1 2 3 4 Previous Next

    michael.nicholls

    54 Posts

    There are only a few ways to enter an SAP system as an end user. Once in, there are a plethora of ways to get out. I'll discuss some of them...

    First let's assume we're at our SAP Easy Access menu. I'll assume we're fairly current and we're using SAP Logon 720.

    The obvious ways out are:

    1. Use the big blue X in the top right hand corner.
    2. Use the funny icon in the top left corner and select Close
    3. Use ALT+F4
    4. We can use the Yellow up arrow icon in the main icon bar
    5. Or Shift-F3
    6. Under the "System" menu, we find "Log off"
    7. And also, "End session"

    OK, now a few more in the command box in the top left corner:

    1. /nend
    2. /i
    3. /nex - be careful here, there's no prompting

    That's 10 and we're still not finished. The rest are not at all recommended:

    1. Use your Windows task manager to kill any "SAPlogon.exe" processes
    2. Pull out your network cable
    3. Pull out your power cord (not applicable for laptops!)

    Even more extreme:

    1. Shut down your SAP system

    Or you can wait for the sytem to log you off because you have been thinking for too long about other ways to logoff..

    Many mobile devices have the ability to display details about where the user is located. So, why not try to capture this and present it with the ubiquitous Google map mechanism? Here's a possible way to do this...

    The first thing I wanted to do was store the latitude and longitude of the portal user. Ok, first we have to capture it, but there's no point doing that unless we can persist it. I decided to use a feature of the AS Java UME (User Management Engine) which allows you to store extra metadata about users. This is achieved by changing a few UME parameters and then restarting the AS Java. I generally use the configeditor of the config tool. The parameters in question are ume.admin.addattrs and ume.admin.public.addattrs. I decided to use two extra fields, lat and long.

    The contents of these fields can be seen, and modified, using the /useradmin tool. The extra fields appear on the Customized Information tab.

     However, the idea is to use the location services. I found a sample bit of code on the internet and converted it to a portal component. In my NWDS project Mobile my component for this is GetLocation. When this component is started, it checks whether location services are enabled and if so, asks the user to confirm that it is OK to store their location details. The mobile device will first ask the user if it is OK to capture the location.

    The component to store the details is called StoreCoords. It is passed the collected latitude and longitude and uses a standard set of UME APIs to store the lat and long fields defined earlier.

    Starting the component:

    When you select OK, a new screen appears:

    When you use the "Store my location" link, the UM data is updated with your latitude and longitude and a result is displayed:

    Now we want to display the details. Another portal component called ShowUserLocations is used for this. It presents either a Google map showing the user locations, or optionally can be used to create a KML response, by adding ?kml=yes when the component is invoked. The KML response can be used to launch Google Earth and allows for the traditional zooming over the globe.

    Here's what it looks like after I store my location when I am located in Sydney:

    Rather that post code fragments, I have uploaded the PAR file, with all the source, to http://www.sap-netweaver-training.appspot.com/download_files/Mobile.par 

    Will I need 3D glasses to perform the installation?

    Will there be a "blooper code" area?

    Will there be interviews with the developers?

    Maybe some ads for other SAP products?

    When most users launch the SAP NetWeaver Portal, they use a browser to launch it and they get a menu which might look like this:    imageMy aim was to build a portal component that could be used to create a menu system a bit like this:imageWhen the user launches the portal component from Safari, they get a screen similar to this:imageThe user stores their username and password to access the SAP NetWeaver Portal using the Settings option:imageUsing the Save option then saves the values and relaunches the URL, appending the user's username and password. The user must have already logged on to the SAP NetWeaver Portal successfully so that they do not have an initial or expired password. Selecting an option leads through the different navigation levels until you get a screen that lets you actually start an iView:imageCreating the portal component in NWDS involved creating a new portal project. I called mine Mobile. There is a set of JavaScript code that I need to use, and to make things easy, I put it under the dist/images folder and called it Includeme.js. Here is the project structure:image

    The System Landscape Directory (SLD) is software that nowadays is effectively mandatory to install at a customer site. It is used to help Solution Manager, amongst other things. SLD has two main areas - a set of data that is updated from SAP the organisation by the Basis team that "knows" about products and support packs, and a set of data that represents a customer's landscape.

