The SAP Enterprise Portal is the recommended single point of access for applications and content for more than 10 years and being implemented by thousands of customers across regions and industries.

 

The SAP Portal UX is aligning with the Fiori UX in two dimensions:

  • The SAP Fiori launchpad in running on the SAP Enterprise Portal (as a new portal framework page)
  • Fiori applications serving as business content for the portal

 

A typical scenario for the SAP Enterprise Portal together with the Fiori apps is the consumption on mobile devices, providing access to the system from inside and outside of the corporate network on multiple devices. This integration raises many architectural and security questions, which eventually lead to the question: what is the common architecture to integrate the SAP Enterprise Portal and with Fiori apps?

 

Arch1.jpg

 

Typical reasons to integrate the SAP Enterprise Portal and SAP Fiori?

  • Provide end users a single point of access, with a single URL, to all the end users daily business applications (Fiori and non-Fiori) and content
  • Renew the SAP Enterprise Portal user experience with attractive, responsive and multi-device applications while keeping the established UIs in place
  • Aligned look&feel of the portal and the business applications (including Fiori apps)
  • Strong authentication and Single Sign-On concepts provided by the portal and the NetWeaver platform
  • Leverage existing investment in the SAP Enterprise Portal

 

To learn more about this topic, please have a look at the following new white-paper presenting the topic and shading light on the common architecture, especially when consuming apps from outside of the corporate network. If you would like to review only the architecture slides, these are also available in the following link.

 

Thanks Thomas Csapo for co-writing this white-paper and Andy Silvey for providing very valuable feedback.

Hello Friends,


Please go through SAP Netweaver Portal 7.3 documents. These are all basic documents like New Features in Portal 7.3, Single Sign-on ,Internationalization,Logon Page Customization etc...

 

Portal Capabilities in SAP Portal 7.3:- The New Portal Capabilities in SAP NetWeaver 7.3

 

New Features SAP NetWeaver 7.3 Portal:-

http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6096570d-c10a-2e10-3cb1-b2375dba8c24?overridelayout=true

 

Customization of Overview Page:-  AP EP 7.3 Customization of Overview Page: Creating roles as links instead of tabs in TLN

 

Customizing Logon Page :- Customizing Logon Page on Portal 7.3

 

SAP Portal Logon Page Customization:- SAP Portal Logon Page Customization

 

Configuring the Logon Screen - Identity Management - SAP Library

 

SSO configuration between SAP Portal 7.3 and ECC:-   SSO configuration between SAP Portal 7.3 and ECC 6.0 Ehp 6


Single Sign-on with SAP NetWeaver 7.3:- Single Sign-on with SAP Netweaver 7.3

 

Demonstration of how to create an application integration iView with SAP NetWeaver Portal 7.3. Creating Application Integration iView with SAP NetWeaver Portal 7.3

 

Internationalization:- Internationalization - Internationalization - SAP Library

Internationalization (I18n) in NetWeaver Portal 7.3

 

Export-Import Transport Mechanism in Portal 7.3:-Transport Mechanism in EP 7.3 - Portal - SCN Wiki

 

SAP Documentation and Guides:-SAP NetWeaver Portal 7.3: SAP Documentation and Guides

and http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c084eeac-b97a-2c10-e8b0-a27b5608b5d2?overridelayout=true


Hope this is helpful

 

Regards

Vijay Kalluri

 

                Hello everyone . Here I am releasing a new blog in SCN, and in this case I will be doing a short post about the target by excellence in SAP: "Simplicity".

 

As we all know, but we don’t ever realize, time is passing through our lives, making us change and improve as a society, and in the same way, innovation and development grow with us. Technology and tools are updated and modified every day, providing us with better solutions and a new way to run our business. As the video shows, “businesses are becoming more Global, Mobile and Social”. Nevertheless, this growth brings with it some disadvantages, among them complexity, extending hardware (we can refer to Moore’s Law in here), and Big Data increasing, making it difficult to “Run Simple”.


In the video we can see how necessary is to simplify technology. In order to create a better environment, SAP Portal makes applications more attractive, more manageable and more accessible, allowing you to work better and faster in any device, which increases customer satisfaction, which increases business productivity, which increases “YOURSELF” as a person (“unlocking your potential”). Referring to Albert Einstein’s example, it will be simple if you are able to explain it to a six year old boy.


                 Thank you very much for taking time to read this post, I hope you enjoyed it. If you want to join me and my colleagues and participate I encourage you to click this link: http://scn.sap.com/community/netweaver-portal/blog/2014/02/20/announcement-of-sap-portal-gamifiation-movie-challenge. You will find in it all you need to participate.

 

                  Kind Regards

.

 

Hello everyone . Today I am releasing my first blog in SCN, and I will break the ice with a blog post for The Netweaver Portal Challenge talking a bit about a new application package that was recently released. This application package is SAP Fiori, which purpose is to make easier the user experience throughout SAP scenarios, something you will appreciate in the video posted.

 

As a user, I find myself sometimes among difficult situations because of the complex structure of a program I am working on (either at work or at home), and like me, I imagine thousands of people in the same situation every day, loosing plenty of time, sometimes even days, trying to be able to perform a simple process in a hundred transaction program instead of using that time to focus on other tasks. That's is the reason because I have been fascinated with the Fiori concept and chosen this video as my first post. SAP Fiori is a hole new improvement of customer experience, running in multiple devices, and being powered (among others) by Hana, the new computing platform in the SAP landscape. I will add as well that the music was kind of cool .

 

Following the video, we can see how simple can be to run some business applications in your portable device, such as cash control or travel requests, having access to all of them by just clicking one button. You can see how manageable and simple they are, like if you were all your life working with them. And then, we can see as well the simplicity of downloading and installing a new service application, as it is said, no one should expect training needed to download a song from the Apple Store, or a game from Google Play, so that simple should be for any user to manage his/her duties in the business world.

