1 2 3 28 Previous Next

SAP Enterprise Portal

409 Posts

Welcome to the September and October edition of the SAP Portal news blog summarizing the highlights of the last two months. This time we have the following topics:

 

  • SAP TechEd News
  • SAP Fiori Launchpad News
  • SAP HANA Cloud Portal New
  • SAP Enterprise Portal News
  • Partner Test Events
  • Blogs from the Community

 

SAP TechEd News and Impressions

 

What is the role of Portals today, in which directions is SAP Portal transforming and which Portal deployment option is the right one in the days of cloud and SAP Fiori? These are question we discussed at SAP TechEd Las Vegas with many customers. For external facing scenarios, we see more and more customers now starting to adopt our solution HANA Cloud Portal to create their business sites. With many customers at SAP TechEd we discussed the question how the concepts of SAP Fiori launchpad and SAP Portal fit together. With the introduction of Fiori launchpad on the HANA Cloud Platform, you will also see Fiori launchpad and Fiori experience included into HANA Cloud Portal. We are in the process of transforming and reinventing portal - on the cloud and based on the SAP Fiori UX paradigm. If you are at SAP TechEd Berlin, join us and we continue the discussion. Check out our SAP TechEd information site built with our solution HANA Cloud Portal.

 

See here Aviad Rivlin in his packed networking session on SAP Fiori launchpad at SAP TechEd Las Vegas:

thurs_aviad_flp_packed.png


...and Yariv Zur explaining the Portal deployment options: On-Premise, Managed, or full cloud:

yariv_thurs_whichportalisright.png


SAP Fiori Lauchpad News

 

Get an overview on the latest release of SAP NetWeaver 7.4 Support Package Stack 08 (and the corresponding release NW 7.31 SP13) and the new features in SAP Fiori launchpad running in SAP Enterprise Portal.

 

Starting with SAP NetWeaver 7.4 SPS8 you can also run Fiori wave 2+ transactional applications in SAP Enterprise Portal. Watch this product demo showing how this integration is configured:

 

 

The integration between the SAP Enterprise Portal and the Fiori apps is getting more and more important for many customers. This new white paper will guide you through the common architectures for consuming the Fiori apps via the SAP Portal, and running the SAP Portal (with the Fiori apps) on mobile devices, outside of the corporate network. Read also the blog SAP Portal and SAP Fiori - Common Architecture by Aviad Rivlin.

 

You are interested in new and changed features of SAP Fiori launchpad in User Interface Add-On SPS10 for SAP NetWeaver? Then check out this blog written by me.

 

You missed SAP TechEd Las Vegas and you will also not go to Berlin? You can get some details on our SAP Fiori hands-on session in this blog and you can also watch some interesting product demos.

 

 

SAP HANA Cloud Portal

 

At SAP TechEd Las Vegas we announced the availability of the SAP Fiori launchpad running on SAP HANA Cloud Platform as part of the HANA Cloud Portal offering as a full SaaS (Software-as-a-Service) solution. Fiori launchpad on HANA Cloud Platform can run in a hybrid architecture, where the user interface is running on the cloud and the business data is consumed from the on-premise systems in a secured way. Or it can run in a full cloud architecture, where both the user interface and the data, resides in the cloud.

 

About two years ago Danone’s IT department was requested to develop a Web CRM system (B2E scenario) to be used by customer service operators working at Danone’s call centers located in South Africa.  They started with building a monolithic application, based on SAP UI5, but this solution did not fit all the requirements.  After reviewing some products available on the market, Danone chose SAP HANA Cloud Portal because of its flexibility and easy branding and customization, easy integration with SAP and non-SAP sources, out-of-the-box widgets, mobile consumption and social experience. The original monolithic application was broken down into smaller components that were reassembled into a portal website. You can find more information in this blog Marco Paciucci. At SAP TechEd && d-code in Berlin, November 11-13 2014, Danone will be hosting a session dedicated to this topic.

 

Developers may wonder, in which case they should use SAP HANA Cloud Portal or when a single “monolithic” application would be sufficient? This white paper aims at giving the developers the guidelines on when they should use Cloud Portal and what is the value proposition it offers to application developers.

 

SAP Enterprise Portal News

 

Applying corporate design guidelines to your SAP Enterprise Portal is about to become much easier. You should get familiar with using the UI Theme Designer tool in SAP Enterprise Portal, which is a browser-based tool that enables easy theme building by modifying one of the theme templates provided by SAP. For more information read this blog by Orit Harel - that also contains 3 great product demos (activating the theme designer, migrating thems with the theme designer, examples of theming capabilities).

 

In this blog post by Tal Haviv, you can find sample code on how to read/save cookies in portal component java code or using javascript.

 

The newer versions of IE with standards mode can cause many rendering issues, which affect EP rendering. Read this great blog by Maya Amit who analyzed different scenarios and describes how to solve the issues.

 

Partner Test Events

 

You can still register for our SAP HANA Cloud Portal partner tests in Palo Alto and Walldorf this year. These complementary 3-day hands-on partner events are aimed at partners who are looking to exploit opportunities in the marketplace by getting direct access to SAP HANA Cloud Portal and its integration with leading SAP cloud solutions such as SuccessFactors extension platform and SAP Cloud for Customer. Read more in this blog in which you also find the information how to register for the event.

