We are in process of implementing Fiori Wave 1 Applications. SAP Portal Integration is required for below 2 primary reasons-
- SAP Portal UME is connected to organization's LDAP (Active Directory). We want users to use same AD credentials to access Fiori applications from SmartPhones/ Tablets and Desktops to keep the experience same (main purpose behind UI5 applications).
2. We have been using SAP Portal as a single point of entry for all SAP systems- ECC, SRM, CRM, BW, BOBJ, GRC, MDG etc. Portal is our preference for accessing Fiori too.
As most of the SAP documentation/ SCN blogs suggest, we tried implementing Portal on Device. We created UI5 iView to access Fiori Launchpage and added that iView to Mobile Portal Launcher. But even though we set iView to open in separate window, it fails to open in separate window on Mobile.
This makes it impossible to navigate from launchpage to applications by clicking on Tiles.
Another way out was instead of integrating Fiori Launchpage/LaunchPad, create separate iViews for each Fiori application. But this way, we lose the beautiful LaunchPad which has capabilities of dynamic tiles, groupings. In this case we also cannot use Gateway PFCG roles created for Fiori Catalogs.
So here is solution which works perfectly fine.
Configure SSO between SAP Portal and SAP Gateway system
We achieve SSO between portal and gateway system using SAP Login Tickets.
Export Portal Certificate and import into SAP Gateway system using STRUSTSSO2 transaction code and maintain other parameters. This is standard process.
Create URL iView
Use URL iView template and create a iView with below properties:
b. Height Type: Full Page
- Launch in New Window: Display in Separate Window
Note that I have specified URL points for Fiori Launchpage.You can use Fiori LaunchPad or any UI5 application URL.
Create a standard Portal Role and add above iView to it as shown below.
Now use below URL for accessing Fiori launchpage/launchpad directly.
It is direct URL to iView under Portal role. We can use portal PCD permissions so that only users having this portal role can access it.
We have performed tests on mobile as well as desktops and it works perfectly fine.
Below are results with screenshots from Mobile device.
- Open URL:
Note that this is standard Portal Login Page which adapts for Mobile devices. We have not enabled Portal on Device for it.
As soon as user provides credentials to login, user automatically gets redirected to Fiori Launchpage.
User logs off from Fiori Launchpage
Above Logout will log off user just from Gateway and not portal.
We configured log off service of Gateway so that it redirects log off URL to a custom application deployed to Portal.
Custom application (com.testr.logoutFiori) contains simple Java servlet (logoff) which simply logs off user from portal and redirects to
Thus, user gets logged off from Gateway , Portal and comes back to starting URL.
You can ask that instead of custom application why not redirect log off ICF service to below URL-
This logs off user from Portal but redirects to https://Portalhost:PortalPort/irj/portal instead of
Hope this helps. Please do post your comments and let me know your thoughts on this.