on 05-27-2013 11:07 PM
Hello,
URL Example:
Hello Nestor,
have you configured the SAP authentication on your SAP BusinessObjects BI system towards the CRM system and did you import the roles from the CRM system ?
regards
Ingo Hilgefort, SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Ingo,
No, I have configured the SAP authentication on my BusinessObjects system towards the SAP BW system and imported the roles from the BW system.
can I configure another system in SAP authentication? for example SAP CRM
I only want the authentication for opendocument.
thanks for your response
Regards,
Néstor
Hello Nestor,
yes you can have multiple systems configured as part of the SAP authentication.
You would repeat the configuration that you did for BW but now for the CRM system.
When a user then calls the CRM report - will the user be authenticated with the CRM user or the BW user and will it only be CRM data or BW data or both ?
regards
Ingo Hilgefort, SAP
Hello Ingo,
when a user calls a Webi Report from CRM the data are the BW only.
so if I do the configuration between CRM and SAP BOBJ 4.0 and import roles, I will have duplicate users for example:
BW--------- BID~100/user1
CRM------- CRD~200/user1
if the user1 calls a webi report from CRM by opendocument, what user is going towards BW?
will I have to manage alias?
I did this configuration for SAP BW and SAP BOBJ 4.0:
Generate keystore and certificate for SAP BO BI4.0
http://wiki.sdn.sap.com/wiki/display/BOBJ/Generate+keystore+and+certificate+for+SAP+BO+BI4.0
Import SAP BO BI4.0 certificate into SAP BW
http://wiki.sdn.sap.com/wiki/display/BOBJ/Import+SAP+BO+BI4.0+certificate+into+SAP+BW
Setup of SAP SSO Service in SAP BO BI4.0 CMC
http://wiki.sdn.sap.com/wiki/display/BOBJ/Setup+of+SAP+SSO+Service+in+SAP+BO+BI4.0+CMC
and I did this configuration for SAP Enterprise Portal and SAP BOBJ 4.0:
thanks for your response
Regards,
Néstor
Hello Nestor,
so the user logs on with the CRM users and is refreshing a report with data from BW.
Correct - that will require user aliases and it sounds like you already have most of the items configured.
- you will need the SAP Authentication for both systems
- you will need the Single Sign On Token for both system
- you will need to configure the user aliases as well
regards
Ingo Hilgefort
All,
I was following this thread however could not get this to work.
As nestor mentioned I have the same requirements:
1. User authenticates towards BW
2. I want to use openDocument to include Webi Reports (4.x) in CRM Web UI
-> First only as a POC to get SSO to work
What I did was:
- Import roles from CRM
- Added useralias CRM~100/user to BW~100/user (no CRM user was importet - Alias active - BW User used for authentication ).
- Generate keystore and certificate for SAP BO BI4.0 (as mentioned above)
- Import SAP BO BI4.0 certificate into SAP BW (as mentioned above)
- Setup of Keystore in BO CMC.
- Setup of SAP SSO Service in SAP BO BI4.0 CMC ( Service was already setup)
Then I just added an openDocument link in CRM to my favorites (just to see if it is working - no parameter etc.)
The Link is working but I still get a popup for my secR3 Username/password.
Where the username seems to be transmitted properly.
Anyone can help me out here or has inputs?
Thanks in advance.
Andreas
Hi Ingo,
Thanks for your reply.
The URL gets executed from CRM Web_ui where the URL does not explicitly contain the token
(see example from above).
Also I was confused since I was setting up the keystore in BO4 and imported the certificate on CRM and BW System. Is this sufficient?
Do I have to exchange a certificate between CRM and BW aswell?
Thanks for your input,
Andreas
Hello Andreas,
I have to do the same thing: from CRM UI (through URL transaction launcher) I call a webi on BO system. We need to implement SSO between CRM - BO system.
What are all the steps to follow?
I try to summarize
1) Import roles from CRM. Could you specify what are the roles?
2) Added useralias CRM~100/user to BW~100/user (no CRM user was importet - Alias active - BW User used for authentication ).
3) Generate keystore and certificate for SAP BO BI4.0
4) Import SAP BO BI4.0 certificate into SAP BW
5) Setup of Keystore in BO CMC.
6) Setup of SAP SSO Service in SAP BO BI4.0 CMC ( Service was already setup)
7) Is it all? or is it necessary to import the certificate into the CRM ABAP component or CRM JAVA component?
Regards, Roberto
Hello Roberto,
1. The roles from CRM.
Select the roles the users are assigned to - otherwise you cannot make a alias for the CRM system
2. ok
3. ok
4. ok
5. ok
6. ok
7. Yeah you need to import using TA strustsso2
8. You need to exchange certificates between CRM and BW aswell.
So that CRM has the BW and the BW has the CRM cert.
In addition to that I did the changed the OpenDocument.properties:
D:\Program Files (x86)\SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF\config\default\OpenDocument.properties
like this:
# You can specify the default Authentication types here.
secEnterprise, secLDAP, secWinAD, secSAPR3
# Set to false to disable logon with token.
# Set to false to disable logon with SAP LogonToken obtained through RESTful Web Service
Hope this helps.
Lemme know if you have any other questions.
Can you send me your E-Mail - it would be nice to exchange information since I havent used the transaction launcher for now.
Btw. did you aktivate the business function CRM_ANA_BOB ?
I am not sure if I really need this for using Transaction launcher.
Let me know.
thanks
Hello Andreas,
I am Sam.
I meet the same problem of SSO: our webi report is linked in SAP CRM UI, and the data of report is stored in SAP BW, then user will access SAP CRM UI to review webi report.
I expect your help, and it's deeply grateful if you have document about the SSO, thanks very much.
Hello Sam,
I have documented this but in german language and also there are some screenshots that are not ment for public.
However, you can follow the guide from Nestor which also lead me to the solution.
If I find some time soon, I could exchange the screenshots and translate the stuff in english.
Maybe you could start pointing out what is not clear for you ?
Cheers,
Andreas
Hi Andreas,
Thanks for your prompt reply.
I have some confusion:
1) I have read the SAP BO 4.0 document "Administrator Guide", and it does't refered to the step of "Generating and importing certificate between BO and BW", so I don't know the necessity of this step?
Maybe it is different between BO 3.1 and 4.0.
2) If it is necessary, what about certificate between CRM and BO?
I will try again, and I will discuss with you if I have any problem, thanks a lot.
Hi Sam,
I did the SSO with BO 4.x and I havent tried to use 3.x since we do not need this. From what I read, the SSO with BO 3.1 is different from 4.x.
We use SAP BW as authentication system for BO.
Your questions:
1. yeah you will have to exchange certs between BW and BO.
(make sure BW/CRM have a valid certificate before exporting).
-> BW needs to have BO and CRM certs.
2. -> CRM needs to have BW and BO certs.
Dont forget to use the alias and keystore in BO
That should do the trick
Cheers,
Andreas
Hi Experts,
I am facing with an strange behavior.
I am now able to logon with my CRM-User to BI-Launchpad
Problem: If I want to see my Report in CRM-Web Ui i am still getting the logon-Screen for the BO-System.
i don't know what i missed in my configurations.
This is what i did so far:
On CRM (local BW) side
1. I created a role and assigned some CRM-Users to this role
5. I imported the BO-certificate to CRM
On BI-Platform side
2. I did the Import of the role in BI-CMC
3. I assigned the role to my Dashbaord
4. I created the certificate of the BO-Server
What should i do now?
Many thanks in advance.
.
Best regards,
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Andreas Schuth,
I am trying to implement this requirement for Business and I have struck at to generate Generate keystore and certificate.
When I am trying to run the command line statement
C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\java\lib\> "C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\java" -jar PKCS12Tool.jar -alias mywin -storepass administrator -dname CN=w2k8devbo-and
it is throwing error like.
not a recognized internal or external command.
I have tried only with below command
-jar PKCS12Tool.jar -alias mywin -storepass administrator -dname CN=w2k8devbo-and
and it is throwing error like
'-jar' is not recognized as internal or external command
I am suspecting that Java has not installed in my server. could you please correct me?
Am I in the right path?
Regards,
S Babu
Hi Babu
This wiki entry explains the way to generate the keystore and certificate
http://wiki.scn.sap.com/wiki/display/BOBJ/Generate+keystore+and+certificate+for+SAP+BO+BI4.0
However do not use the "<- Quotationmark
Your expression:
java" -jar PKCS12Tool.jar -alias mywin -storepass admin1 -dname CN=palmtree
should be like this:
java -jar PKCS12Tool.jar -alias mywin -storepass admin1 -dname CN=palmtree
Hope this helps.
BR
Andreas
Hello, Andreas Schuth,
I have done all the steps but it is not working to me.
I will share the document what I did, could you please check and correct me.
could you please share your mail id or contact information so, that I can share the document. kindly send test message to my mail id.
S Babu
Hello, Andreas Schuth,
I have done all the steps for implementing SSO between BO and CRM web UI. but it is not working to me.
Summary of my workflow
1. created roles in CRM & BW
2. imported CRM & BW roles & users into BO
2.1 user alias done
3. Enabled SAP authentication
4. Generated keystore & certification at BO Side
5. imported BO certification into BW & CRM ( in ACL are I have mentioned system as CRD for CRM system and its client. same to BW system as well. Am I correct? please correct me )
6. exported BW certificate into CRM and the same way exported CRM certificate into BW by using client 000
7. uploaded keystore file into BO
8. changed settings of BILaunchpad.properties & OpenDocument.properties files
9. configured BO opendocument url (http://XXXXXX-XXX.XXXXXX.XXX:8080/BOE/OpenDocument/1402060926/OpenDocument/opendoc/openDocument.face...) into CRM web UI (Is this generated OpenDocument url format is correct or wrong?)
But no luck.
please correct me where I did mistake and also tell me did I miss any steps?
Advanced thanks.
Suresh
Hi Babu
I am sorry since I am very busy at the moment.
Following I found different:
1.
In our case we authenticate BO to SAP BW and not to SAP CRM.
This means all users are only replicated from BW to BO.
-> user looks like this: ecSAPR3:BWx~001/MOO1234
Where MOO1234 is the BW user.
We do not replicate the crm user.
However we changed that since we use AD Authentication now...
2.
Your OpenDoc Link doesnt look like mine:
HTH
Andreas
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.