 

Blogs of the Community


We recommend reading the following blogs written by members of the Portal and HANA Cloud Portal communities on SCN:

 

Embed YouTube Video with Custom Image & Text Overlay in HANA Cloud Portal Site by Ameya Pimpalgaonkar

 

Extending SuccessFactors by creating an extension site over HANA Cloud Portal (On Trial) by Zohar Yehezkely

 

SAP NetWeaver Portal Movie Critic: What Is Responsive design? by Mark Whately

Video: The World Today - Intern creates a pretty freakin cool event site

Director: SAP Portal

Published on Dec 10, 2013

 

This comedy is fresh and energetic, and its pace, acting, and dialog will appeal to people from young techies to seasoned office workers, no matter their line of work.

blog-emma-riding.png

 

The movie starts with the introduction of the youthful Event Intern Emma Green, who was "widely applauded in her office of Atomic Publishing for creating a pretty freakin' cool event site." In a reenactment of her amazing accomplishment, Emma is shown adding widgets and images to a webpage. As the voiceover informs us, creating the event site took Ms. Green "about five minutes." While we listen to other employees laud her hard work and understanding of technology, it's clear her colleagues have no idea how quickly and easily Emma created the event site.  As John Kimmel, Head of HR, puts it, "...these tech types--I'll tell you what, I mean, computers, the Internet, yeah… ."  With her ample free time, we see Emma doing all manner of non-work activities: sleeping at her desk, texting, and riding some kind of (totally rad and awesome) 4-wheeled bike through a corridor.

manager4.png

 

Favorite scene:  We see Emma's manager speaking to the camera in the foreground.  "[The IT department] didn't get it...  Young people, they get it.  Twitter, Facebook, you know?  They can do that stuff all day long.  No brainer.  Hack into things, control satellites?  This is exactly what we need for the office."  As her manager speaks, Emma is shown in the background shopping online, using Facebook, playing Candy Crush on her phone, and painting her nails.

 

If the movie was made purely for entertainment purposes, I rate it a 10/10.  However, if it was trying to convey information about the capabilities of SAP Portals or Hana Cloud Portal, I think it could be improved by conveying more information about which application Emma used to created the site -- perhaps by taking a little more time to show how she was using the tools, by pausing longer on frames that showed "Powered by Hana Cloud Portal," or by including more SAP branding in the shots.  I also think the movie could benefit from having someone mention "Hana Cloud Portal," "SAP Portal," etc. I think SAP terminology could be used in the movie in a way that still fits with the movie's tongue-in-cheek style.

 

Bottom Line:  This is a funny movie and worth re-watching, but I recommend making the SAP brand more apparent.

 


Liked this blog post?  Visit SAP NetWeaver Portal 2014 Movie Challenge for more movie reviews and all the details you need to blog your own movie review.

Hi,

when preparing a demo system for TechEd, we set up a Fiori Launchpad running on Enterprise Portal (blog to follow). To complete the demo, we planned to add a transaction edited using SAP Screen Personas to the Portal. I found a nice blog by Peter Spielvogel about the integration, but then noticed that this is on SAP Screen Personas 2.0, while our systemwas on 3.0.

 

 

Here is a description about how to integrate a transaction edited with SAP Screen Personas 3.0 into the Portal.

 

 

Step 1: Get the flavor ID in the Personas System

 

 

Go to SAP Screen Personas Flavor Maintenance (TA code /PERSONAS/FLAVORS) and search for your flavor. I used the transaction for which I had created the flavor to search.

 

FlavorMaintenance.png

In the results screen, you find the ID of the flavor.

 

FlavorID.png

 

 

 

 

 

 

Step 2: Create an HTTP system in the Portal

 

In the Portal system landscape, I created a new HTTP system to connect to the SAP Screen Personas system and gave it an alias. Next, I assigned end user permissions for my new system to the Fiori Launchpad user.

 

System.png

 

 

Step 3: Create a URL iView

 

In Portal Content Management, I created a new iView of type URL iView. I entered the relative path at URL: /sap/bc/personas and checked the Use system in URL box to include the system information of my PersonasHTTP in the URL.

 

The following URL parameters are important:

  • sap-personas-flavor: ID of my flavor
  • sap-user: Set to Mapped User
  • sap-password: Set to Mapped Password
  • ~transaction: The transaction for which the flavor was created
  • sap-client: Client of the SAP system
  • sap-language: My login language

URLiView.png

ParametersURLiView.png

 

 

To hand over the user parameters with the URL, the Portal as well as the Personas system have to be configured for SSL.

 

To make the iView visible in Fiori Launchpad, I had to set some properties in addition (will be described in my next blog) and to assign it to one of my Fiori Launchpad roles.

 

 

Step 4: Create user mappings

 

In Portal User Administration, I mapped the Portal user to the Personas system user.

 

User mapping.png

 

 

And here we go:

 

PersonasTile.png

Personasapp.png

 

Hope that was useful.

Best,
Sibylle

http://scn.sap.com/servlet/JiveServlet/showImage/102-52520-9-395640/Movie_banner_nwportal.png

 

 

In this video Aviad Rivlin, product manager for SAP Portal announced he will share information on topics of SAP NetWeaver Portal mobile edition, SAP Fiori and their integration.

 

 

Regarding purpose of this video cheerful background music, length of presentation of both platform and final invitation to join and attend this lecture is excellent.

 

Parts that could be improved:

- Aviad gives impression like he is reading text on the left side of the camera all the time except during invitation at the end of the video.

- at the end of the video  url's to social media pages of SAP Portal are displayed. Those URL's should be real links to those pages - it's widely used functionality.

 

Since I work with SAP CI and CC for almost 3 years now I came to conclusion that it is time to meet people from SAP I have been working with and what is the better occasion for that than TechEd conferences?

Combined with opportunity to learn something new during interesting lectures like it has been Avid lecture for sure, it will be the best used time.

 

This Blog is part of the SAP NetWeaver Portal Movie Critic - Challenge. For more information about that and how to participate check out  Announcement of SAP Portal and HANA Cloud Portal Gamification Movie Challenge

 

Thank you for taking the time to read my review.