    Looking inside the product and software software component area of SLD you will see that there are also a set of associations which describe product history in a fairly broad way. The association is called SuccessorPredecessor, and as the name suggests, it holds some details about different products plus their successors.

    Ok, so let's try to read this using some Java code. I have decided to only look at a subset of the products, namely those relating to ERP, ECC, SAP NetWeaver and some enhancement packages. In the software components, I have concentrated on SAP_APPL, which can be thought of as the functional side, and SAP_BASIS, which is the techie part.

    The code is designed to run using JRE 1.4.2, and requires a few external libraries.

    The following Windows batch file can be considered a starting point for your own system:

    I used NWDS to build a Java project called SLDStandalone, and I have the libraries in a few directories due to installing a Java system XYX with central instance number 02.

    Please note that I have hardcoded the hostname, username and password to access the SLD in the batch file.

    cd \sap\SLDStandalone
    java -cp \usr\sap\XYZ\JC02\j2ee\cluster\server0\bin\ext\com.sap.lcr.api.cimclient\lcrclient.jar;C:\usr\sap\XYZ\JC02\j2ee\cluster\server0\bin\ext\tc.httpclient\httpclient.jar;\usr\sap\XYZ\JC02\j2ee\cluster\server0\bin\ext\tc~sld~sldclient_sda\sldclient.jar;\usr\sap\XYZ\JC02\j2ee\cluster\server0\bin\system\logging.jar;\usr\sap\XYZ\JC02\j2ee\cluster\server0\bin\ext\com.sap.util.monitor.jarm\Jarm.jar;. com.sap.anz.History tn7tdc00:50000 bit400-00 goaway1

     

    Here's the code:

     

    /*

     

    • Created on 19/01/2011

    *

     

    • To change the template for this generated file go to

     

    • Window>Preferences>Java>Code Generation>Code and Comments

    */

    package com.sap.anz;

     

    import java.net.URL;

    import java.util.Vector;

     

    import com.sap.lcr.api.cimclient.CIMClient;

    import com.sap.lcr.api.cimclient.CIMOMClient;

    import com.sap.lcr.api.cimclient.ClientFactory;

    import com.sap.lcr.api.cimclient.HttpRequestSender;

    import com.sap.lcr.api.sapmodel.SAP_SuccessorPredecessor;

    import com.sap.lcr.api.sapmodel.SAP_SuccessorPredecessorAccessor;

     

       

     

    /**

     

    • @author Me

    *

     

    • To change the template for this generated type comment go to

     

    • Window>Preferences>Java>Code Generation>Code and Comments

    */

    public class History {

         static Vector antes = new Vector();

         static Vector depends = new Vector();

         static Vector combos = new Vector();

         static int level;

     

         public static void main(String[] args) {

              ClientFactory factory = ClientFactory.newInstance();

               

              if (args.length!=3) {

                   System.err.println("Usage: java History sldhost:port username password");

                   System.exit(1);

              }

               

              try {

                   URL url = new URL("http://"args[0]"/sld/cimom");

                   String user = args[1];

                   String password = args[2];

               

                   HttpRequestSender requestSender = new HttpRequestSender(url, user, password);

    //

                   CIMOMClient cimomClient = new CIMOMClient(requestSender);

    //

                   CIMClient cimClient = new CIMClient(cimomClient);

                   SAP_SuccessorPredecessorAccessor sucpred = new SAP_SuccessorPredecessorAccessor(cimClient);

                   SAP_SuccessorPredecessor[] sucpreds = sucpred.enumerateSAP_SuccessorPredecessorInstances();

                   for (int i=0;i<sucpreds.length;i++) {

                        SAP_SuccessorPredecessor s = sucpreds[i];

                        if (s.getAntecedent().getClassName().equals("SAP_SoftwareComponent")) {

                             String aName = s.getAntecedent_WT().getKeyValue("Name").toString();

                             String aVersion = s.getAntecedent_WT().getKeyValue("Version").toString();

                             String dName = s.getDependent_WT().getKeyValue("Name").toString();

                             String dVersion = s.getDependent_WT().getKeyValue("Version").toString();

                             if (aName.equals("SAP_APPL")

                                  || aName.equals("SAP_BASIS")) {

                                  antes.add(aName" "aVersion);

                                  depends.add(dName" "dVersion);

                                  Vector combo = new Vector();

                                  combo.add(aName" "aVersion);

                                  combo.add(dName" "dVersion);

                                  combos.add(combo);

    //                              System.out.println(aNameaVersion"="dNamedVersion);

                             };

                        };

                        if (s.getAntecedent().getClassName().equals("SAP_Product")) {

                             String aName = s.getAntecedent_WT().getKeyValue("Name").toString();

                             String aVersion = s.getAntecedent_WT().getKeyValue("Version").toString();

                             String dName = s.getDependent_WT().getKeyValue("Name").toString();

                             String dVersion = s.getDependent_WT().getKeyValue("Version").toString();

                             if (aName.equals("SAP ERP ENHANCE PACKAGE")

                                  || aName.equals("SAP ERP")

                                  || aName.equals("SAP ECC")

                                  || aName.startsWith("SAP NETWEAVER")

                                  || aName.startsWith("SAP R/3")) {

                                  antes.add(aName" "aVersion);

                                  depends.add(dName" "dVersion);

                                  Vector combo = new Vector();

                                  combo.add(aName" "aVersion);

                                  combo.add(dName" "dVersion);

                                  combos.add(combo);

                             };

                        };

                   };

                   level = 0;

                   for (int i=0;iSAP R/3 3.0C

    -SAP R/3 3.0D

    --SAP R/3 3.0E

    ---SAP R/3 3.0F

    -

    SAP R/3 3.1G

    -

    SAP R/3 3.1H

    -

    SAP R/3 3.1I

    -

    SAP R/3 4.0A

    -

    SAP R/3 4.0B

    -

    SAP R/3 4.5A

    -

    SAP R/3 4.5B

    -

    SAP R/3 4.6A

    -

    SAP R/3 4.6B

    -

    SAP R/3 4.6C

    -

    SAP R/3 ENTERPRISE 47X110

    -

    SAP R/3 ENTERPRISE 47X200

    -

    SAP ECC 5.0

    -

    SAP ECC 6.0

    SAP NETWEAVER CE 7.1

    -SAP NETWEAVER CE 7.1.1

    SAP_APPL 30C

    -SAP_APPL 30D

    --SAP_APPL 30E

    ---SAP_APPL 30F

    -

    SAP_APPL 31G

    -

    SAP_APPL 31H

    -

    SAP_APPL 31I

    -

    SAP_APPL 40A

    -

    SAP_APPL 40B

    -

    SAP_APPL 45A

    -

    SAP_APPL 45B

    -

    SAP_APPL 46A

    -

    SAP_APPL 46B

    -

    SAP_APPL 46C

    -

    SAP_APPL 470

    -

    SAP_APPL 500

    -

    SAP_APPL 600

    -

    SAP_APPL 602

    -

    SAP_APPL 603

    -

    SAP_APPL 604

    -

    SAP_APPL 605

    SAP ERP 2004

    -SAP ERP 2005

    SAP_BASIS 40A

    -SAP_BASIS 40B

    --SAP_BASIS 45A

    ---SAP_BASIS 45B

    -

    SAP_BASIS 46A

    -

    SAP_BASIS 46B

    -

    SAP_BASIS 46C

    -

    SAP_BASIS 46D

    -

    SAP_BASIS 610

    -

    SAP_BASIS 620

    -

    SAP_BASIS 640

    -

    SAP_BASIS 700

    -

    SAP_BASIS 710

    -

    SAP_BASIS 711

    -

    SAP_BASIS 720

    -

    SAP_BASIS 730

    -

    SAP_BASIS 800

    -

    SAP_BASIS 701

    -

    SAP_BASIS 702

    -

    SAP_BASIS 703

    SAP ERP ENHANCE PACKAGE SAP ERP VALUE PACK 2005.1

    -SAP ERP ENHANCE PACKAGE 2005.1

    --SAP ERP ENHANCE PACKAGE 2005.2

    ---SAP ERP ENHANCE PACKAGE SAP ENH PACK 3 FOR SAP ERP 6.0

    -

    SAP ERP ENHANCE PACKAGE SAP ENH PACK 4 FOR SAP ERP 6.0

    -

    EHP4 FOR SAP ERP 6.0_NW701 EHP4 FOR ERP 6.0_NW701

    SAP NETWEAVER 04

    -SAP NETWEAVER 7.0 (2004S)

    --SAP NETWEAVER AS ABAP 7.1

    ---SAP NETWEAVER AS ABAP 7.11

    --SAP NETWEAVER MOBILE 7.1

    ---SAP NETWEAVER MOBILE 7.11

    --SAP NETWEAVER SAP EHP1 FOR SAP NETWEAVER 7.0

    ---SAP NETWEAVER SAP EHP2 FOR SAP NETWEAVER 7.0

    --SAP NETWEAVER PI 7.1

    ---SAP NETWEAVER PI 7.11

    </textarea></p>

    In my day to day activities I often encounter a wide variety of User Interfaces.

    Some are really ugly and almost impossible to navigate easily. Simple things like entering dates can provide a level of frustration that makes me want to throw things at the screen. Some have menus with annoying hover "capabilities" that I'm sure looked cool at design time, but when you're a microsecond too slow with the mouse cause nothing but hassles.

    Some aren't too bad, but I can't think of any that make me go "wow".

    Where are some examples of "wow" sites?  

    One of the things I enjoy about being a member of SDN is getting a unique view of the SAP world. For example, I'd like to see things here that are not generally available to those "outside the circle".

    In the past weeks some blogs have been posted here that are sometimes complete copies of aother blog postings and other times are external content with a few extra paragraphs.

    Ok, the SDN blogger has done the "right" thing and included a URL to the external site, but wouldn't it be fairer to make SDN the original and have a pointer from the non-SDN site?

    Sometimes I feel I am being conned into following a link to an external organisation's web site, only to see exactly the same thing as I just read in SDN.

    I appreciate that SDN bloggers want to get feedback from the SDN community, which they won't get by hoping people stumble/Google to their non-SDN site, However, I still feel a bit cheated..

    Link "+linkname[i]+" created");                } else {                     response.write(" Link "+linkname[i]+" already exists");                }           }            } catch (Exception e) {                response.write(" Error - " + e.getLocalizedMessage());  }  } }    The result in InfoViewimage

    The SAP Passport is a convenient way to handle client based certificate authentication to your SAP NetWeaver Portal. It means that if your users have loaded an SAP Passport into their browser and you have enabled client certificates that use this certificate, then the user can log on to the SAP NetWeaver Portal without needing to enter a username and password.

    The mechanism assumes that your AS Java trusts SAP Passport certificates. You can see this be navigating through the Visual Administrator to the Key Storage service and selecting the TrustedCAs view:

    image

     

    You will notice that the validNotAfter date is 18 July 2010. This means that after that date the certificate will not be trusted. So, you need to navigate to the SAP Service Marketplace and download the latest Root Certificate and load it.

    The CA download can be accessed using http://service.sap.com/tcs and then navigate to Download Area -> Root Certificates and then select the SAP Passport CA Certificate:

    image When you select the link for the certificate, you will be prompted to Open or Save it. Select "Save" and give the file a name such as c:\temp\SAPPassportCA.crt. Make sure you select the "Save as type" as "All files", as you don't want to end up with a .cer file.

    Now back in the Visual Administrator, you can use the "Load" option to upload the saved file. This will then change the validNotAfter date to July 2015.

     

    image

    Finally, put a note in your calendar to repeat this activity again in early 2015.

    After you install your SAP NetWeaver Portal, you will probably access it using regular HTTP. So, you'll use a URL that looks like: http://theportal.mycompany.com:50000/irj. If you use a logon form where you enter your portal username and password, thiose details will be sent to the portal server unencrypted, which means that a malicious person could in theory find that combination.

    But did you know that you can use secure sockets to access the portal? By default, the portal is installed with SSL enabled. This means that you can change your URL slightly so that instead of typing "http", you can use "https", but you also need to add 1 to the port number (the number after the :) so that your URL for the above example becomes https://theportal.mycompany.com:50001/irj.