 

 

            Thank you very much for taking time to read this post, I hope you enjoyed it. If you want to join me and my colleagues and participate I encourage you to click this link : http://scn.sap.com/community/netweaver-portal/blog/2014/02/20/announcement-of-sap-portal-gamifiation-movie-challenge. You will find in it all you need to participate.

 

               Kind Regards

Introduction

In this blog I shall describe my experience in addressing a simple cross site script issue reported on a portal application as part of security testing and the tools that came in handy in this endeavour.

 

     Generally security testing is performed by using specially developed tools that scan the application and try to find and exploit security vulnerabilities.The tool also generates reports and also provide fix recommendations.Examples include IBM Appscan,Burp suite from PortSwigger Ltd etc.


I had to investigate a reflected cross site script(XSS) issue reported on a customized portal application.There is lot of literature available on the Internet about cross site scripting.This page from help.sap.com provides a lucid explanation.And a great resource on this topic is the the Open Web Application Security Project at https://www.owasp.org/index.php/XSS

 

Issue Description

 

In a custom portal application there is a HTML form inside a JSP page which contains username and password fields along with a checkbox.Upon user submission,this form is posted to an abstract portal component.The values entered in the form are retrived from the request(IPortalComponentRequest) object and are stored in IPortalComponentContext object.After the necessary business logic, the abstract portal component is redirected to irj/portal URL.On the server side,the values entered by the user are retrieved from the IPortalComponentContext object.Here the value of the checkbox field is stored in a java variable.In a javascript block inside the $(document).ready function,this value is further copied to a javascript variable.


The above scenario is implemented in JSPs on Apache tomcat server for demo purpose.Below is the pseudocode for the initial login.html

 

<input id="user" type="text" name="user" ....>

<input id="password" type="password" name="password" -->

<input type="checkbox" id="mycheck" name="mycheck" ...>

 

The values submitted are posted to intermediate jsp(NewFile.jsp) where the checkbox selection is stored in a JSP session.A HTML form in this JSP posts to the final JSP page.

 

<%

String text = request.getParameter("mycheck");

session.setAttribute( "checkbox_value", text );

......


String redirectURL = "<form id=\"redirectedform\" method=\"post\" action=\"final.jsp\">";

......

%>

 

In the final JSP page,the value stored in the session is retrieved and later copied to a javascript variable as below.

 

<%

String data = session.getAttribute("checkbox_value").toString();

....

%>

.....

<script language="javascript">

$(document).ready(function()  {

var checkbox_selection = "<%=data%>";

 

 

});

</script>


 

The above code is vulnerable because the value entered in the checkbox field is not encoded when it is being stored in the session object.The tool used for

security testing sent a string such as 54321";alert('XSS issue')//733  as the value for the checkbox.This value flowed till the final JSP and echoed in the response.

This is possible because the string is crafted in such a manner,as to make it a valid javascript statement in the runtime

 

 

var checkbox_selection = "<%=data%>"; would become

var checkbox_selection = "54321";alert('XSS issue')//733

 

The double quotation mark after 54321 and the following (;) character would neatly close the statement,following which is a javascript alert() statement.The

javascript single line comment indicator(//) would render the rest of the code non executable.


Now that the issue is reported by the security testing tool we need to test and validate if the issue actually occurs and the code is vulnerable.After all not all issued reported by such tools  turn out to be potential vulnerabilities.


How to validate:

 

This issue escaped unit testing because of the apparent difficulty in passing any text value for a checkbox field.From the HTML page rendered by the browser,a checkbox can either be selected or unselected.So we need to use a tool that can alter/tamper HTTP requests. "TamperData" plugin for Mozilla Firefox browser is one such tool offering this functionality.The tool can be installed as browser add on.


screenshot1.png


We need select this addon from Tools and select click on select Start Tamper button before submitting the request. After checking to tamper the request,

A popup box opens  that lists all the fields used in the form to edit. As can be seen from the below screenshot,the value 54321";alert('XSS issue')//733 is entered for the field mycheck and click on Ok button.screenshot3.png


Now as is expected,the alert pops up with the message "XSS issue" on the final jsp.


screenshot5.png

 

 

Solution


Since the existence of the issue is now confirmed,a solution is to be provided,In the above simple scenario,as mentioned earlier,the issue exists because the value of the checkbox is not  HTML encoded before being stored in the session.Encoding the output before before displaying it is a good practice and it need to be done for every input. HTML encoding ensures harmful symbols and HTML tags are converted to their harmless HTML representation,

Eg: '>' is converted to &gt;

The class com.sap.security.core.util.taglib.EncodeHtmlTag contains the required methods for HTML encoding/decoding on EP 7.0 In the latest versions of NW portal,the class com.sap.security.core.server.csi.XSSEncoder provides similar functionality.For complete information on various encoding functions offered by SAP, please refer this help page.



Hello everyone,

For my entry into the SAP NetWeaver Portal Movie Critic challenge I have decided to review the video "The World Today - Intern creates a pretty freakin cool event site" which can be viewed below.

 

 

I have chosen to review this video because it shows the ease with which sites can be created and does it in a fun, humorous manner that made it stand out from the crowd.

 

Across the internet there are so many "how to"s and demonstration videos and if you are like me then after a while they all start to blend into one in your memories, well I'm sure that won't be happening any time soon with this video. By exaggerating the "young people are able to do anything with technology" stereotype into this breaking news bulletin format the creators have given their video a signature look which makes it stand out from the crowd, and in this age of media content overload standing out from the crowd is the first and usually most difficult challenge a video will have to go through. There is some nice attention to detail with the humour too, it is worth re-watching the video just to see the antics going on in the background which would have likely been missed first time around.

 

On top of being humorous the video is also quite informative, the viewer will go away from the video with the lasting impression that the software in use is easy to understand and quick to pick up and the fact that it got this message across while it hardly even shows the software in use for more than 10 seconds of its run time is really impressive to me, I come away from this video knowing I would find it easy to create a site using this software even though I am a relative novice when it comes to development such as this.