 

Cheers,

Mario

Hello All,

 

UWL is one of the most vital organs of SAP Enterprise Portal. But somehow I feel its neglected by SAP. Instead of releasing half baked Mobile UWL, better focus on desktop version.

 

I have been using UWL from EP 6.0 version and to be honest I have not seen much functionality getting added to it. I just went through Netweaver 7.4 material and do not see a single feature added to UWL.

 

Take "Manage Substitution" functionality in UWL for our discussion. It was implemented long back.  But till date it does not support "END DATE" when workflow substitution gets created.

 

I find diffcult to answer below queries-

  • Why "Manage Substitution" link has be hidden somewhere in UWL which is hard to locate?
  • Why should my substitute have access to my workflow tasks when I am back from vacation?
  • Why I shall care to launch UWL and TURN off the rule once I am back from vacation? Isn't that overhead?

 

Technical Limitation?

I dont think there is any limitation which shall prevent SAP implementing this. As per my analysis, UWL uses below 3 function modules from each connected backend system ECC, SRM etc.

 

  • SAP_WAPI_SUBSTITUTES_GET
  • SAP_WAPI_SUBSTITUTE_MAINTAIN
  • SAP_WAPI_SUBSTITUTE_DELETE

 

I can see that SAP_WAPI_SUBSTITUTE_MAINTAIN is used to create the substitution. This function module already has field SUBST_END in its import parameters list.  See below screenshot.

 

 

SAP_WAPI_SUBSTITUTE_MAINTAIN.png

All SAP needs to do is provide value for that parameters when it makes JCO calls internally. Instead of this SAP developer releases a note 1629677 - In UWL it is not possible to set the substitution end date.

 

 

I know POWL is there but not all customers have switched over to it.  Dear SAP - please go through this and take corrective action and keep UWL live & kicking.

 

 

Regards,

Vinod Patil

Recently I received a requirement to integrate NWBC for HTML in our SAP Portal 7.01. Initially I thought it’s going to be a very easy development, but I faced few challenges due to design conflicts and compatibility issue between NWBC and Portal.  These challenges created issues in SSO (Single Sign On) and a reasonable time and effort was invested to find a solution.

The primary reason of writing this blog is to share my experience while accomplishing this activity. It is a simple implementation if you take care of design constraints.

Requirement:  In our Portal landscape we have a Role which contains SAP GUI access of different ECC systems like – CRM, SRM, ECC, GRC etc. We have created a common role called “SAP Login”. Below is the screen shot showing the structure of the Portal content. I added a new URL iview for NWBC within the same Portal structure under SAP Login role.

Blog Image1.png

 

Screen Shot of SAP Login Role on Portal before NWBC integration.

 

Blog Image2.png

 

Integration Scenarios:

1) NWBC connected to a Portal

2) Webdynpro ABAP application is integrated into a portal PAGE

3) iView is assigned to this PAGE & page (OBN target) to the role

 

Technical Challenge:  I created a URL iview and added that to the “SAP Login” role. Due to design constraints URL iview started throwing Portal runtime error , SSO was failing between NWBC and Portal.  Analyzing further I came to know that this is a known issue when we integrate NWBC for HTML in Portal. As per the SAP note - 1378659 - NWBC known issues & what to check when opening a ticket

This issue occurs due to OBN conflicts. Special OBN error: "Error in Calling Up Application"

 

Blog Image3.png

 

Solution:

The only solution to this issue is to “eliminate the PAGE and assign the iView (OBN target) directly to the role”. Finally I changed the design and directly assigned the URL iview to Role after eliminating all folder, pages and worksets.

This solution worked and I was able to access the NWBC for HTML using SSO.

 

Blog Image4.png

Reference:

SCN - http://scn.sap.com

SAP Service Market Place - https://websmp106.sap-ag.de/

The SAP Enterprise Portal is the recommended single point of access for applications and content for more than 10 years and being implemented by thousands of customers across regions and industries.

 

The SAP Portal UX is aligning with the Fiori UX in two dimensions:

  • The SAP Fiori launchpad in running on the SAP Enterprise Portal (as a new portal framework page)
  • Fiori applications serving as business content for the portal

 

A typical scenario for the SAP Enterprise Portal together with the Fiori apps is the consumption on mobile devices, providing access to the system from inside and outside of the corporate network on multiple devices. This integration raises many architectural and security questions, which eventually lead to the question: what is the common architecture to integrate the SAP Enterprise Portal and with Fiori apps?

 

Arch1.jpg

 

Typical reasons to integrate the SAP Enterprise Portal and SAP Fiori?

  • Provide end users a single point of access, with a single URL, to all the end users daily business applications (Fiori and non-Fiori) and content
  • Renew the SAP Enterprise Portal user experience with attractive, responsive and multi-device applications while keeping the established UIs in place
  • Aligned look&feel of the portal and the business applications (including Fiori apps)
  • Strong authentication and Single Sign-On concepts provided by the portal and the NetWeaver platform
  • Leverage existing investment in the SAP Enterprise Portal

 

To learn more about this topic, please have a look at the following new white-paper presenting the topic and shading light on the common architecture, especially when consuming apps from outside of the corporate network. If you would like to review only the architecture slides, these are also available in the following link.

 

Thanks Thomas Csapo for co-writing this white-paper and Andy Silvey for providing very valuable feedback.

Hello Friends,


Please go through SAP Netweaver Portal 7.3 documents. These are all basic documents like New Features in Portal 7.3, Single Sign-on ,Internationalization,Logon Page Customization etc...

 

Portal Capabilities in SAP Portal 7.3:- The New Portal Capabilities in SAP NetWeaver 7.3

 

New Features SAP NetWeaver 7.3 Portal:-

http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6096570d-c10a-2e10-3cb1-b2375dba8c24?overridelayout=true

 

Customization of Overview Page:-  AP EP 7.3 Customization of Overview Page: Creating roles as links instead of tabs in TLN

 

Customizing Logon Page :- Customizing Logon Page on Portal 7.3

 

SAP Portal Logon Page Customization:- SAP Portal Logon Page Customization

 

Configuring the Logon Screen - Identity Management - SAP Library

 

SSO configuration between SAP Portal 7.3 and ECC:-   SSO configuration between SAP Portal 7.3 and ECC 6.0 Ehp 6


Single Sign-on with SAP NetWeaver 7.3:- Single Sign-on with SAP Netweaver 7.3

 

Demonstration of how to create an application integration iView with SAP NetWeaver Portal 7.3. Creating Application Integration iView with SAP NetWeaver Portal 7.3

 

Internationalization:- Internationalization - Internationalization - SAP Library

 

Export-Import Transport Mechanism in Portal 7.3:-Transport Mechanism in EP 7.3 - Portal - SCN Wiki

 

SAP Documentation and Guides:-SAP NetWeaver Portal 7.3: SAP Documentation and Guides

and http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c084eeac-b97a-2c10-e8b0-a27b5608b5d2?overridelayout=true


Hope this is helpful

 

Regards

Vijay Kalluri

 

                Hello everyone . Here I am releasing a new blog in SCN, and in this case I will be doing a short post about the target by excellence in SAP: "Simplicity".

 

As we all know, but we don’t ever realize, time is passing through our lives, making us change and improve as a society, and in the same way, innovation and development grow with us. Technology and tools are updated and modified every day, providing us with better solutions and a new way to run our business. As the video shows, “businesses are becoming more Global, Mobile and Social”. Nevertheless, this growth brings with it some disadvantages, among them complexity, extending hardware (we can refer to Moore’s Law in here), and Big Data increasing, making it difficult to “Run Simple”.


In the video we can see how necessary is to simplify technology. In order to create a better environment, SAP Portal makes applications more attractive, more manageable and more accessible, allowing you to work better and faster in any device, which increases customer satisfaction, which increases business productivity, which increases “YOURSELF” as a person (“unlocking your potential”). Referring to Albert Einstein’s example, it will be simple if you are able to explain it to a six year old boy.


                 Thank you very much for taking time to read this post, I hope you enjoyed it. If you want to join me and my colleagues and participate I encourage you to click this link: http://scn.sap.com/community/netweaver-portal/blog/2014/02/20/announcement-of-sap-portal-gamifiation-movie-challenge. You will find in it all you need to participate.

 

                  Kind Regards

.

 

Hello everyone . Today I am releasing my first blog in SCN, and I will break the ice with a blog post for The Netweaver Portal Challenge talking a bit about a new application package that was recently released. This application package is SAP Fiori, which purpose is to make easier the user experience throughout SAP scenarios, something you will appreciate in the video posted.

 

As a user, I find myself sometimes among difficult situations because of the complex structure of a program I am working on (either at work or at home), and like me, I imagine thousands of people in the same situation every day, loosing plenty of time, sometimes even days, trying to be able to perform a simple process in a hundred transaction program instead of using that time to focus on other tasks. That's is the reason because I have been fascinated with the Fiori concept and chosen this video as my first post. SAP Fiori is a hole new improvement of customer experience, running in multiple devices, and being powered (among others) by Hana, the new computing platform in the SAP landscape. I will add as well that the music was kind of cool .

 

Following the video, we can see how simple can be to run some business applications in your portable device, such as cash control or travel requests, having access to all of them by just clicking one button. You can see how manageable and simple they are, like if you were all your life working with them. And then, we can see as well the simplicity of downloading and installing a new service application, as it is said, no one should expect training needed to download a song from the Apple Store, or a game from Google Play, so that simple should be for any user to manage his/her duties in the business world.

 

 

            Thank you very much for taking time to read this post, I hope you enjoyed it. If you want to join me and my colleagues and participate I encourage you to click this link : http://scn.sap.com/community/netweaver-portal/blog/2014/02/20/announcement-of-sap-portal-gamifiation-movie-challenge. You will find in it all you need to participate.

 

               Kind Regards

Introduction

In this blog I shall describe my experience in addressing a simple cross site script issue reported on a portal application as part of security testing and the tools that came in handy in this endeavour.

 

     Generally security testing is performed by using specially developed tools that scan the application and try to find and exploit security vulnerabilities.The tool also generates reports and also provide fix recommendations.Examples include IBM Appscan,Burp suite from PortSwigger Ltd etc.


I had to investigate a reflected cross site script(XSS) issue reported on a customized portal application.There is lot of literature available on the Internet about cross site scripting.This page from help.sap.com provides a lucid explanation.And a great resource on this topic is the the Open Web Application Security Project at https://www.owasp.org/index.php/XSS

 

Issue Description

 

In a custom portal application there is a HTML form inside a JSP page which contains username and password fields along with a checkbox.Upon user submission,this form is posted to an abstract portal component.The values entered in the form are retrived from the request(IPortalComponentRequest) object and are stored in IPortalComponentContext object.After the necessary business logic, the abstract portal component is redirected to irj/portal URL.On the server side,the values entered by the user are retrieved from the IPortalComponentContext object.Here the value of the checkbox field is stored in a java variable.In a javascript block inside the $(document).ready function,this value is further copied to a javascript variable.


The above scenario is implemented in JSPs on Apache tomcat server for demo purpose.Below is the pseudocode for the initial login.html

 

<input id="user" type="text" name="user" ....>

<input id="password" type="password" name="password" -->

<input type="checkbox" id="mycheck" name="mycheck" ...>

 

The values submitted are posted to intermediate jsp(NewFile.jsp) where the checkbox selection is stored in a JSP session.A HTML form in this JSP posts to the final JSP page.

 

<%

String text = request.getParameter("mycheck");

session.setAttribute( "checkbox_value", text );

......


String redirectURL = "<form id=\"redirectedform\" method=\"post\" action=\"final.jsp\">";

......

%>

 

In the final JSP page,the value stored in the session is retrieved and later copied to a javascript variable as below.

 

<%

String data = session.getAttribute("checkbox_value").toString();

....

%>

.....

<script language="javascript">

$(document).ready(function()  {

var checkbox_selection = "<%=data%>";

 

 

});

</script>


 

The above code is vulnerable because the value entered in the checkbox field is not encoded when it is being stored in the session object.The tool used for

security testing sent a string such as 54321";alert('XSS issue')//733  as the value for the checkbox.This value flowed till the final JSP and echoed in the response.

This is possible because the string is crafted in such a manner,as to make it a valid javascript statement in the runtime

 

 

var checkbox_selection = "<%=data%>"; would become

var checkbox_selection = "54321";alert('XSS issue')//733

 

The double quotation mark after 54321 and the following (;) character would neatly close the statement,following which is a javascript alert() statement.The

javascript single line comment indicator(//) would render the rest of the code non executable.


Now that the issue is reported by the security testing tool we need to test and validate if the issue actually occurs and the code is vulnerable.After all not all issued reported by such tools  turn out to be potential vulnerabilities.


How to validate:

 

This issue escaped unit testing because of the apparent difficulty in passing any text value for a checkbox field.From the HTML page rendered by the browser,a checkbox can either be selected or unselected.So we need to use a tool that can alter/tamper HTTP requests. "TamperData" plugin for Mozilla Firefox browser is one such tool offering this functionality.The tool can be installed as browser add on.


screenshot1.png


We need select this addon from Tools and select click on select Start Tamper button before submitting the request. After checking to tamper the request,

A popup box opens  that lists all the fields used in the form to edit. As can be seen from the below screenshot,the value 54321";alert('XSS issue')//733 is entered for the field mycheck and click on Ok button.screenshot3.png


Now as is expected,the alert pops up with the message "XSS issue" on the final jsp.


screenshot5.png

 

 

Solution


Since the existence of the issue is now confirmed,a solution is to be provided,In the above simple scenario,as mentioned earlier,the issue exists because the value of the checkbox is not  HTML encoded before being stored in the session.Encoding the output before before displaying it is a good practice and it need to be done for every input. HTML encoding ensures harmful symbols and HTML tags are converted to their harmless HTML representation,

Eg: '>' is converted to &gt;

The class com.sap.security.core.util.taglib.EncodeHtmlTag contains the required methods for HTML encoding/decoding on EP 7.0 In the latest versions of NW portal,the class com.sap.security.core.server.csi.XSSEncoder provides similar functionality.For complete information on various encoding functions offered by SAP, please refer this help page.



Hello everyone,

For my entry into the SAP NetWeaver Portal Movie Critic challenge I have decided to review the video "The World Today - Intern creates a pretty freakin cool event site" which can be viewed below.

 

 

I have chosen to review this video because it shows the ease with which sites can be created and does it in a fun, humorous manner that made it stand out from the crowd.

 

Across the internet there are so many "how to"s and demonstration videos and if you are like me then after a while they all start to blend into one in your memories, well I'm sure that won't be happening any time soon with this video. By exaggerating the "young people are able to do anything with technology" stereotype into this breaking news bulletin format the creators have given their video a signature look which makes it stand out from the crowd, and in this age of media content overload standing out from the crowd is the first and usually most difficult challenge a video will have to go through. There is some nice attention to detail with the humour too, it is worth re-watching the video just to see the antics going on in the background which would have likely been missed first time around.

 

On top of being humorous the video is also quite informative, the viewer will go away from the video with the lasting impression that the software in use is easy to understand and quick to pick up and the fact that it got this message across while it hardly even shows the software in use for more than 10 seconds of its run time is really impressive to me, I come away from this video knowing I would find it easy to create a site using this software even though I am a relative novice when it comes to development such as this.

 

All in all I really enjoyed watching this video and I would be glad to see the further adventures of our favourite intern Emma should any more of these videos be made. If you are feeling inspired and want to write your own review please go check out Announcement of SAP Portal and HANA Cloud Portal Gamification Movie Challenge, best of luck to everyone involved. Thank you for taking the time to read my review.

Regards,

Alan Kelly

Content development is the process of designing and developing an application that can cater to its end users with seamless access to company’s sensitive and nonsensitive data as well as external data to perform business operations. Different users must be able to access right content at the right time at the right place with adequate security in order to increase productivity and reduce cost and inconsistency. End users can customize and personalize the content application according to their nature of business and needs. For instance, customers can create and customize the application according to business domain like e-commerce or social network where most of the content will be related to web sites and web contents. Where as if the company is brick and mortar the user can store contents related to suppliers, orders, invoices, delivery details, shipments, inventory, sales orders etc.


To cut short, the business can develop an application to streamline its complete business process life cycle in one place. Where different users can access the content simultaneously with consistent look and feel throughout the application for instance, the employees can access to the companies data according to their roles and capacity. Content system administrator is responsible for granting permissions or revoking the permission based o roles. For instance, top tier management like directors and VP’s, CEO will have complete access to all the contents of the business.  Employees may restrict to access company’s sensitive data other employee’s salary etc.

The following are the main components/tabs for developing effective SAP netweaver portal content management application.

            a) Portal content management

            b) Portal content transaction

            c) Portal display

            d) Web resource repository

            e) Knowledge content

            f) Collaboration content

            g) Workflow content

            h) Content statistics


Let me explain each of these components briefly:


Portal content management

Under this end users can create their own portal content either they can create group folders or individual folders based on their needs. Users can store various contents like collaboration forums, wiki, contents from vendors, SAP, and even migrated contents from other sources such as remote servers, platforms, able to store portal administration, application, user even remote system access can be configured easily by mentioning URL’s, server names, IP addresses. Also end users can find built in templates, themes, and transport package, visual composers to create iViews, roles, and pages, work sets and store it into the separate folders so that it will be easy to locate as and when required. End user does not require coding to create business objects, web pages and iviews instead the application wizard will help them create and personalize.

Apart from that end users can create and store business objects for each line of business separately so that it will be extremely convenient for the users to access, process and managed the business activity effectively and efficiently. In addition to that, the application has options to look into the databases. The databases are designed and stored in the back end system using ABAP language to communicate with the database and retrieve data accordingly. Some virtual internal databases in the form of iviews like portal application, WSRP content, web dynpro java application, portlet application will be available under this heading. Hence, from the above explanation we can see that portal content management is a powerful tool if architecture is strategically developed in such a way that the business can utilize both internal and external content more effectively and efficiently while conducting business activities in real time. When the business streamlines its business operation along with automation companies can achieve tremendous competitive advantage over its competitors.


Portal content translation

At high level this is another important component that provides seamless support to its end users. In the sense that this component allows users to create and store and manage connection ports, tab sets, search providers, favorite providers, suggestion providers and even device group container. Again these sub folders will be the users to organize its tasks and roles and easily navigate to various contents. Here I would like to mention that there is a tow common subcomponents such as portal content and business objects are available and shared by both i.e. portal content management as well as portal content translation. This show the both portal content and business objects are most important aspects when it comes to effective development of portal content management application.


Portal display

Under this component the end users will be allowed to design and redesign the pages, iviews, roles and worksets according to their look and feel. The application wizard will help to achieve these tasks. No coding is required for the end users to access these contents. The users can able to personalize the portal as per their needs. These sum components are powered with inbuilt themes from which they can create new and themes, they can edit the existing schemes, generate ITS themes, it has Ajax theme studio to configure the themes at the first place. Only the system administrator is allowed to perform these tasks because it required coding skills ( Java and ABAP)only systems administrator with access permission can perform these activities.


Web resource repository

This components acts as a central repository for every level of users will increase the ease of access to web contents as an when requires. It also helps to reduce cost of maintenance. When it is centrally maintained it actually eliminates duplications of same web contents. Again it depends on level of access control possessed by each user. Most of the common web contents will be available to everyone and some will not be available to access. The system administrator is responsible who can access what and how. One of the main tools to access web resource repository is a search options where in user enters the required keywords and the system will retrieve it for them. The search options is so powerful because in the back end the all the web resources stored in the databases are archived and indexed i.e when creating the system allocates unique ID to each of the web resources automatically. This provides faster retrieval time when we enter any search terms.


Knowledge management content

This is another most important component for developing effective content management application. KM content provides complete access to all the data in reside in the portal and also in the data bases. It is called root aka master data aka Meta data aka data about the data. Here the user can view any folder and select the any heading for downloading the folders for conveniently because documents are segregated according to personal and public. Personal documents will be having additional security to access with and public documents will have standard security to access by users within the company. Even users have the options to look for deleted items in case they accidently deleted the important documents or report. The KM content has toolbox to permit to make folder settings, reports can be created, folders can be achieved to manage and organize the folders effective communication among different functional teams. The users can export templates from one destination to another without much difficulty. The user can also has the option to import templates from one place to another, it provides users to upload package, view pending imports, imports which is currently running and which is archived. Overall KM content provides complete and easy access to entire data of the company and also other external data in single portal through collaboration and integration. With this level of access to content the company can perform seamlessly to achieve productivity and earn profit for the organization.

 

 

Collaboration content

Many companies face immense challenge when it comes to collaborating and integrating once business applications to streamline its business process to achieve optimum productivity with limited resources. Companies face information silos when their business applications are not properly collaborated and integrated. Due to which there will be bottle necks, delay in work flow from one phase to another which in turn lead to loss to the company. This component provides content related to integration and collaboration required to perform various business activities and communicates effectively to process the workflow faster from one stage to another. This tam administers rooms aka sessions, achieve rooms. These are nothing but a meeting point to share and exchange the resources work as a team achieve desired goals put forth in the beginning of the project. Templates are available to create group as well as individual rooms as per their requirement and schedule. Users can create room to collaborate between employees, between business owner and the suppliers, between system administrator and the employees, between the customer and the employees. It also provides links to configure extension collaboration in case we want include additional resource to achieve specific tasks or goal. Configure room content stores, room mails to communicate with each other so that ever one involved in the tasks are in the same page, user can configure room categories, relationships. Here most of the tasks are performed by the portal content system administrator.


Workflow content has in built workflow templates, workflow instances, work items, work flow tasks, upon creating new workflow the system allocates unique template ID automatically and stores into the system. Is also maintains version control of start and end event and precedence constraints for smooth flow of work from one stage to another in a orderly fashion. It can accommodate work flows like quick tasks, feedbacks, nomination, generic application task etc. the users can load template from stored file or remove template including old one .This component helps the user to manage the workflow with hurdles and delay in business process, for instance when a customer places an order to purchase a product and this will be the first process in the business process life cycle. When the order is place the next process is to accept the order and acknowledge the order to the customer with email notification and generate a invoice and send it to customer to receive payment. Meanwhile a copy of invoice in send to the inventory management system where the system confirms the order and blocks the items for shipment and delivery and after the payment is received from the customer the shipment department delivers the consignment to the customer according to the sale contract. This process happens at a real time through integration of various business applications by automating the workflow. Here the workflow template helps to achieve the intended tasks.


Content statistics

Under content statistics the users can find portal activity report like pages and iviews that has been created. It will be displayed in the form of dash board which includes day, date/time, type, object name, hits, viewers ID’s, ID (system ID) which is automatically generated while creating this business objects. The statistics of the report will display the current state of collection and aggregation of portal activity data. The fields will be available in readable only format.


To conclude, the purpose of the portal content development is to integrate and collaborate business process application systems like order management, inventory management, finance, CRM, with the business partner or with the customers to conduct seamless business and reduce cost, inconsistency, ability to design and provide scalability to the application for future expansion is an important feature which will reduce huge cost. In order to achieve effective utilization of portal content the business should ensure accurate and relevant data is available in the database which is indexed and archived to facilitate faster retrieval as and when required. Because time is very precious in world of business especially when is involves systems and cutting edge technology. In order to access data securely the systems should be highly protected with advanced security features like single sign on, SSL, DMZ firewall security, audit trails, PCI compliance, Sarbanes Oxley regulations, two point authentication level systems. For instance, in order to approve any financial transaction this is of huge amount. The transaction has get approved from two authorized persons only then the transaction will get approved and process.


The content should be able to protect and Share Company’s sensitive data like financial agreements, patents, copyrights, customer information, supplier’s agreements, tenders, software codes etc. the content should  be developed in such a way that users can use and reuse the content over and over effectively and efficiently. By providing powerful search (delta search) methods and help options the user can locate right information at the right time to achieve business objectives. SAP netweaver portal content management application provides users to customize and personalized the portal application contents according to their type of business. the user can able to create their own style of pages, iviews, tasks, work sets, roles and store it in separate folders which is available at the left side portal in the form of navigation icons. Users can edit and modify as and when required how it should look and feel? What to include and what not to? 


Each tab has its own set of sub components under which user can create new folders to manage and organize contents according to the preferences. Whether the company is a ecommerce or brick and mortar the user can customize the application accordingly. For instance, let us assume that home depot has purchase the SAP enterprise portal for its business operations. The company will customize the applications in such a way that it creates separate folders to list out suppliers, customers, items catalog, reports like sales forecasting, sales turnover, and inventory control system, shipment and delivery, purchase orders, sales orders, accounting and finance etc. by maintain various activities separately provides users to navigate and access data quickly. Ultimately when these activities are collaborated and integrated with various business applications gives a competitive advantage over other rivalries in terms of higher performance, after sale service, faster deliver, eliminating information silos and achieves overall productivity of the company.


Last but not the least the benefits that the company will receive from effective utilization and well architectural design of portal content will provide,

  • Integration and collaboration of various business process when streamlined through automating the workflow and tasks will ensure competitive advantage over its competitors.
  • By providing adequate security to the company’s data will lead to increased trustworthy from customers and promote goodwill which eventually reduce substantial loss to the company. Because losing one customer is equal to retaining 3 customers.
  • By building scalable, durable and consistent portal content application a company can expand its business venture to new heights when the applications is scalable i.e. scalability ability to expand the existing applications to accommodate large amount of data and business transactions rather than building a new one from scratch. This reduces huge cost and time which can be utilized in any other productive business activities.

 

 

Masquerading

Masquerading means stealing vital data by convincing other user has a legitimate user, that is when two user is communicating with each other when the attacker burrows into the communication channel by identifying has the legit user and tricks the user by asking the user to provide sensitive information. This can happen in many ways one of the ways is by using another user's IP address and gaining access to the network. Another way is to stealing the user ID and password by attacking with cookies and fictitious certificates and authorization prompts. By sending spam emails attackers spoof login password from the users by giving fake email address. Masquerading can occur in many ways some of them are as follows.


IP spoof

IP spoofing is one of the ways to trick the user to reveal the secured information to the attacker. IP spoofing occurs when the attacker sends a pop up message consists of IP address from trusted source to user computer in order to defeat security measures and authentications.  The attacker modifies the packet headers to resemble the original one to only pose to challenge to believe. The host is temporarily disabled and left vulnerable to connect to the host computer with just a address based authentication. When the attacker access gains access to the targeted computer the then executed some commands to take away all the information like web site domains resided in the computer without the knowledge of the user. The user will not know when it happened and how it happened and thinks the requested authentication is from trusted host. And the attacker uses the stolen web site domain names to gain access into the web networks and highjack the web sites.

 

Identity Spoof

Another way or gaining access to secured systems is identity spoofing. In this scenario the attacker uses previously stolen authenticated certificate to pass the verification process. Identity spoofing can take place via two means. Passive and active attack where in passive attack both the end user will not know the attacker has gained access to the network and in the latter case the host will know the that there is a middle man allegedly gain accessed to the network using stolen certificate. The attacker persistently continues to gain access to information until the user reveals the identity of the user. This kind of attack can range from less danger to critical danger i.e. the attacker can gain access to user bank account details and make away with money and personal information.


Web Spoofing

Another way of attacking the user to reveal the information is by web spoofing. In web spoofing the attacker designs exact replica of the web page and identifies himself as a original website for instance when doing online shopping when a person places order and the page diverts the person the payment gate way during that buffer time the attacker sends the exact replica of payment gate way page for example (paypal). If the user neglects to identify the fake web page he/she ends up in entering the credit card information and the attacker executes some commands to retrieve those information to attacker computer. This attack can be very serious for both customers as well as for the vendors. The attacker can misuse the credit card information where customer losses money and vendors losses trust from the customer. The attacker instead of fake web page he creates false links and embeds malicious software into it. When the user clicks the link the malicious software triggers and sweeps the information without the knowledge of the user.

 

Email Spoofing

Email spoofing is also another type of attack on getting access to user information. The attacker sends fake emails identifying has legit owner seeking user id and password by creating a believable story. If the user believes that the email is from trusted source and replies to that email. Your information is lost to the attacker. This attack is most common attack through which they take away bank account numbers, user id password of net banking and misuse it later. Website owners in order to prevent this kind of attack they constantly warned by sending frequent emails no to reply to the emails seeking sensitive information via emails.

 

Prevention

When browsing look for http, https and lock signs before making financial transactions. Use encrypted and decrypted security to exchange sensitive information. Look for any pop ups which has malicious application which can be accidently downloaded into the host computer and the malicious software take away the sensitive information from the computer.

            SAP NetWeaver portal is a significant service provider to an enterprise portal. A number of inbuilt basic services like single sign on (SSO), integration, federation, personalization, and many more make it worthy to meet the requirements of any enterprise’s portal to facilitate its users. Users are benefitted in their day to day life decision making by accessing a huge amount of relevant data very quickly. It also helps to be productive in the competitive market scenario. It facilitates a single point of access to an integrated system with greater functionality by the access to the SAP and non SAP information sources. A number of features available into the SAP NetWeaver portal make it worthy to the users is as follows:

1) The portal framework which facilitates to integrate SAP and non SAP business applications into a portal. It also provides services to build new applications.

2) Knowledge management gives the capability to access to the available structured and unstructured information in a structured fashion by the help of other installable software units (like TREX). It facilitates to store unstructured information in various types of repositories. All the integrated repositories can be navigated by the search function in the portal by the users to get the information these repositories contain.

3) Collaboration has the capacity to connect users in the portal in the project space by a) virtual rooms where team members can share data and services from different geographical locations; b) groupware integration which integrates email and scheduling services used in the company; c) Asynchronous collaboration; d) Real time collaboration (RTC).

4) Unification maximizes the usefulness of a portal navigation between SAP customers by drag and relate navigation and by the ability to manipulate the relations between business objects. It balances user’s requirements to the retrieved data in business context.

5) Federated portal implementation is beneficial in sharing content between SAP and non SAP portals across organizations distributed landscape by single point of access to the portal. It helps to reuse the contact as well as applications by deploying throughout the organization without affecting each and every unit’s autonomy running in independent portals. Therefore, it helps to reduce the administrative efforts.

6) External facing portal gives a web exposure to the organizations portal by exposing information, applications, services, etc. to the anonymous as well as self registered users.

7) Enterprise workspace gives flexibility to integrate, organize and use various contents to the users.

8) Tool like web page composer give a chance to the portal users to create their own portal pages.

9) Wikis not only allows creating collaborative web pages, it also gives an option to the users to interlink the web pages.

Movie_banner_nwportal.png


How can we combine the "SAP NW Portal movie challenge 2014" and "SAP TechEd && d-code 2014"? That is easy!

We would like to ask you - as attendees of the big SAP TechEd events in Las Vegas and Berlin this year - to provide us a recap of your SAP TechEd experiences and also win SCN points and badges.


You do not know about the SAP Portal movie challenge? Then read this announcement blog to get the details.

 

How to proceed?

 

I. Win a SAP NW Portal Critic Badge: describe your SAP Portal SAP TechEd && d-code story and refer to an existing movie

 

You are attending SAP TechEd && d-code and you plan to attend some SAP Portal sessions? You are interested in SAP’s UX strategy and tools, SAP Fiori and SAP Fiori launchpad, SAP Enterprise Portal roadmap and strategy? Tell you what you learned and experienced at SAP TechEd, give us your feedback and let the community participate at your SAP TechEd story 2014.

  • Think about the SAP TechEd story, you would like to describe. It should be connected with SAP UX strategy and tools and/or SAP Portal and/or SAP Fiori technology.
  • Go to the SAP Enterprise Portal space. Please write the title in the following format: “SAP Enterprise Portal Movie Critic: <your own title>“.
  • Describe your story in the blog.
  • Check out our YouTube channel, which has many movies showcasing anything from successful implementations to testimonials created by us, customers and our partners. Find a movie which could fit to your story and link/insert it into your blog. Or check out the YouTube playlist of SAP TechEd && d-code. If you think that no movie really fits, just insert any kind of movie/video or screencam, you would like to add.
  • Publish your blog and make sure you inserted the video in it.
  • Add a comment to this instruction document to provide the link to your blog post.

 

II. Win a SAP Portal producer badge: describe your SAP Portal SAP TechEd && d-code story in your own movie

 

To win a SAP Portal producer badge you must go one step further. We would like to get from you a video, you created on your own, this video should show you while giving a short recap of your SAP TechEd experiences and impressions concerning again the topics SAP UX strategy, SAP Fiori and SAP Fiori launchpad, SAP Portal roadmap and strategy. What surprised and impressed you mostly during the event? What did your learn in the sessions, demos and expert discussions, what was new to you, what is the impact for your own business context?

  • Develop an idea for your SAP TechEd recap movie.
  • Create a 3-minute movie/screencam and upload it to any open video platform. YouTube is preferred, but you can also choose other platforms, that are open for public use.
  • Create a blog post in the SAP Enterprise Portal space and write the title in the following format: “SAP Enterprise Portal Movie Producer:<your own title>“.
  • Describe your SAP TechEd story and insert the video into it.
  • Publish your blog.
  • Add a comment to this instruction document to provide your blog post link.

 

Join our SAP Portal movie challenge now and get your SCN badge! Before you start, read the instruction document for the SAP Portal Movie Challenge.

Actions

Filter Blog

By author:
By date:
By tag: