDM and choose Log On.

If you enter an incorrect password three times in a row, the SDM server will be stopped. You must start it and log on to the JSPM again.

JSPM connects to the SDM server to deploy support packages and software components. The SDM server performs additional validation of the support packages and software components for deployment.

A software component archive (SCA), Java archive (JAR) or SAP archive (SAR) can be deployed by the JSPM.

Before the deployment of a software component, the SDM server performs additional version checks. Only new software components that have a higher counter than the counter of the old software components can be deployed. For more information, see SAP Note 621928.

© SAP AG 11

© SAP AG 2006

JSPM – Deployment Options

Choose „Deployment“, and then „New Software Components“ to apply new Java components to an existing system

JSPM

Allows you to apply a support package stack

Allows you to apply single support packages

Allows you to deploy new software components that are not part of an SAP usage type

Informs you if restarting of the J2EE Engine is necessary during the deployment process

Logs the deployment processAllows you to restart the deployment of support packages

© SAP AG 12

© SAP AG 2006

JSPM – Deploy new Software Components

Launch JSPM an log on to JSPM

If you apply SRM business packages to an existing landscape, one of your tasks will be to deploy a new software component to your Enterprise Portal System.

In this example, we assume that you want to install:BPSRM01_0.SCA (contains the SRM Package for the Enterprise Portal)

The JSPM procedure is:

Choose “Deployment”, and then “New Software Components”

Choose all .SCA files which you want to install from the \usr\sap\trans\EPS\in directory. In our example it will be:•BPSRM01_0.SCA

1

2

3

Choose and dowload„Business Package for Employee Self-Service (mySAP ERP) 1.0“

4

JSPM builds a queue with the correct deployment order and performs a status check

Choose „Deployed Components to check if the SCA´s were really applied5

JSPM builds (similar to the ABAP transaction SPAM) a deployment queue and checks dependencieswithin the queue

After the installation, use JSPM to check if the desired .SCA files were applied successfully.

© SAP AG 13

©SAP AG 2005



JSPM Introduction

© SAP AG 14

© SAP AG 2006

Portal WebDynpro Authentication

AS-JAVA

Enterprise Portal

SAP SRM Server (AS-ABAP)

Certificate

User: ABC

User: ABC

Important facts:

Identical user name in all systems

Local assignment to roles/ authentications

WebDynpro Application

BP-SRM

The user name (Example user: ABC) must be identical in the AS-ABAP and the AS-JAVA. However, in each system (AS-ABAP and AS-JAVA) you have to assign individual roles and authentications locally.

The WebDynpro Application connections can be configured with:

Explicit logon with user/password

- username AND password must be kept identical in both systems

Logon ticket

- Password not used in SAP LogonTicket-based communication

Certificate (X.509)

- certificates must be generated in both system

- ensure that all certificates have the same expiration date

© SAP AG 15

© SAP AG 2006

Portal WebDynpro User Management - Overview

AS-JAVA

AS-JAVA

Enterprise Portal

System Landscape Directory

SAP SRM Server (AS-ABAP)

JCO

RFCLogonTicket

The WebDynpro Server connects to the

SLD via an HTTP connection,

with user „Administrator“, or an SLD

user which belongs to group

SAP_SLD_ADMINISTRATORS

The WebDynpro Server connects to the

SLD via an HTTP connection,

with user „Administrator“, or an SLD

user which belongs to group

SAP_SLD_ADMINISTRATORS

User AdministratorSU01: User ABC

UME:

UME:

User ABC

WebDynpro Application

BP-SRM

UME:

The system uses the administration user for the J2EE server with which you are logged on to check the authorizations. If this user does not exist in the SAP SRM system, the system issues the following error message when you check the connection:

com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: Unable to check the issuer of the SSO ticket.

© SAP AG 16

© SAP AG 2006

Configure User Management

The users created for the business package must havea business partnercentral personorganization unit relationship

assigned within the EBP system.

In addition to its own user store, the portal can be configured against the SRM Server system’s user management, LDAP, or EBP Central User Management Administration (CUA) ABAP client.

There are a number of potential scenarios for user management:Use Database only as Data SourceUse LDAP Directory as Data SourceUse Application Server ABAP as Data Source

© SAP AG 17

© SAP AG 2006

Logon to the Portal as Adminstrator user and choose System Administration -> System Configuration -> UME Configurationor call directly http://<portal-host>:<port>/useradmin

UME Data Sources

Select „ABAP System“ as Data Source

Please Note:„ABAP System“ is the default Setting in Double-Stack-Installations(for example, XI Systems)

„Database“ is the default Setting in Single-Stack-Installations(for example, Portal Systems)

Select „ABAP System“ as Data Source

Please Note:„ABAP System“ is the default Setting in Double-Stack-Installations(for example, XI Systems)

„Database“ is the default Setting in Single-Stack-Installations(for example, Portal Systems)

Several, so-called Data Source Configuration Files are offered:

dataSourceConfiguration_r3_roles_db.xml

- Create, read, and modify users in the AS ABAP system.

- You view ABAP roles as groups, but cannot modify them. You can create groups in the local AS Java database only.

dataSourceConfiguration_r3.xml

- The UME reads users from the AS ABAP system. You can only create and modify new users in the local AS Java database.

- You can create, read, and modify groups in the local AS Java database only.

dataSourceConfiguration_r3_rw.xml

- Create, read, and modify users in the AS ABAP system.

- You can create, read, and modify groups in the local AS Java database only.

The file dataSourceConfiguration_r3_roles_db.xml is functionally equivalent to dataSourceConfiguration_abap.mxl. The file dataSourceConfiguration_r3_roles_db.xml exists for upgrade compatibility only.

For information about when to change your configuration file, see SAP Note 718383.

For more information about dataSourceConfiguration_abap.xml, see User Management of Application Server ABAP as Data Source.

© SAP AG 18

© SAP AG 2006

User Management of ABAP System as Data Source

If „ABAP System“ is selected as Data Source:

• an ABAP user SAPJSF with roleSAP_BC_JSF_COMMUNICATION_RO must exist

• Users of the ABAP system are visible as users in theUME and can log on with their passwords from theABAP system

• Roles of the ABAP system appear as groups in the UME

• The hierarchy between collective roles and single roles isrealized as nested group structures

• New groups created with the AS Java are created in thedatabase of the AS Java

If „ABAP System“ is selected as Data Source:

• an ABAP user SAPJSF with roleSAP_BC_JSF_COMMUNICATION_RO must exist

• Users of the ABAP system are visible as users in theUME and can log on with their passwords from theABAP system

• Roles of the ABAP system appear as groups in the UME

• The hierarchy between collective roles and single roles isrealized as nested group structures

• New groups created with the AS Java are created in thedatabase of the AS Java

The User Management Engine (UME) can use an SAP NetWeaver Application Server (AS) ABAP as its data source for user management data. This enables for the following:

Users of the ABAP system are visible as users in the UME and can log on with their passwords from the ABAP system.

Roles of the ABAP system appear as groups in the UME. The hierarchy between collective roles and single roles is realized as nested group structures. New groups created with the AS Java are created in the database of the AS Java.

Different interpretations of the “contains in” relationship between ABAP systems and the UME results in a reversal of the visual arrangement of groups. A group representing a collective role is a child element of the group representing a single role. In the ABAP system, the single roles appear as child elements of collective roles.

User and role assignments in the ABAP system appear as user and group assignments in the UME. You can use the ABAP roles for authorization management in the UME, by adding the groups representing the ABAP roles to the UME roles.

When you use an AS ABAP as the data source for user management data, the following constraints apply when using the tools of the AS Java:

Password Administration

- Due to the security policy of the AS ABAP, users can change their passwords only once per day. This is true, even if an administrator resets the user’s password. However, if the administrator provides a new password, the user can and must change his or her password the next time he or she logs on.

© SAP AG 19

Read-Only and Read-Write Access to the ABAP User Management

- The file dataSourceConfiguration_abap.xml grants the UME read-write access to the AS ABAP by default. Write access to the AS ABAP system fails if one of the following is true for the system user communication between the UME and the AS ABAP (default name SAPJSF):

- The user has no ABAP role- The user is assigned to an ABAP role with read-only access

When the AS Java starts, the UME checks the roles assigned to the system user and if it finds no roles or only the role SAP_BC_JSF_COMMUNICATION_RO, the UME switches to read-only access for users located in the ABAP system.

If the UME has read-only access, you cannot modify user attributes stored in the ABAP system, like first name, and last name. You can modify attributes stored in the UME database, like street. Even if read-only access is assigned, users can still change their own passwords.

If the UME has read-write access, you can create users using the AS Java tools. They are stored as users in the AS ABAP. Extended user data that cannot be stored in the standard AS ABAP user record is stored in the database of the UME.

To enable read-write access to the system user, assign the system user the ABAP role SAP_BC_JSF_COMMUNICATION.

You can activate the self-registration and maintain-own-profile functions provided by the UME. In this way users can change their e-mail address, which they cannot change using the tools provided in the ABAP system

© SAP AG 20

© SAP AG 2006

User Mapping

Please Note:

In Identity Management you don´t need a user mapping if you have identical usernames in the portal and the backend system

On the other hand, you need user mapping if you DON´T have identical usernames in the portal and the backend system

In the Portal Alias, you can select EITHER user mapping OR normal sap logon

You cannot mix both methods within a Portal Alias

Please Note:

In Identity Management you don´t need a user mapping if you have identical usernames in the portal and the backend system

On the other hand, you need user mapping if you DON´T have identical usernames in the portal and the backend system

In the Portal Alias, you can select EITHER user mapping OR normal sap logon

You cannot mix both methods within a Portal Alias

© SAP AG 21

© SAP AG 2006

Creating Users

Users need to be created for the business package. You can create users manually in the portal; alternatively, purchasers can create their own portal users through the process of self-registraton in SRM Server.

Log on to the SAP Enterprise Portal with the SRM Administrator user.

In the SRM Administration workset, navigate as follows:Enterprise Buyer → Manage User DataClick the Create Users buttonComplete the information in the Enter User Data form that appears on the far right side of the screenSave

User Creation by Purchasers via Self RegistrationExecute the following URL in a browser: http://<SRMhost>:<port>/<ITS Path>/bbpat03/!

This will start an internal workflow that needs to be approved by a manager.

The SRM Manager of the backend system ensures that the user, business partner, and central person in the organizational structure are associated correctly.

Now, users can log on to the portal with their SRM user data password.

© SAP AG 22

© SAP AG 2006

SRM Roles - Portal

The portal provides standard roles for SRM applications

1

3

2

Besides the SRM roles, a user should have the roles eu_core_role, eu_role and Everyone assigned.

© SAP AG 23

© SAP AG 2006

Assigning Business Package Roles to Users in SAP EP

Users in the SAP Enterprise Portal must be assigned the appropriate roles within the portal for access to the content of the Business Package for SRM 6.0.

Logon to the SAP EP as a portal administrator.

Assign a BP role to each portal user according to the user’s business responsibility

For information on how to assign business package roles to portal users, see the documentation on Assigning Roles to Users and Groups on the SAP Help Portal.

In the portal choose User Administration -> Identity Management

Enter „Role“, „All Data Sources“ and „*srm*“ as search critera and press „GO“

Double-click on a role, for example „Strategic Purchaser“ to display the role details

In the Details, choose „Assigned Users“

Enter „All Data Sources“ and „*“ as search critera and press „GO“

© SAP AG 24

© SAP AG 2006

SRM Groups - Portal

The portal provides standard groups for SRM applications

1

3

2

Instead of assigning roles directly, you can also assign roles to a group and assign the groups to the users.

© SAP AG 25

© SAP AG 2006

Assigning Backend System Roles to Users in the Backend System

You need to assign roles to existing users in the backend systems that correspond to their portal role assignments.

In each backend system, use transaction SU01 to assign users to backend system roles.

© SAP AG 26

©SAP AG 2005



JSPM Introduction

© SAP AG 27

© SAP AG 2006

Systems and System Aliases

To use the Business Package for SRM 6.0, you must create a system that points to the SAP SRM 6.0 server.

You must assign the alias SAP_SRM to the system you create.

For the Business Intelligence (BI) Reports to be displayed, you must create an additional system that points to a SAP BI system, You must assign the alias SAP_BW to the BI system you create.

This following slides outline how to configure the following:Creating System ObjectsConfiguring System Objects for Backend SystemsCreating and Adding a Backend System Alias

SAP BW 7.0

BI_CONT 7.0.3

Basis plug-in

mySAPSRM 6.0 server

WD

EBP

SAP R/3 back-endsystem

SAP R/3 plug-in

FI/CO

Portal layerBusiness packagefor mySAP SRM 6.0

http(s)

Portal core

© SAP AG 28

© SAP AG 2006

Connection Alias to SRM System

Logon as Portal Administrator and choose„System Administration -> System Configuration“

Browse the content tree for system objects, for example choose „Content Provided by SAP -> Systems“

Logon as Portal Administrator and choose„System Administration -> System Configuration“

Browse the content tree for system objects, for example choose „Content Provided by SAP -> Systems“

This procedure outlines how to add a system alias for each system object.

You are logged on the SAP EP as a portal administrator.

You have created system objects.

You have configured system objects for corresponding external backend systems.

Use the alias name that corresponds to each backend system as indicated in the graphics

From the System Administration workset, navigate as follows:

System Administration → System Configuration → System Landscape and select your previously-created system object

Choose Open → System Aliases.

Enter an alias from the table below and choose Add.

Save your entry.

© SAP AG 29

© SAP AG 2006

Connection to AS-ABAP (in SRM System)

Enter the hostname and port numberof the ICM, which is running in theWebAS of your SRM Server

Enter the hostname and port numberof the ICM, which is running in theWebAS of your SRM Server

Create a system object for each backend system you decide to integrate with the Business Package for SRM 6.0.

You must log on to the Portal as System Administrator.

Identify if your system landscape includes SAP System with Load Balancing or a Dedicated Application Server for R/3.

The decision to choose either SAP System with Load Balancing or a Dedicated Application Server for R/3 was made when your backend systems were implemented.

We recommend SAP System with Load Balancing

Create the system objects. To do this, go to the SRM Portal Administration workset, navigate to the System Landscape iView as follows:

System Administration → System Configuration → System Landscape and select the desired location where you want to create the system objects, for example, you might create a folder called Systems.

Using the context menu (right-click), select New → System (from template).

Depending on your system landscape, select one of the following:

- SAP System with Load Balancing or Dedicated Application Server for R/3 System

Choose Next.

Enter at least the values in the following fields:

- System Name

- System ID

- Choose Next.

- Choose Finish.

If you want to create a connection to a BSP, ITS, or BW BEx Analyzer, you must fill in additional fields, likeWebAS Path, WebAS Protocol.

© SAP AG 30

© SAP AG 2006

Connection to ITS (in SRM System)

Enter the hostname and port number of theintegrated ITS, which is running in the WebAS of your SRM Server.

Also, enter /sap/bc/gui/sap/its/webgui as ITS pathThis path can be found in the Service Tree of transaction SICF.

Enter the hostname and port number of theintegrated ITS, which is running in the WebAS of your SRM Server.


Enter the Host Name always in the form: <server>.<domain>:<port>Create a system object for each backend system you decide to integrate with the Business Package for SRM 6.0.

You must log on to the Portal as System Administrator.Identify if your system landscape includes SAP System with Load Balancing or a Dedicated Application Server for R/3.

The decision to choose either SAP System with Load Balancing or a Dedicated Application Server for R/3 was made when your backend systems were implemented.We recommend SAP System with Load Balancing


System Administration → System Configuration → System Landscape and select the desired location where you want to create the system objects, for example, you might create a folder called Systems.Using the context menu (right-click), select New → System (from template).Depending on your system landscape, select one of the following:- SAP System with Load Balancing or Dedicated Application Server for R/3 SystemChoose Next.Enter at least the values in the following fields:- System Name- System ID - Choose Next.- Choose Finish.If you want to create a connection to a BSP, ITS, or BW BEx Analyzer, you must fill in additional fields, likeWebAS Path, WebAS Protocol.

© SAP AG 31

© SAP AG 2006

Connection Alias to SUS (in SRM-SUS System)










Save your entry.

© SAP AG 32

© SAP AG 2006

Connection to SUS (AS-ABAP in SRM System)

Enter the hostname and port numberof the ICM, which is running in theWebAS of your SRM-SUS Server

Enter the hostname and port numberof the ICM, which is running in theWebAS of your SRM-SUS Server

Create a system object for each backend system you decide to integrate with the Business Package for SRM 6.0.

You must log on to the Portal as System Administrator.

Identify if your system landscape includes SAP System with Load Balancing or a Dedicated Application Server for R/3.

The decision to choose either SAP System with Load Balancing or a Dedicated Application Server for R/3 was made when your backend systems were implemented.

We recommend SAP System with Load Balancing


System Administration → System Configuration → System Landscape and select the desired location where you want to create the system objects, for example, you might create a folder called Systems.

Using the context menu (right-click), select New → System (from template).

Depending on your system landscape, select one of the following:

- SAP System with Load Balancing or Dedicated Application Server for R/3 System

Choose Next.

Enter at least the values in the following fields:

- System Name

- System ID

- Choose Next.

- Choose Finish.

If you want to create a connection to a BSP, ITS, or BW BEx Analyzer, you must fill in additional fields, likeWebAS Path, WebAS Protocol.

© SAP AG 33

© SAP AG 2006

Connection to SUS ( ITS in SRM System)

Enter the hostname and port number of theintegrated ITS, which is running in the WebAS of your SRM-SUS Server.


Enter the hostname and port number of theintegrated ITS, which is running in the WebAS of your SRM-SUS Server.


© SAP AG 34

© SAP AG 2006

Connection Alias to BW System










Save your entry.

© SAP AG 35

© SAP AG 2006

Connection to BEx Analyzer (in BW System)

Enter the hostname and port number of the ICM, which is running in the WebAS of your BW Server.

Also, enter /sap/bw/bex as BSP path of the BExAnalyzer.

This path can be found in the Service Tree of transaction SICF.

Enter the hostname and port number of the ICM, which is running in the WebAS of your BW Server.

Also, enter /sap/bw/bex as BSP path of the BExAnalyzer.

This path can be found in the Service Tree of transaction SICF.

© SAP AG 36

© SAP AG 2006

Portal iView to ABAP WebDynpro Assignment

As you can see here, the Portal iView „My Purchasing Documents“ is assigned as „WebDynpro for ABAP“to the Application „powl“ with the Configuration „/SAPSRM/WDA_SRM_PA_PURCHASING“

Technically, the WebDynpro is called via URL „http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sap/powl“

Please note: This iView is shipped as part of the SRM 6.0 Business Package

As you can see here, the Portal iView „My Purchasing Documents“ is assigned as „WebDynpro for ABAP“to the Application „powl“ with the Configuration „/SAPSRM/WDA_SRM_PA_PURCHASING“

Technically, the WebDynpro is called via URL „http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sap/powl“


Logon to the Portal with a user who is a Content Administrator.

Choose Content Administration -> Portal Content

Expand the content tree to Portal Content -> Content Provided by SAP -> specialist -> SRM 6.0 -> iViews

In the example, we selected the iView Purchasing Assistant -> My Purchasing Documents

© SAP AG 37

© SAP AG 2006

Finding the Corresponding WD in the SRM Server

As you saw on the previous slide, application „powl“ with configuration „/SAPSRM/WDA_SRM_PA_PURCHASING“was assigned to a portal iView

In the SRM Server, call transaction SE80, select „Web Dynpro Comp./Inf.“ and search for „*POWL*“

Expand the tree until you find „/SAPSRM/WDA_SRM_PA_PURCHASING“

As you saw on the previous slide, application „powl“ with configuration „/SAPSRM/WDA_SRM_PA_PURCHASING“was assigned to a portal iView

In the SRM Server, call transaction SE80, select „Web Dynpro Comp./Inf.“ and search for „*POWL*“

Expand the tree until you find „/SAPSRM/WDA_SRM_PA_PURCHASING“

If you double-click on „POWL“, you can see the URL http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sap/powl in the right frame of the window

Remember that this URL only works, if you previously activated the path „/sap/bc/webdynpro“, and thecorresponding sub-paths in transaction SICF.

© SAP AG 38

© SAP AG 2006

Portal iView to BW Query Assignment

As you can see here, the BW Query „0SR_MC01_Q0007“ which belongsto the BW InfoCube „0SR_MC01“ is assigned to the portal iView „ABC Analysis for Suppliers“

Please note: This iView is shipped as part of theSRM 6.0 Business Package

As you can see here, the BW Query „0SR_MC01_Q0007“ which belongsto the BW InfoCube „0SR_MC01“ is assigned to the portal iView „ABC Analysis for Suppliers“

Please note: This iView is shipped as part of theSRM 6.0 Business Package

Logon to the Portal with a user who is a Content Administrator.

Choose Content Administration -> Portal Content

Expand the content tree to Portal Content -> Content Provided by SAP -> specialist -> SRM 6.0 -> iViews

In the example, we selected the iView BI Reports-> ABC Analysis for Suppliers

© SAP AG 39

© SAP AG 2006

Connection to Category Management

The SRM Scenario Category Management requires the Business Package „BP for Category Management“ to be installed in theEnterprise Portal

The Package uses the SAP WebDynpro JAVA Programming Model

A WebDynpro JAVA-based application does not only use Portal System Objects and Aliases, but also JCO Connections

For setting up the JAVA WebDynpro JCO Connection for CategoryManagement, refer to the Unit „WebDynpro Configuration“

mySAP SRM 6.0 server

CatMan

Bids,contracts, and

master data

SAP BW 7.0

BI_CONT 7.0.3

Basis plug-in

Portal layer

Knowledge management / collaboration room / UWL

cProjects4.0

cProjects4.0

CatManWeb Dynpro

Java application

RFC

Business packagefor mySAP SRM 6.0

Business packagefor CatMan

Business packagefor project portfolio management

and design collaboration 4.0

http(s)

© SAP AG 40

© SAP AG 2006

Performing a Connection Test

Please perform a „SAP Web AS connection“ test for each portal system object you created.

Please perform a „SAP Web AS connection“ test for each portal system object you created.

Logon to the Portal with a user who is a System Administrator.

Choose System Administration -> System Configuration

Edit a system object, and choose „Connection Tests“

© SAP AG 42

© SAP AG 2006

Portal Access to Multiple Catalogs - Example

As you can see here, a user called the „shop“ iView in the Portal.

In this example, the iView offers access to fourdifferent catalogs.

The next slide shows, how this can be configured

As you can see here, a user called the „shop“ iView in the Portal.

In this example, the iView offers access to fourdifferent catalogs.

The next slide shows, how this can be configured

© SAP AG 43

© SAP AG 2006

Assignment of Portal iView to Catalog URLs

As you can see here, the Portal iView „Shop“ is assigned as „WebDynpro for ABAP“to the Application „wda_l_fp_gaf“ with the Configuration „/SAPSRM/WDAC_GAF_SC“

Technically, this WebDypro Module is called via the URL „http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_gaf“


As you can see here, the Portal iView „Shop“ is assigned as „WebDynpro for ABAP“to the Application „wda_l_fp_gaf“ with the Configuration „/SAPSRM/WDAC_GAF_SC“

Technically, this WebDypro Module is called via the URL „http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_gaf“


Retrieving the corresponding WebDynpro on the SRM Servers works exactly the same way a describedearlier:

In the SRM Server, call transaction SE80, select „Web Dynpro Comp./Inf.“ and search for„/SAPSRM/*WDA_L_FP_GAF*“

Expand the tree until you find „/SAPSRM/WDAC_GAF_SC“

Double-click on „/SAPSRM/WDAC_GAF_SC“

Now you can see the URL http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_gafin the right frame of your window

© SAP AG 45

© SAP AG 2006

Typical Testing Error – User not in Org. Structure

Administrator users might run into testing problems, becausetheir user is not assigned in the Organizational Structure(Transaction PPOMA_BBP in the SRM Server)

Here is an example for a typical error message:

© SAP AG 47

© SAP AG 2006

Certificate Configuration

ABAPJ2EE

Enterprise Portal+ Web Dynpro Java

System

SRMSystem

1. Create Portal Certificate

2. Export Portal Certificate

3. Import Portal Certificate

4. Distribute Portal Certificate

For a detailed description, see SAP Note 711768For a detailed description, see SAP Note 711768

To implement Single Sign-On (SSO),

Certificates must be created and distributed

To implement Single Sign-On (SSO),

Certificates must be created and distributed

Single sign-on must be configured for the SAP Enterprise Portal and for each backend system to be integrated with the business package; the configuration procedure is the same.

The system objects for the mySAP SRM system within the system landscape have been configured with the logon method saplogonticket.

Users must have the same user ID in all SAP Systems that are accessed using SSO with logon tickets

If you want to use SAP Logon Tickets for SSO between different systems (J2EE Engines and ABAP Stacks), you have to exchange the ticket verification certificates.

Typically, users first logon on to the Enterprise Portal before starting an application on the backend system. Then the general guideline is:

Export the public key certificate of the cryptographic key pair that is used for ticket signature generation out of the store that stores it in the Enterprise Portal.

Import this public key certificate into the store in the Backend System that stores the certificate of all trusted Single Sign-On parties.

© SAP AG 48

© SAP AG 2006

Enterprise Portal - Create Portal Certificate

Create a new Portal

certificate, by using the

“Keystore Administration”

utility in the Enterprise Portal

Create a new Portal

certificate, by using the

“Keystore Administration”

utility in the Enterprise Portal

2

1

Log on to the SAP EP as a portal administrator. From the System Administration workset, navigate as follows:

System Administration → System Configuration → KeyStore Administration

Choose Download Verify .der file.

Save the file to your user-specified location.

In the backend system:

Extract the .zip file to upload the .der file into the system’s trust center.

To upload the file, go to the backend system and use the transaction strust.

Save your changes.

© SAP AG 49

© SAP AG 2006

Enterprise Portal – Export Portal Certificate

Export the Enterprise Portal

Certificate to a local file

Choose (*.key) as file type

Example: KTP.key

Export the Enterprise Portal

Certificate to a local file

Choose (*.key) as file type

Example: KTP.key2

3

4

1

5

Please Note:

SAP J2EE Engines 6.30 SP4 or later use the UME as user store.

Procedure:

Log on to the Visual Administrator.

In the list "views" mark "TicketKeystore".

Then, mark "SAPLogonTicketKeypair-cert" in the list "entries" and click "export".

Save under verify.crt, for instance. The file extension "crt" in this ui means the same format as "der" in the previous cases.

Exporting the ticket verification certificate:

- Start SAP J2EE Engine Visual Administrator (C:\usr\sap\<SID>\JC<nr>\j2ee\admin\go.bat):

- On the lefthand tab, click "cluster“ and navigate in the tree to Server->Services->Key Storage

- On the right panel, select the view “TicketKeystore“.

- The list of entries in this keystore view shows up.

- Select the entry SAPLogonTicketKeypair-cert and press button “Export”.

- Both supported export formats for the certificates are also supported for import in the ABAP stack, so it’s your choice

© SAP AG 50

© SAP AG 2006

SRM System - Import Portal Certificate

Import the Portal Certifcate (Example: KTP.cert)

into the backend system (/nSTRUSTSSO2)

Choose type “Base64” and “Add to certificate List”

Now, the new System (here:KTP) appears in the SSO List

Import the Portal Certifcate (Example: KTP.cert)

into the backend system (/nSTRUSTSSO2)

Choose type “Base64” and “Add to certificate List”

Now, the new System (here:KTP) appears in the SSO List1

2

3

4

Importing the ticket verification certificate into an ABAP Stack

In order to use SAP Logon Tickets issued by your engine to authenticate against an ABAP Stack, you have to import the ticket verification certificate of the issuing engine.

Start transaction STRUSTSSO2

In the left panel tree expand the node “Logon Ticket”.

In the right panel frame “Certificate” press button “Import certificate” to import your certificate.

Add the certificate to your certificate list by pressing the corresponding button “Add to Certificate List”

Add the certificate to your SSO ACL by pressing the corresponding button “Add to ACL”

In the following popup type in your engine’s <SID> in the field “WPS system” and the client ID you configured for ticket creation in your engine in the field “Client” (default is “000”)

Save your changes.

Import the public key certificate of J2EE engine into the ABAP Stack:for each client (for example: 000, 004, 888), import the certificate and add it to the ACL (enter “000” in the field “client”)

Distribute the tickets on all application servers (using STRUSTSSO2)

© SAP AG 51

© SAP AG 2006

SAP SRM System – Distribute Certificate

Do not forget to distribute the CertificatesDo not forget to distribute the Certificates

1

© SAP AG 53

© SAP AG 2006

Configure the Universal Worklist (UWL)

Configure the Universal Worklist for the Business Package for mySAP SRM 6.0A system connection for the SRM backend must already existCreate the UWL system: System Administration → System Configuration →Universal Worklist & Workflow → Universal Worklist Administration → NewRegister the UWL system under: System Administration → System Configuration → Universal Worklist & Workflow → Universal WorklistAdministration

Configure the Universal Worklist for the Business Package for mySAP SRM 6.0.

A system connection for the SRM backend must already exist.

Create the UWL system: System Administration → System Configuration → Universal Worklist & Workflow → Universal Worklist Administration → New.

Create the WebFlow Connector (for the Tasks pane):

Set the System Alias as the one used for configuring the backend system.

Set the connector type as WebFlowConnector.

Create the Alert Connector (for the Alerts pane):

Set the System Alias as the one used for configuring the backend system.

Set the connector type as AlertConnector.

Register the UWL system under: System Administration → System Configuration → Universal Worklist & Workflow → Universal Worklist Administration.

Choose Register.

© SAP AG 54

© SAP AG 2006

Assignment of Portal iView to UWL

As you can see here, the Portal iView „UWL“ is assigned as „WebDynpro for ABAP“ to the Application „wda_l_fp_oif“with the Configuration „/SAPSRM/WDAC_OIF_SC_PROF_PURCH“

Technically, this WebDypro Module is called via the URL „http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_oif“


As you can see here, the Portal iView „UWL“ is assigned as „WebDynpro for ABAP“ to the Application „wda_l_fp_oif“with the Configuration „/SAPSRM/WDAC_OIF_SC_PROF_PURCH“

Technically, this WebDypro Module is called via the URL „http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_oif“


Retrieving the corresponding WebDynpro on the SRM Servers works exactly the same way a describedearlier:

In the SRM Server, call transaction SE80, select „Web Dynpro Comp./Inf.“ and search for„/SAPSRM/*WDA_L_FP_OIF*“

Expand the tree until you find „/SAPSRM/WDAC_OIF_SC_PROF_PURCH“

Double-click on „/SAPSRM/WDAC_OIF_SC_PROF_PURCH“

Now you can see the URL http://p163045.wdf.sap.corp:8000/sap/bc/webdynpro/sapsrm/wda_l_fp_oifin the right frame of your window

© SAP AG 55

© SAP AG 2006

Summary

ContentsPortal Setup for mySAP SRM

Now you are able to:

Download and install SRM Business Packages using JSPMConfigure User Management and Create UsersSetup connections to different SRM componentsUnderstand how to configure Single Sign-On (SSO)Configure Universal Work List (UWL)

© SAP AG 56

© SAP AG 2006

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, and Informix are trademarks or registered trademarks of IBM Corporation.Oracle is a registered trademark of Oracle Corporation.UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc.JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden.SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG.This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice.SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.

Copyright 2006 SAP AG. All Rights Reserved

sapportalconfiguration

Documents

sap ebp sap srm

sap applications

portal content5choose

portal configuration

sap enterprise portal

srm business packageschoose

universal work list

examplebp srm