 

All in all I really enjoyed watching this video and I would be glad to see the further adventures of our favourite intern Emma should any more of these videos be made. If you are feeling inspired and want to write your own review please go check out Announcement of SAP Portal and HANA Cloud Portal Gamification Movie Challenge, best of luck to everyone involved. Thank you for taking the time to read my review.

Regards,

Alan Kelly

Content development is the process of designing and developing an application that can cater to its end users with seamless access to company’s sensitive and nonsensitive data as well as external data to perform business operations. Different users must be able to access right content at the right time at the right place with adequate security in order to increase productivity and reduce cost and inconsistency. End users can customize and personalize the content application according to their nature of business and needs. For instance, customers can create and customize the application according to business domain like e-commerce or social network where most of the content will be related to web sites and web contents. Where as if the company is brick and mortar the user can store contents related to suppliers, orders, invoices, delivery details, shipments, inventory, sales orders etc.


To cut short, the business can develop an application to streamline its complete business process life cycle in one place. Where different users can access the content simultaneously with consistent look and feel throughout the application for instance, the employees can access to the companies data according to their roles and capacity. Content system administrator is responsible for granting permissions or revoking the permission based o roles. For instance, top tier management like directors and VP’s, CEO will have complete access to all the contents of the business.  Employees may restrict to access company’s sensitive data other employee’s salary etc.

The following are the main components/tabs for developing effective SAP netweaver portal content management application.

            a) Portal content management

            b) Portal content transaction

            c) Portal display

            d) Web resource repository

            e) Knowledge content

            f) Collaboration content

            g) Workflow content

            h) Content statistics


Let me explain each of these components briefly:


Portal content management

Under this end users can create their own portal content either they can create group folders or individual folders based on their needs. Users can store various contents like collaboration forums, wiki, contents from vendors, SAP, and even migrated contents from other sources such as remote servers, platforms, able to store portal administration, application, user even remote system access can be configured easily by mentioning URL’s, server names, IP addresses. Also end users can find built in templates, themes, and transport package, visual composers to create iViews, roles, and pages, work sets and store it into the separate folders so that it will be easy to locate as and when required. End user does not require coding to create business objects, web pages and iviews instead the application wizard will help them create and personalize.

Apart from that end users can create and store business objects for each line of business separately so that it will be extremely convenient for the users to access, process and managed the business activity effectively and efficiently. In addition to that, the application has options to look into the databases. The databases are designed and stored in the back end system using ABAP language to communicate with the database and retrieve data accordingly. Some virtual internal databases in the form of iviews like portal application, WSRP content, web dynpro java application, portlet application will be available under this heading. Hence, from the above explanation we can see that portal content management is a powerful tool if architecture is strategically developed in such a way that the business can utilize both internal and external content more effectively and efficiently while conducting business activities in real time. When the business streamlines its business operation along with automation companies can achieve tremendous competitive advantage over its competitors.


Portal content translation

At high level this is another important component that provides seamless support to its end users. In the sense that this component allows users to create and store and manage connection ports, tab sets, search providers, favorite providers, suggestion providers and even device group container. Again these sub folders will be the users to organize its tasks and roles and easily navigate to various contents. Here I would like to mention that there is a tow common subcomponents such as portal content and business objects are available and shared by both i.e. portal content management as well as portal content translation. This show the both portal content and business objects are most important aspects when it comes to effective development of portal content management application.


Portal display

Under this component the end users will be allowed to design and redesign the pages, iviews, roles and worksets according to their look and feel. The application wizard will help to achieve these tasks. No coding is required for the end users to access these contents. The users can able to personalize the portal as per their needs. These sum components are powered with inbuilt themes from which they can create new and themes, they can edit the existing schemes, generate ITS themes, it has Ajax theme studio to configure the themes at the first place. Only the system administrator is allowed to perform these tasks because it required coding skills ( Java and ABAP)only systems administrator with access permission can perform these activities.


Web resource repository

This components acts as a central repository for every level of users will increase the ease of access to web contents as an when requires. It also helps to reduce cost of maintenance. When it is centrally maintained it actually eliminates duplications of same web contents. Again it depends on level of access control possessed by each user. Most of the common web contents will be available to everyone and some will not be available to access. The system administrator is responsible who can access what and how. One of the main tools to access web resource repository is a search options where in user enters the required keywords and the system will retrieve it for them. The search options is so powerful because in the back end the all the web resources stored in the databases are archived and indexed i.e when creating the system allocates unique ID to each of the web resources automatically. This provides faster retrieval time when we enter any search terms.


Knowledge management content

This is another most important component for developing effective content management application. KM content provides complete access to all the data in reside in the portal and also in the data bases. It is called root aka master data aka Meta data aka data about the data. Here the user can view any folder and select the any heading for downloading the folders for conveniently because documents are segregated according to personal and public. Personal documents will be having additional security to access with and public documents will have standard security to access by users within the company. Even users have the options to look for deleted items in case they accidently deleted the important documents or report. The KM content has toolbox to permit to make folder settings, reports can be created, folders can be achieved to manage and organize the folders effective communication among different functional teams. The users can export templates from one destination to another without much difficulty. The user can also has the option to import templates from one place to another, it provides users to upload package, view pending imports, imports which is currently running and which is archived. Overall KM content provides complete and easy access to entire data of the company and also other external data in single portal through collaboration and integration. With this level of access to content the company can perform seamlessly to achieve productivity and earn profit for the organization.

 

 

Collaboration content

Many companies face immense challenge when it comes to collaborating and integrating once business applications to streamline its business process to achieve optimum productivity with limited resources. Companies face information silos when their business applications are not properly collaborated and integrated. Due to which there will be bottle necks, delay in work flow from one phase to another which in turn lead to loss to the company. This component provides content related to integration and collaboration required to perform various business activities and communicates effectively to process the workflow faster from one stage to another. This tam administers rooms aka sessions, achieve rooms. These are nothing but a meeting point to share and exchange the resources work as a team achieve desired goals put forth in the beginning of the project. Templates are available to create group as well as individual rooms as per their requirement and schedule. Users can create room to collaborate between employees, between business owner and the suppliers, between system administrator and the employees, between the customer and the employees. It also provides links to configure extension collaboration in case we want include additional resource to achieve specific tasks or goal. Configure room content stores, room mails to communicate with each other so that ever one involved in the tasks are in the same page, user can configure room categories, relationships. Here most of the tasks are performed by the portal content system administrator.


Workflow content has in built workflow templates, workflow instances, work items, work flow tasks, upon creating new workflow the system allocates unique template ID automatically and stores into the system. Is also maintains version control of start and end event and precedence constraints for smooth flow of work from one stage to another in a orderly fashion. It can accommodate work flows like quick tasks, feedbacks, nomination, generic application task etc. the users can load template from stored file or remove template including old one .This component helps the user to manage the workflow with hurdles and delay in business process, for instance when a customer places an order to purchase a product and this will be the first process in the business process life cycle. When the order is place the next process is to accept the order and acknowledge the order to the customer with email notification and generate a invoice and send it to customer to receive payment. Meanwhile a copy of invoice in send to the inventory management system where the system confirms the order and blocks the items for shipment and delivery and after the payment is received from the customer the shipment department delivers the consignment to the customer according to the sale contract. This process happens at a real time through integration of various business applications by automating the workflow. Here the workflow template helps to achieve the intended tasks.


Content statistics

Under content statistics the users can find portal activity report like pages and iviews that has been created. It will be displayed in the form of dash board which includes day, date/time, type, object name, hits, viewers ID’s, ID (system ID) which is automatically generated while creating this business objects. The statistics of the report will display the current state of collection and aggregation of portal activity data. The fields will be available in readable only format.


To conclude, the purpose of the portal content development is to integrate and collaborate business process application systems like order management, inventory management, finance, CRM, with the business partner or with the customers to conduct seamless business and reduce cost, inconsistency, ability to design and provide scalability to the application for future expansion is an important feature which will reduce huge cost. In order to achieve effective utilization of portal content the business should ensure accurate and relevant data is available in the database which is indexed and archived to facilitate faster retrieval as and when required. Because time is very precious in world of business especially when is involves systems and cutting edge technology. In order to access data securely the systems should be highly protected with advanced security features like single sign on, SSL, DMZ firewall security, audit trails, PCI compliance, Sarbanes Oxley regulations, two point authentication level systems. For instance, in order to approve any financial transaction this is of huge amount. The transaction has get approved from two authorized persons only then the transaction will get approved and process.


The content should be able to protect and Share Company’s sensitive data like financial agreements, patents, copyrights, customer information, supplier’s agreements, tenders, software codes etc. the content should  be developed in such a way that users can use and reuse the content over and over effectively and efficiently. By providing powerful search (delta search) methods and help options the user can locate right information at the right time to achieve business objectives. SAP netweaver portal content management application provides users to customize and personalized the portal application contents according to their type of business. the user can able to create their own style of pages, iviews, tasks, work sets, roles and store it in separate folders which is available at the left side portal in the form of navigation icons. Users can edit and modify as and when required how it should look and feel? What to include and what not to? 


Each tab has its own set of sub components under which user can create new folders to manage and organize contents according to the preferences. Whether the company is a ecommerce or brick and mortar the user can customize the application accordingly. For instance, let us assume that home depot has purchase the SAP enterprise portal for its business operations. The company will customize the applications in such a way that it creates separate folders to list out suppliers, customers, items catalog, reports like sales forecasting, sales turnover, and inventory control system, shipment and delivery, purchase orders, sales orders, accounting and finance etc. by maintain various activities separately provides users to navigate and access data quickly. Ultimately when these activities are collaborated and integrated with various business applications gives a competitive advantage over other rivalries in terms of higher performance, after sale service, faster deliver, eliminating information silos and achieves overall productivity of the company.


Last but not the least the benefits that the company will receive from effective utilization and well architectural design of portal content will provide,

  • Integration and collaboration of various business process when streamlined through automating the workflow and tasks will ensure competitive advantage over its competitors.
  • By providing adequate security to the company’s data will lead to increased trustworthy from customers and promote goodwill which eventually reduce substantial loss to the company. Because losing one customer is equal to retaining 3 customers.
  • By building scalable, durable and consistent portal content application a company can expand its business venture to new heights when the applications is scalable i.e. scalability ability to expand the existing applications to accommodate large amount of data and business transactions rather than building a new one from scratch. This reduces huge cost and time which can be utilized in any other productive business activities.

 

 

Masquerading

Masquerading means stealing vital data by convincing other user has a legitimate user, that is when two user is communicating with each other when the attacker burrows into the communication channel by identifying has the legit user and tricks the user by asking the user to provide sensitive information. This can happen in many ways one of the ways is by using another user's IP address and gaining access to the network. Another way is to stealing the user ID and password by attacking with cookies and fictitious certificates and authorization prompts. By sending spam emails attackers spoof login password from the users by giving fake email address. Masquerading can occur in many ways some of them are as follows.


IP spoof

IP spoofing is one of the ways to trick the user to reveal the secured information to the attacker. IP spoofing occurs when the attacker sends a pop up message consists of IP address from trusted source to user computer in order to defeat security measures and authentications.  The attacker modifies the packet headers to resemble the original one to only pose to challenge to believe. The host is temporarily disabled and left vulnerable to connect to the host computer with just a address based authentication. When the attacker access gains access to the targeted computer the then executed some commands to take away all the information like web site domains resided in the computer without the knowledge of the user. The user will not know when it happened and how it happened and thinks the requested authentication is from trusted host. And the attacker uses the stolen web site domain names to gain access into the web networks and highjack the web sites.

 

Identity Spoof

Another way or gaining access to secured systems is identity spoofing. In this scenario the attacker uses previously stolen authenticated certificate to pass the verification process. Identity spoofing can take place via two means. Passive and active attack where in passive attack both the end user will not know the attacker has gained access to the network and in the latter case the host will know the that there is a middle man allegedly gain accessed to the network using stolen certificate. The attacker persistently continues to gain access to information until the user reveals the identity of the user. This kind of attack can range from less danger to critical danger i.e. the attacker can gain access to user bank account details and make away with money and personal information.


Web Spoofing

Another way of attacking the user to reveal the information is by web spoofing. In web spoofing the attacker designs exact replica of the web page and identifies himself as a original website for instance when doing online shopping when a person places order and the page diverts the person the payment gate way during that buffer time the attacker sends the exact replica of payment gate way page for example (paypal). If the user neglects to identify the fake web page he/she ends up in entering the credit card information and the attacker executes some commands to retrieve those information to attacker computer. This attack can be very serious for both customers as well as for the vendors. The attacker can misuse the credit card information where customer losses money and vendors losses trust from the customer. The attacker instead of fake web page he creates false links and embeds malicious software into it. When the user clicks the link the malicious software triggers and sweeps the information without the knowledge of the user.

 

Email Spoofing

Email spoofing is also another type of attack on getting access to user information. The attacker sends fake emails identifying has legit owner seeking user id and password by creating a believable story. If the user believes that the email is from trusted source and replies to that email. Your information is lost to the attacker. This attack is most common attack through which they take away bank account numbers, user id password of net banking and misuse it later. Website owners in order to prevent this kind of attack they constantly warned by sending frequent emails no to reply to the emails seeking sensitive information via emails.

 

Prevention

When browsing look for http, https and lock signs before making financial transactions. Use encrypted and decrypted security to exchange sensitive information. Look for any pop ups which has malicious application which can be accidently downloaded into the host computer and the malicious software take away the sensitive information from the computer.

            SAP NetWeaver portal is a significant service provider to an enterprise portal. A number of inbuilt basic services like single sign on (SSO), integration, federation, personalization, and many more make it worthy to meet the requirements of any enterprise’s portal to facilitate its users. Users are benefitted in their day to day life decision making by accessing a huge amount of relevant data very quickly. It also helps to be productive in the competitive market scenario. It facilitates a single point of access to an integrated system with greater functionality by the access to the SAP and non SAP information sources. A number of features available into the SAP NetWeaver portal make it worthy to the users is as follows:

1) The portal framework which facilitates to integrate SAP and non SAP business applications into a portal. It also provides services to build new applications.

2) Knowledge management gives the capability to access to the available structured and unstructured information in a structured fashion by the help of other installable software units (like TREX). It facilitates to store unstructured information in various types of repositories. All the integrated repositories can be navigated by the search function in the portal by the users to get the information these repositories contain.

3) Collaboration has the capacity to connect users in the portal in the project space by a) virtual rooms where team members can share data and services from different geographical locations; b) groupware integration which integrates email and scheduling services used in the company; c) Asynchronous collaboration; d) Real time collaboration (RTC).

4) Unification maximizes the usefulness of a portal navigation between SAP customers by drag and relate navigation and by the ability to manipulate the relations between business objects. It balances user’s requirements to the retrieved data in business context.

5) Federated portal implementation is beneficial in sharing content between SAP and non SAP portals across organizations distributed landscape by single point of access to the portal. It helps to reuse the contact as well as applications by deploying throughout the organization without affecting each and every unit’s autonomy running in independent portals. Therefore, it helps to reduce the administrative efforts.

6) External facing portal gives a web exposure to the organizations portal by exposing information, applications, services, etc. to the anonymous as well as self registered users.

7) Enterprise workspace gives flexibility to integrate, organize and use various contents to the users.

8) Tool like web page composer give a chance to the portal users to create their own portal pages.

9) Wikis not only allows creating collaborative web pages, it also gives an option to the users to interlink the web pages.

Movie_banner_nwportal.png


How can we combine the "SAP NW Portal movie challenge 2014" and "SAP TechEd && d-code 2014"? That is easy!

We would like to ask you - as attendees of the big SAP TechEd events in Las Vegas and Berlin this year - to provide us a recap of your SAP TechEd experiences and also win SCN points and badges.


You do not know about the SAP Portal movie challenge? Then read this announcement blog to get the details.

 

How to proceed?

 

I. Win a SAP NW Portal Critic Badge: describe your SAP Portal SAP TechEd && d-code story and refer to an existing movie

 

You are attending SAP TechEd && d-code and you plan to attend some SAP Portal sessions? You are interested in SAP’s UX strategy and tools, SAP Fiori and SAP Fiori launchpad, SAP Enterprise Portal roadmap and strategy? Tell you what you learned and experienced at SAP TechEd, give us your feedback and let the community participate at your SAP TechEd story 2014.

  • Think about the SAP TechEd story, you would like to describe. It should be connected with SAP UX strategy and tools and/or SAP Portal and/or SAP Fiori technology.
  • Go to the SAP Enterprise Portal space. Please write the title in the following format: “SAP Enterprise Portal Movie Critic: <your own title>“.
  • Describe your story in the blog.
  • Check out our YouTube channel, which has many movies showcasing anything from successful implementations to testimonials created by us, customers and our partners. Find a movie which could fit to your story and link/insert it into your blog. Or check out the YouTube playlist of SAP TechEd && d-code. If you think that no movie really fits, just insert any kind of movie/video or screencam, you would like to add.
  • Publish your blog and make sure you inserted the video in it.
  • Add a comment to this instruction document to provide the link to your blog post.

 

II. Win a SAP Portal producer badge: describe your SAP Portal SAP TechEd && d-code story in your own movie

 

To win a SAP Portal producer badge you must go one step further. We would like to get from you a video, you created on your own, this video should show you while giving a short recap of your SAP TechEd experiences and impressions concerning again the topics SAP UX strategy, SAP Fiori and SAP Fiori launchpad, SAP Portal roadmap and strategy. What surprised and impressed you mostly during the event? What did your learn in the sessions, demos and expert discussions, what was new to you, what is the impact for your own business context?

  • Develop an idea for your SAP TechEd recap movie.
  • Create a 3-minute movie/screencam and upload it to any open video platform. YouTube is preferred, but you can also choose other platforms, that are open for public use.
  • Create a blog post in the SAP Enterprise Portal space and write the title in the following format: “SAP Enterprise Portal Movie Producer:<your own title>“.
  • Describe your SAP TechEd story and insert the video into it.
  • Publish your blog.
  • Add a comment to this instruction document to provide your blog post link.

 

Join our SAP Portal movie challenge now and get your SCN badge! Before you start, read the instruction document for the SAP Portal Movie Challenge.

Hi,

 

In this blog you can find 2 topics:

 

  1. Adding response headers to the response coming back from EP server.
  2. Modifying the HTML head section (or any other section in html) of the HTML response coming back from EP server.

 

1. Adding HTTP Response headers in Enterprise Portal


What is an HTTP Header (wikipedia):

HTTP header fields are components of the header section of request and response messages in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.


Sometimes there are cases where you would like to add headers to response. some example can be X-FRAME-OPTIONS for limiting framing or Cache-Control to control caching of the response, or  IE's X-UA-Compatible


Here is sample code of a portal component which adds adds an X-FRAME-OPTIONS response header to deny framing when called:

 

import javax.servlet.http.HttpServletResponse;

import com.sapportals.portal.prt.component.AbstractPortalComponent;

import com.sapportals.portal.prt.component.IPortalComponentContext;

import com.sapportals.portal.prt.component.IPortalComponentProfile;

import com.sapportals.portal.prt.component.IPortalComponentRequest;

import com.sapportals.portal.prt.component.IPortalComponentResponse;

 

public class MyHeaderComponent extends AbstractPortalComponent

{

    private static final String X_FRAME_OPTIONS = "X-Frame-Options"; //The response header key

    private static final String DENY = "DENY"; //The response header value

 

    public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)

    {

            HttpServletResponse servletResponse = request.getServletResponse(false); //gets the original servlet response

            if(servletResponse != null) {

     

               //adds the X-FRAME-OPTIONS Header

                servletResponse.addHeader(X_FRAME_OPTIONS, DENY);                   

                response.write("My Content cannot be displayed inside an iframe!!");

            }

   }

The actual magic is done in line 19.

The response of calling this portal component would be display just "My Content cannot be displayed in an iframe".

If you run it within IE inside an Iframe, you will get the following:

frame.jpg

 

 

Notice the response header that was added : "x-frame-options" .

 

 

2. Modifing the HTML head and html sections of EP response:


Simple structure of an HTML page.

As you know, when working with portal components, Portal Runtime builds and creates an html response that will return to client (after going over all hooks).

It is possible to add additional html code(or remove) to the head or body sections and to change attributes of these sections.


At first we need to have access to the portal HTMLDocument which will allow us access to the html document sections:


/** Getting the PRT HtmlDocument object from the PortalComponentRequest. */

private HtmlDocument getHtmlDocument(IPortalComponentRequest request) {

     HtmlDocument htmlDocument = null;

     IPortalResponse portalResponse = (IPortalResponse) request.getValue(IPortalResponse.class.getName());

      if (portalResponse instanceof PortalHtmlResponse) {

          PortalHtmlResponse portalHtmlResponse = (PortalHtmlResponse) portalResponse;

           htmlDocument = portalHtmlResponse.getHtmlDocument();

      }

     return htmlDocument;

  }

Then in our doContent of portal component we can just add scripts to the head and play with the body:


public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)

{

     HtmlDocument portalHtmlDoc = getHtmlDocument(request);

     Vector headHtmlElements = portalHtmlDoc.getHead().getHtmlElements();

 

     //writing head scripts and modifying body attribs

     headHtmlElements.add( new HtmlString( "<!-- This will appear in the head! --> " ));

     headHtmlElements.add( new HtmlString( "<script type=\"text/javascript\">alert('hello from header!') </script>" ));

  

     //setting css class of body

     portalHtmlDoc.getBody().setClass( "myCSSClass" );

     

     //setting body attributs

     portalHtmlDoc.getBody().addAttribute( "role", "application" );       

     response.write("inside body");

}

 

After we got the portal HTML Document, adding some html code inside the head section is done in line 7,8.

Setting class for the body section in line 11 and adding body attributes in line 14.

Finally we can still write inside the body in line 15.

 

Running this portal component will trigger our javascript alert and give us the following html output:

head.jpg

 

You can see a generic portal html response, but notice the additional changes we have added in our code:

  • 2 lines we wrote were added into the html head section (marked in read).
  • The body section now has role="application and class="myCSSClass" (marked in orange)

 

Inspect the getHead and getBody classes for more methods.

Try it out!

 

Best Regards,

Tal

Hi all,

 

I have discovered the Announcement of SAP Portal and HANA Cloud Portal Gamification Movie Challenge and decided to enter another movie review. The movie I have picked to review is:

 

 

As a new starter to SAP, it is important that I have a comfortable understand of the products and services that SAP offer it's customer base so as to increase my knowledge base.

 

My knowledge of SAP's services and products is growing all the time, and aided by watching movies such as the above has given me a greater understanding of the impact that SAP has in the running of customer businesses, with a strong focus on simplicity and mobility.

 

The movie gives a good overview of a customer's business from the initial stages, where everything was easier to handle with only a small number of documents and systems to manage, onto where the business grew into a larger entity and more complex with more demands and control need for the business to remain effective. This meant the business had to increase the number of tools it used to manage information, this is where the SAP NetWeaver Portal can help to manage the business operation and analytic data in one scale able environment.

 

The movie shows the customer confidence with information the SAP NetWeaver Portal's success:

 

        • Serving the market for over 10 years
        • Over 7000 customers
        • Customers of all sizes

 

The movies goes on to discuss how the customer's business is still expanding and how the business can be managed efficiently through the SAP NetWeaver Portal, with a focus on strong security given that you need users to be able to access the data from many different areas. The simplicity means even non technical users can modify and edit content, with the same ease of use outside than office as expected within.

 

Enterprise Workspaces offers a solution in a:

        • Self service
        • Mobile ready
        • Collaborative

 

With customers wanting to access more and more information on the move, the SAP NetWeaver Portal can be accessed on mobile devices, so anywhere the customer needs to gain access they have that ability!

 

The SAP NetWeaver Portal offers the right end to end solution to cater for customer needs.

 

Finally you can check out more movies on Announcement of SAP Portal and HANA Cloud Portal Gamification Movie Challenge.

Hi everyone!

 

After discovering of the Announcement of SAP Portal and HANA Cloud Portal Gamification Movie Challenge I decided to participate in the challenge. After watching several different videos on the SAP Portal - YouTube channel, I chose to review the following video:

 

 

 

The video is titled:  "SAP Netweaver Portal - mobile edition overview".

The reason I chose to review this video is that I have recently joined SAP, and so I am gradually trying to familiarize myself with SAP's products and services, in order to diversify my knowledge-base.

 

Initially, my knowledge of the functions of SAP Portal mobile edition was rather limited, and so I thought an overview video such as this one would be the perfect way for me to further my learning.

 

From the outset, I found this video to be simple yet highly effective in its delivery of information. At the beginning of the video, we are presented with the statement that SAP Portal Mobile Edition provides a "single point of access to business applications and content via a single point of access from multiple devices at any time". I felt that this statement instantly provided me with a basic understanding of the fundamental capabilities of SAP Portal Mobile Edition.

 

We learn that Netweaver Portal excels at creating multi-channel, elegant low TCO, corporate branded homepages that once built can be run anywhere. In turn, this level of portability has the ability to improve businesses by:

  • significantly boosting productivity
  • reducing costs

 

The video then moves on to present the viewer with a short overview of why one should consider using SAP Portal Mobile Edition. We are informed that it will

  1. Maximize the value of your investment in SAP software for mobile devices.
  2. Aggregate web and native applications (SAP or non-SAP, structured or non-structured) into a common mobile-entry point.

A short demo of these functions on a tablet device accompanies the presentation of this information to illustrate the simplicity of these functions.

 

The video concludes by presenting the viewer with a concise summary of the main functions of SAP Netweaver Portal Mobile Edition. Here we are reminded that with Mobile Edition, you can:

  • create role-based  multi-channel portals.
  • aggregate applications, documents and content.


Furthermore, the final piece of dialogue in the video reinforces the fact that the portals will be available:

  • to anyone
  • at any time
  • on multiple devices


Overall, I enjoyed taking the time to watch this video, as in my opinion, it clearly demonstrates each of the main functions of SAP Portal Mobile Edition without adding complexity, and thus it enables viewers to retain a basic comprehension of the functions available.

 

Thanks for taking the time to read my blog post.


Finally, don't forget to visit the Announcement of SAP Portal and HANA Cloud Portal Gamification Movie Challenge and share your views!

The latest release of SAP NetWeaver 7.4 Support Package Stack 08 (and the corresponding release NW 7.31 SP13 and) contains the following features and changes in SAP Fiori launchpad running in SAP Enterprise Portal:

 

No Activation of Theme Designer Necessary Anymore

 

Previously, to allow SAP Fiori launchpad to run on the portal, administrators had to activate the UI Theme Designer (switch to LESS). This prerequisite is no longer relevant. Administrators only need to perform this switch if they want to customize a portal theme using the UI Theme Designer and then run SAP Fiori Launchpad on Portal using the customized theme. Checkout also note 2036827 - Enable FLP on EP to run also without LESS structure.

 


Personalization of Groups

 

Until the last release end users could not create or manage groups in the SAP Fiori launchpad. Starting from NetWeaver 7.4 SPS8 (and NetWeaver 7.31 SPS13), users can create and remove groups and arrange content/tiles in their home page according to a group personalization.

 

This image shows how a group can be created by an end user (click on image for better reading):

create_group_v3.png

 

Here you see, how a tile is added to a group (click on image for better reading):

 

add_tile_to_group.png

 

Run SAP Fioir Wave 2 Applications using New SAP Fiori iView Template


Starting with NetWeaver 7.4 SPS8  (and corresponding release NW 7.31 SPS13) you can run Fiori wave 2+ transactional applications using the new "SAP Fiori iView" template. These iViews can then be run as tiles in SAP Fiori launchpad on Portal or as standalone applications. By using this iView, you will be able to call a specific Fiori application running on an ABAP back-end system and run it within the portal framework.

 

Prerequisites

  • Your Enterprise Portal version is:
    • 7.3 EHP 1 SPS13 and above
    • 7.4 SPS08 and above
  • Your back-end server has SAP Fiori launchpad SPS08 or above
  • You have made sure that both the portal server and the ABAP server can be reached via the same URL (including the server name). This can be achieved by using a SAP Web Dispatcher.


In this image you can see, how you select the SAP Fiori iView template in order to create an iView based on this template:

create_fioriapp_template.png


For a detailed description how to integrate SAP Fiori wave 2 applications into SAP Portal, read Ido Fishler's blog.


Watch also this video showing the configuration for the integration of SAP Fiori wave 2 apps into Enterprise Portal and how to run them on Fiori launchpad with SAP Enterprise Portal:

 

 

For lower versions of SAP Fiori, you must still create an SAP UI5 iView by copying the relevant application from the Portal Applications GPAL repository. For a more detailed description on how to integrate SAP Fiori wave 1 apps, read this blog by Irena Kull.

 

For more information, see:

 

  • SAP Help Documentation:

What is new in SAP Fiori launchpad?

SAP Fiori launchpad on Portal

Sometimes splash screen is not desired after click on portal logon. It is possible to show/hide splash screen in netweaver portal 7.3x using framework page configuration. Please check SAP KBA: 2035826 - Configuring the Splash Screen in the AJAX Framework Page of the Enterprise Portal

 

You can change the splash screen using the document: How to Customize your Ajax Framework Page with SAP NetWeaver Portal 7.30 .But there is no option to show/hide splash screen in netweaver portal 7.0x.

 

So you need to perform below steps to hide the splash screen after portal logon:

 

  1. Export the theme
    Exporting and Importing Themes - Portal - SAP Library
  2. Open the file from exported theme zip file:
    portal.zip\AFP\images\layout
  3. Remove the image  SplashScreen.png
  4. Save changes in zip file
  5. Import the theme again after above changes and select the option 'Overwrite existing theme'
  6. Clear the browser cache

Hi,

 

In this short blog post, you can find sample code on how to read/save cookies in portal component java code or using javascript.

 

First we build a portal component that demonstrates both.

The main doContent method, calling both techniques:

package com.sap.portal.examples;

 

import javax.servlet.http.Cookie;

import com.sapportals.portal.prt.component.*;

import com.sapportals.portal.prt.resource.IResource;


public class WebCookie extends AbstractPortalComponent

{

     public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)

     {

       handleCookiesByJS(request,response);

       handleCookiesInJava(request,response);

     }

....

 



1. First method, writing cookies in Javascript and then reading them:

 

 

private void handleCookiesByJS(IPortalComponentRequest request, IPortalComponentResponse response)

  {

     //include the javascript source that holds the js method to store/read cookie

     IResource resource = request.getResource(IResource.SCRIPT,"scripts/cookiescript.js");

     response.include(request, resource);

 

     //launch a js method to write cookie

     response.write("<script>write_cookie();</script>");

 

     //launch a js method to read cookie and print on screen

     response.write("Cookie reads = " + "<script>document.write(gettimes());</script>");

  }

Above you can see javascript "cookiescript.js" is included in the response of the portal component. This js contains two methods write_cookie() and gettimes()

After which write_cookie() is called and eventually gettimes()  is called.

 

javascript code cookiescript.js:

 

The write_cookie() method  searches for a cookie named "Basic_Cookie" and adds 1 to the value of the cookie

Eventually the cookie actually stores the number of times this method was called:

 

var cookie_name = "Basic_Cookie"

function write_cookie() {

   var index =document.cookie? document.cookie.indexOf(cookie_name) : -1;

    if (index == -1){

     //creating new cookie which will expire in 2040

    document.cookie=cookie_name+"=1; expires=Wednesday, 01-Aug-2040 08:00:00 GMT";

  }

  else{

     //cookie exists, read its value

    var countbegin = (document.cookie.indexOf("=", index) + 1);

    var countend = document.cookie.indexOf(";", index);

    if (countend == -1) {

      countend = document.cookie.length;

    }

    var count = eval(document.cookie.substring(countbegin, countend)) + 1;

 

     //update the cookie

    document.cookie=cookie_name+"="+count+"; expires=Wednesday, 01-Aug-2040 08:00:00 GMT";

  }

}

 

 

 

The gettimes()  method read value of the "Basic_Cookie" and returns number stored in it:

 

//this method reads the value of the cookie and return number stored in it.

function gettimes() {

     var count = 0;

     if(document.cookie) {

          var index = document.cookie.indexOf(cookie_name);

         if (index != -1){

           var countbegin = (document.cookie.indexOf("=", index) + 1);

           var countend = document.cookie.indexOf(";", index);

           if (countend == -1){

             countend = document.cookie.length;

           }

           count = document.cookie.substring(countbegin, countend);

        }

      }

 

     return (count + " times");

}

 

 

2. Second method, accessing cookie in portal component java code:

 

private void handleCookiesInJava(IPortalComponentRequest request, IPortalComponentResponse response)

{

    response.write("<br>");

    saveToCookie(request,response,"MyCookie","MyCookieValue");

    String val = getCookieValue(request,"MyCookie");

    response.write("Got cookie MyCookie with its value="+val); //first time it will be null, since the response is not written yet

}

Here the component calls a java method saveToCookie with key and value.

Then it reads the cookie value by calling getCookieValue method and prints it.

 

saveToCookie method:

 

cookie is searched in all cookie that came with request, then its deleted and a new cookie is created:

 

private void saveToCookie(IPortalComponentRequest request , IPortalComponentResponse response , String cookieName, String cookieValue)

{

     //getting all cookies from request

     Cookie [] cookies = request.getServletRequest().getCookies();

     if(cookies != null)

     {

        for(int i = 0 ; i < cookies.length ; i++)

        {

             Cookie cookie = cookies[i];

            //find the specific cookie and deletes it

             if(cookie != null && cookie.getName().equals(cookieName))

             {

                  cookie.setMaxAge(0);

                  break;

             }

        }

   }

   //create a new cookie with new value and save it

   Cookie  cookie = new Cookie(cookieName , cookieValue);

   cookie.setPath("/");

   response.addCookie(cookie);

}

 

getCookieValue method:

 

Cookie is searched and its value (or null if not found) is returned:

 

private String getCookieValue(IPortalComponentRequest request, String cookieName)

{

     //get all cookies from request

     Cookie [] cookies = request.getServletRequest().getCookies();

     if(cookies != null)

     {

          for(int i = 0 ; i < cookies.length ; i++)

          {

               Cookie cookie = cookies[i];

               //search for the cookie and get its value

               if(cookie != null && cookie.getName().equals(cookieName))

               {

                    return cookie.getValue();

 

 

               }

            }

       }

       return null;

}

 

After deploying this portal component, If we execute it  3 times, we will get the following output , from both techniques:

 

Cookie reads = 3 times

Got cookie MyCookie with its value=MyCookieValue

 

 

 

 

 

 

Related Links:

 

Important -  Security consideration using cookies

 

http://www.allaboutcookies.org/cookies/

 

http://en.wikipedia.org/wiki/HTTP_cookie

 

 

Enjoy,

Tal

Actions

Filter Blog

By author:
By date:
By tag: