Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
Former Member


Use Case:

To access SAP Gateway exposed services via SMP 3.0 using SSO Cookie based authentication

Pre-requisites:

SAP Gateway system is capable of handling cookies eg: MYSAPSSO2

Steps to Create MYSAPSSO2 Scenario

I) Enable SMP to access the backend https url:



  1. Open File->Open Keystor fFile in portecle
    Tool and go the Location where the smp_keystore.jks file is Located. i.e. SMP
    server->Configurations  and click ok to open the
    Keystore.jks, Password for the keystore is "changeit".

   2)  Go to Tools-> Import Trusted Certificate
and select the Back End System's Certificate from your system and click on
import

   3)  Click on the ok and yes buttons as shown below.

4) Enter the Alias Name for the
Certificate which is getting imported

5) Save the Keystore in the
portecle Tools once the certificate is imported. Otherwise the imported
certificate will not be Reflected in SMP server's Configurations.

II) SMP Gateway Cockpit Steps:

  1. Log on to the SMP Admin Cockpit https://<host>:8083/gateway/cockpit and go to the Destinations-> New
    Destination

           Provide the Destination Name, select destination type as HTTP, provide Destination URL, and Select Authentication
      Type as SSO Mechanism

Click on Add button to select from various SSO Mechanisms.

Select Technical User(Basic) authentication as authentication mechanism,
and click on Save button.

Different SSO Mechanisms at the Gateway cockpit is mainly used to test the destination connection and to initially test
the services in the cockpit.

The security profile created at the SMP Admin will overwrite the destination configurations created at the gateway
cockpit.

In a productive scenario we need to consume the services exposed in gateway cockpit through SMP.

For different SSO Mechanisms refer to the link

http://help.sap.com/saphelp_smp306svr/helpdata/en/7c/2dd0d470061014a8bfb9194fa26274/content.htm

Once the destination is created, in the https://<host>:8083/gateway/cockpit Click on register button,
provide the destination created and search for the service required to be
registered.

   With this we have registered the service in gateway cockpit. If we need to access this service by cookie based SSO
mechanism through SMP follow the steps mentioned in the next section.

III) SMP ADMIN Cockpit Steps


1. Log on to the SMP Admin Cockpit https://<host>:8083/Admin and go to the Settings-> Security
Profile tab.

2.  Create a security profile with HTTP/HTTPS Authentication and provide the URL of the Back end System from where odata
service is hosted and MYSAPSSO2 Cookie is enabled. Click on Save as Shown Below.

3. In the SMP Admin Cockpit https://<host>:8083/Admin create the application for the service

document url exposed in gateway cockpit as shown in screen shots below:

Provide the odata service exposed through gateway cockpit, and mark the service as internal.


Once this is done, application is ready to be consumed.


IV) Onboarding through REST CLIENT

Onboard to the created application in the REST client/Mobile Application though a
device


     Onboarding URL:

    

          http://<host>:8080/odata/applications/latest/<application id created in SMP>/Connections     


     Onboarding Headers:


          Content-Type: application/xml

          x-smp-appcid: <application1>

     Onboarding Post Body:


     <?xml version='1.0' encoding='utf-8'?>


     <entry xmlns="http://www.w3.org/2005/Atom"

               xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices"

               xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">

     <title type="text"/>

     <updated>2012-06-15T02:23:29Z</updated>

     <author>

     <name/>

     </author>

      <category
          term="applications.Connection"
          scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme"/>

     <content type="application/xml">

     <m:properties>

     <d:DeviceType>IOS</d:DeviceType>

     <d:DeviceModel m:null="true" />

     </m:properties>

     </content>

     </entry>

    

     Onboarding Operation: POST


          While onboarding it will initially ask for the user details, and for the subsequent requests it will use the Cookie we have configured.

After onboarding the entities of the application can be accessed via the url

http://<host>:8080/ <application id created in SMP>/<entites>

Headers:

  Content-Type: application/xml

  x-smp-appcid: <application1>




 
 
 
 
 
 
 
 
 
 
 
 





1 Comment