    However there are a few problems with this. Depending on your browser, you will probably get a screen that looks like either

    image

    or

    image

    This is because by default the portal's standard SSL certificate has a few problems. These are:

    • it's self signed, which means your browser doesn't trust it;
    • it's expired; and 
    • it's been issued for an unexpected web site, localhost, not the one in the URL you entered.

    This can be seen by opening up the certificate details:

    image

    So, why has this happened?

    First some certificate basics. They are a way to certify an identity to help set up a trusting relationship. For SSL type access, they identify the system you are connecting to, so that you don't end up at a phishing site. You as a user can also have a certificate, which then means the system you connect to knows who you are. An example of this user certificate is the SAP Passport which you can get from the SAP Service Marketplace. Once setup, this allows you to connect to the SAP Service Marketplace without having to enter your S-number and password. In effect, the SAP Marketplace web sites trust your passport.

    The value of the server certificates for the portal are managed in the Key Store service of the Visual Administrator.

    In the service_ssl view you can see the standard self signed certificate.

    image

    image

     

     

    If you want to generate a certificate request for our real hostname instead of "localhost", use the "Create" option and enter appropriate values. The most important is the common name, which is the hostname from the URL that you use to access the portal.

    image

    After generating the new certificate, you need to send this to a Certification Authority (CA) who will sign it and then send it back to you. This normally involves a fee of some sort. SAP provides limited lifetime certificates for testing purposes. Details can be found at http://service.sap.com/ssltest.  

    From the same service we can see the available certification authorities (Trusted CAs) that we trust. This is important if we are going to use client certificates, such as an SAP Passport. Please note that CA certificates also have an expiration date.

    image

    The SSL provider service is where we specify which server identity (certificate) to use and, optionally, which client CAs we will trust. For example, if we decide to use SAP Passports to access the portal, then we need to trust the SAPPassportCA.

    image

    image

    If we decide to request or require client certificates, this is where we specify the CAs to trust.

    image

    Those who contribute to or watch the portal area in SCN will probably recognise my name. I have been known to blog a bit and until recently I was one of the top points earners in the portal forums.

    For the first 6 months of this year I was travelling a fair bit for work, and in the evening I would spend some of my time replying to forum posts. The travelling is now not as frequent and I am spending less time in  SDN. Even after I stopped contributing, I'd still occasionally look at the recent posts to see if there were any 'interesting' ones to answer, but disappointingly they were few and far between. It seems most people posting won't spend a few(?) minutes searching before posting.

    People like myself were actually unintentionally promoting this behaviour! Rapidly answered questions leads to people posting without thinking/searching.

    My proposal is to lock new postings for a month. Open threads can still be replied to and moderators can  still post if they are sent a post.

    What will the reaction be? Hopefully people will start searching! The help.sap.com pages are a lot better than a lot of people realise. The portal wiki pages are also a good source of content.

    There will probably be extra chatter in the non-portal forums as people try to bypass the embargo, so those forum moderators may need to be extra diligent....

    After installing an SAP NetWeaver Portal, the administrator needs to create some content. This can either come from one of the SAP supplied business packages, or it needs to be built using the portal content administration tools.

    I decided to make a portal component to asssist in creation of some simple examples, namely a portal role which uses a portal workset that contains some KM and URL type iViews.

    Here are some screen shots

    We have a top level menu... 

    image

    This shows the options available and says where in the PCD the objects will be created. The folder name is based on the username of the person running the tool.

    This shows creating a simple portal role.

    image

    If you have installed the Web Page Composer, you can also create a role from a WPC entry point...

    image

    We can make an iView that presents a KM folder, asuming KM has been installed...

    image

    Or make an iView that accesses a URL...

    image

    Now make a workset that contains our generated iViews...

    image

    And after assigning the roles, we should see...

    image

     

    The PAR file can be downloaded from here.

    The tool can be launched using a URL similar to http://portalhost:port/irj/servlet/prt/portal/prtroot/PCDBuilder.Menu as a user with content administrator privileges.

    The SAP NetWeaver Portal has a fundamental unit of content called an iView. This is effectively a link, or URL, to the web application that is to be accessed when the user accesses the portal menu.

    iViews can have some options appear in the top right hand corner. For example, it is possible to open the iView in a new window. One little used option is to enable a link to a help page.

    I believe there are a few reasons why this feature is not used at most sites.

    The first is that the option is not obvious. Most portal users wouldn't think to click the icon to find the options, let alone know that Help was available. This comes down to appropriate training of portal end users. Also, with the lighter framework pages available in recent releases of the portal, the Help option can be more easily viewed.

    The next reason for non-use is that setting the URL to be used is a challenge. It appears the portal development team assumed that the linked page for the help would be static and in most cases it is not possible to use relative links.

    Huh? Relative links? What's he talking about?

    Most people use absolute links in their browser. For example, when they use SDN, they would enter in their browser address bar https://sdn.sap.com. That's an absolute URL. A relative link could appear on a web page that "knows" it's already on a particular web server. So, a developer could have a link to "/wiki" and that would magically become https://sdn.sap.com/wiki.

    Back to the URL that needs to be entered for an iView's help. If I am developing my iView on a portal accessed as http://mydevportal.mycompany.com:50000/irj, if I wanted my little help application to execute on the same portal, I would need to enter a help URL of http://mydevportal.mycompany.com:50000/myHelpApp... As a relative URL it would handy to enter just the /myHelpApp, but that is not possible.

    With an absolute URL, when I move my iView from the development portal to the QA portal and finally to production, my iView's help URL is still pointing to the development portal. This is probably not ideal.

    This wiki page contains a code snippet to assist in developing a tool to assist in the process. It allows a portal administrator to browse the PCD (Portal Content Directory) to easily view and set the help URL for some iViews. It looks for the hostname and port number of the development portal (set as an iView parameter) and replaces that with %host:port%. When the administrator uses the Update button, it replaces %host:port% with the curent portal's hostname and port number. So, after the iViews have been moved to the QA or production portal, it should be quite easy to replace the URL.

    Are there any other solutions?

    Long term I'd like to see relative URLs supported. In the mean time, a few other possibilities include:

    • Adding help iViews as related links
    • Creating small (30 pixel high) iViews with no tray that have a link to the help page and add them to the portal pages.

    The system landscape directory application, normally referred to as the SLD, is hosted on any AS Java system in the customer's site.  It can be a central point to store data about the physical systems that are installed, plus details about the software products and software components that are available on those systems. It can be used by PI/XI and Solution Manager and also as a repository of JCo destinations for Web Dynpro Java applications. 

    The SLD is maintained by a system administrator using the /sld application, which nowadays is a Web Dynpro application. ABAP and Java systems can publish their information on a regular basis to the SLD via transaction RZ70 (ABAP) and the SLD data supplier (Java).

    The SAP NetWeaver Portal can be used to provide single sign on to different applications. This can include ABAP based applications. The most flexible way to define access to ABAP based systems is by defining the system in the portal's system landscape directory using the system landscape editor.

    This is not the same as the SLD application! The portal's system landscape directory is mainatined with the system landscape editor as an iView within the portal administration area. It stores the data in its own set of tables in the underlying AS Java database. It is not aware of the existence of an SLD application server.

    So, why not try to synchronise the two?

    This wiki page contains a portal component that can be used to create an entry in the portal's system landscape directory based on details obtained from the SLD application.

    It reads the SLD to find the known SID/client combinations and presents them as a dropdown list. Because the SLD does not know about hostnames containing domains, it also prompts for a domain name to be appended to the hostname.

    For flexibility, it builds a system based on the load balanced template, and assumes a logon group called SPACE. The SLD does not know about ICM host and port information, so it points to the ICM on the central instance and uses port 80xx, where xx is the instance number.

    No system alias is defined for the generated system in the portal, so this must be set afterwards. The SystemAlias property of the system object in the portal SLD is the logical system name. This confused me for some time!

    Interestingly, the name of the client in the ABAP system as stored in table T000 does not seem to get populated into the SLD.

    Working with SAP software for a few years has made me realise:

    • typing SICK is a suitable way to see if my system is OK
    • SPAM is not just a Monty Python song or meat product
    • SCUM is a perfectly acceptable transaction for managing users
    • seeing a sign STAU on a bridge over an autobahn near SAP's headaquarters is not them telling you about a new system administration transaction code
    • it is ok to have one way into an ABAP system and more than 10 ways to get out.
    1 2 3 4 Previous Next

    Filter Blog

    By date: