Thursday, November 5, 2009

Integration Non-SAP J2EE-based Web Applications into SAP Portal with SSO

Overview of Integration

To perform this integration must take into account the following steps:

1. Deployment of the portal application for the creation of the system portal object
2. Create and set the type of Application Integrator iView that will contain the applications to integrate.
3. Installing SAPSSOEXT and SAPSECU libraries
4. Deployment of the application gateway called SsoGatewayWeb
5. Changing the target application.

This integration has the following restrictions:


1. It applies only for web applications based on J2EE Servlet.
2. Depend exclusively on the sucessful load of the libraries supported by SAP (sapssoext and sapsecu) in both Windows and UNIX environments.
3. The target application must have created a profile for the user id logged to the SAP portal, this should be equal to the id with which the logged user is in the portal.
4. It must have well-defined a web resource in the target application that allows the "login" to be used by iView of type "Application Integrator".
5. This solution is only applied to a SAP NetWeaver Portal 7.0.

These steps are broadly outlined below each of these steps.

Detailed Description.

1. Deployment of the application for establishment of portal partner.


We will need to deploy the application of type "Portal Application" on the portal. The name of such applications is:

com.cts.portal.appintegrator.webapp.par (link)

To install this applied to the portal will use the iView prescribed in:

"System Administration"> "Support"> Link "Portal Runtime"> "Administration Console".

To perform the action "Upload" ont "com.cts.portal.appintegrator.webapp.par" file as shown in Figure 1.



Figura 1. Admnistration console - “Portal Anywhere Admin Tools”


The purpose of this portal application is to define an object of the type "system" that will use with the Application Integrator component.

Now create the system object type in the PCD, based on the deployed file.

For this we must go to the iView "System Landscape Editor":
"System Administration"> "System Configuration"> "System Landscape.

Next, we will create a template system that use to create system objects to be used individually by each iView of this type, as discussed below.

2 .Template Creation System.

we will need to create a folder within "Portal Content" / "My Personal Content" with the same name of the application to integrate. Within it we'll create the folders: iView, Role and System.




a. Inside the folder "system" will create an object "system" by making use the option "System from PAR", see the Figure 2.



Figure 2. Creation of the System Template

b. Choose the option "com.cts.portal.appintegrator.webapp" associated with the portal application already deployed.

c. In Step 2, choose the unique option shown: WebApplicationIntegrator

d. In the step 3, complete the following information:
System Name: Web Application
System ID: WebApplicationIntegrator
System ID Prefix: com.cts.portal.appintegrator.webapp.

Then we click on the button "Finish" and choose to open the object for editing, where you choose "Yes" in the attribute "Is a Template". See Figure 3.



Figure 3. Edit Object "Template System.

Finally, we must save the changes. And we have created a template system that will be used for any type SSO integracción using the Application Integrator.

Next, we are going to detail the steps to integrate any web J2EE applications in the SAP Portal using SSO. In this case we show the integration of the application "My Struts Demo Web" which is deployed in an application server instance (SAP Netweaver Application Server 7.0).

Before proceeding we should have in mind:

Must be configured Single Sign-On between both servers.
The target server must accept SAP Logon Ticket.
The servers to integrate must be in the same domain, in this special case: mydomain.com.pe
Every communication must be using the POST method and possibly encrypted communications using SSL, HTTPS could be configured on both servers

3. Creation of System "MyCustomizeStrutsSSO"

Now we will create an object system from the previously created template. Shown in Figure 4.



Figure 4. Creation of system MyCustomizeStrutsSSO

1. First, we will choose the option "Web Application", as in Figure 5.



Figure 5. Template Selection

2. In Step 2, fill the following information:
System Name: Talking to Management
System ID: MyCustomizeStrutsSSO.
System ID Prefix: pe.com.mydomain.ssointegration

Then we click on the button "Finish" and open the object for editing.

3. Within the "Property Editor", choose from the attribute "Property Category" (the drop down component) the option: "Show All by Category".

4. In the group "System Definition" adds the following values.

Name of Server: myserver1.mydomain.com.pe
Port Number: 50100
Protocol of the Target system: http
URI of the web application: /strutsdemoweb/autentificar.do

Here the values that could vary, for this demonstration applications would be the server name, port number and perhaps the protocol of the target system.

5. In the group of attributes "UserManagment, put the following values:

Logon Method: SAPLOGONTICKET
User Mapping Type: User

See Figure 6.



Figure 6. Property Editor

6. We ensure that not be a template within the group properties "Info", and save our changes.


7. Finally, we create an alias to our system. We choose from the drop down list of attribute "Display" under "System Aliases". And add the alias called "myStrutsAlias.

Since the created system specifically for our target application, we will create the iView of "Application Integrator" type .

4.Creating iView “MyStrutsWebSSO”.

We need to go to the iView "Portal Content Studio" and choose the folder "iView" "we have created previously under the following path:

"Portal Content" / "MyPersonal Content" / "My Struts Application".

Next, we'll create a new iView in the selected folder, and we follow the following steps:

1. First, we choose the type of iView to create: "Portal Component".

2. In the first step select "com.sap.portal.appintegrator.sap.

3. In the second step, selection of the portal component, choose "Generic".

4. In Step 3, General Propeiedades we enter our View details for this case as follows:
iView Name: Talking to Management
iView ID: strutssso
iView ID Prefix: pe.com.mydomain.ssointegration
Master Language: English

Finally, make click on the "Finish" button and open the iView for editing, after we choose the property to be viewed by category.

In the section "Content - Generic Launcher", configure the following attributes:

1. HTTP Request Method: POST
2. System: myStrutsAlias
3. URL Template: : / / : ?
4. Template URL Fragment for Single Sign-On: MYSAPSSO2 =

Finally save the changes.


This would be all we need about portal configuration worth mentioning that this iView must be assigned to an existing role or create a new one and assign the role to a existing portal user to visualize the result of the integration.

5. Installing Libraries SAPSSOEXT and SAPSECU

Having identified the operating system where our target application is deployed, we need to download the libraries from the SAP market place.

In the following link, these components are mentioned.

http://help.sap.com/saphelp_nw04s/helpdata/en/12/9f244183bb8639e10000000a1550b0/frameset.htm


Within the section "Dynamic Link Library SAPSSOEXT", we find the following:

"....
Download
From SAP Service Marketplace at service.sap.com / patches ® (Downloads tab) ® SAP Support Packages ® Support Packages and Patches ® Entry by Application Group ® Additional Components ® SAPSSOEXT ® ® SAPSSOEXT lib for SAP logon ticket

..."

We must copy these libraries into the target server's file system. In case of Windows, should be under the system folder called "Windows" or any directory within the% PATH% directory. In the case of Unix or Linux, we must copy them into the folder $ LD_LIBRARY_PATH or $ LIBPATH, depending on the platform.


Please observe the following notes:
sapssoext (SAP note 1040335)
sapsecu (SAP note 870138)

6. Recovery and Installation of SAP Portal Digital Certificate


We will recover the certificate file installed on the SAP Portal through the iView "Key Store Administration, under the following path:

"System Administration"> "System Configuration"> "Keystore Administration.

Once inside the iView select "SAPLogonTicketKeypar-cert" from the drop down list, then click the button "Download file verify.pse. As shown in Figure 7.



Figure 7. Keystore Administration


The obtained file is copied into the file system folder of target application server. This location (URL) will be used later in the java coding.


Another important aspect is the ACL string we must have to generate, which also will be used in coding. This value is generated by following the next sintasis template:


"the id of the issuing system" + "|" + "the client of the issuing system" + "|" + "certification subject" + "|" + "certification issue" + "|" + "serial number certification"

For our case will be:

PNW | 000 | OU = J2EE, CN = PNW | OU = J2EE, CN = PNW | 00

Where:

the id of the issuing system: PNW
the client of the issuing system: 000
certification subject: OU = J2EE, CN = PNW
certification issuer: OU = J2EE, CN = PNW
certification serial number: 00

Almost all this information is found in the previous picture.

No comments:

Post a Comment