cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with SSO and NWBC Apps on FIORI Launchpad (S4HANA)

Former Member
0 Kudos

Hi,

We have an issue testing a NWBC App from SAP FIORI Launchpad. This Tile was defined and came in the stardard package of SAP S/4HANA OP 1511. As the configuration guide “SAP S4HANA Other Apps deployment” suggested we have created the destination needed for this app’s type (3 – ABAP & H – HTTPS) as you can see on the following picture

Destination – Type 3 ABAP

All destinations type ABAP are configured to use trust relationship

Destination – Type H HTTPS

All destinations type HTTPS are configured to use trust relationship, logon with ticket and SSL Certificate (Default client)

When we test the trust relationship between the systems involved, it works just fine. When we test the destination “S4PRC_RFC”, it responds as it should



When we test the destination “S4PRC_HTTPS” , it responds as it should


For every destination created for this configuration, the test response are similar to the presented above.

We also have checked the system alias and alias mapping views. Both have configured the proper data, as it shown on the following screenshoots

/UI2/V_SYSALIAS

/UI2/V_ALIASMAP

In the next screen you can see the app’s definition. This configuration was delivered by SAP as a standard

App definition on LPD_CUST

We have only changed the system alias mapping data for the instance


As per our consideration, the configuration seems to be fine according to the steps outlined on the guide we have followed. But it still prompts the logon page when we tried to access a transaction or webdynpro app through fiori Launchpad.

Here are the screens when we tried to access to a transaction (WebGUI), for example “Create Purchase Order (Advance)”

These OSS Notes has been already applied on our system to correct several things

  • 0002260476 Initial Screen from LPD_CUST definition for transaction does
  • 0002313296 Fix for ABAP Launchpad to ITS URL migration

These OSS Notes are listed as a not applicable for our system and components versions.

  • 0002269272 "Reference Lost" Error for FLP Tiles after applying new UI c
  • 0002275285 UI2 & USHELL upgrade to version 1.32.10 for UI Add-On 2.0

What might be wrong? Why the SSO is not correctly performed? Is this a program error "APB_LPD_CALL_B_I_TXN"? Do we need to open a OSS ticket to SAP Support to resolve this issue?

Best Regards,

Mariana

Accepted Solutions (0)

Answers (2)

Answers (2)

Vasilis
Advisor
Advisor
0 Kudos

Hi,

is the front end gateway a separate server? If yes, have you created the trust between the systems using the transaction SMT1 in the backend server?

Regards,

Vasilis

Former Member
0 Kudos

Yes Vasilos,

The trusted relationship is configured and it works, the FIORI Apps retrieves data from backend just fine... and yes the gateway is a central-hub (separated server).

  • Trust Relationship: Central-Hub --> Backend

  • Trust Relationship Backend --> Central-Hub

Best Regards,

Mariana

s0006898782
Participant
0 Kudos

Hello Mariana Castillo,

I'm having the same problem as you did to solve you problem ?


Best Regards,


Welinton Rocha

Former Member
0 Kudos

Hi

I have opened a OSS Ticket for this issue. The ticket is in processing by SAP status. If you want to open a OSS Ticket separately for this issue, you can. This way we put a little pressure to get the resolve quickly

Best regards,

Mariana

PS: Follow me to send you a direct

former_member205280
Active Participant
0 Kudos

Hi Mariana,

I had a similar problem here, same here, I opened a  ticket few days ago and still got nothing!

One thing I found out was that if you create those HTTP connections in SM59 with <system_alias>_HTTP instead of _HTTPS (that's without activate SSL), and access the Fiori launchpad using HTTP, everything works fine. Ate lease we can use the NWBC app now!

Hope this will help you.

Regards,

Michael

Former Member
0 Kudos

Hi Michael,

Let me re-try to check that.... although I think i've already test it that way and did not work for me

cc:

BR,

Mariana

former_member205280
Active Participant
0 Kudos

Hi Mariana,

Quick update here, I found a very interesting thing this morning.

It works in IE 11, that's right both HTTP and HTTPS are working well. However with Chrome, only HTTP works. I've already double checked it!

Here's what I did, I recreated the trust relationship between Fiori and Backend system, created an additional <system_alias>_HTTP connection in your Fiori box with SM59 (point to back-end http port, without SSL, and using trusted relationship). Then go to IE, everything works well. I bet this'll be the only time IE beats Chrome

Access Fiori Launchpad in IE works in both HTTP and HTTPS.

Access Fiori Launchpad in Chrome using HTTPS (before create <system_alias>_HTTP connection,) it points to the Fiori system itself.

Access Fiori Launchpad in Chrome using HTTPS (after create <system_alias>_HTTP connection), it doesn't work.

Access Fiori Launchpad in Chrome using HTTP (after create <system_alias>_HTTP connection), it works.

One more thing to mention, it seems make no difference what system alias you maintained in LPD_CUST (at least for me).

Now hope this will help you!

Michael




Former Member
0 Kudos

Hi

I tried to do what you said but it did not work for me ... at least I dont know if I did it right... Can you explain me further what else did you did with RFC and other configurations?

Best Regards,

Mariana

former_member205280
Active Participant
0 Kudos

Hi Mariana,

I made a mistake, I found out that only HTTP connection works, the reason why IE works when using HTTPS is because it switch back to HTTP to connect to the back-end system, and Chrome for some security reason blocked the connection.

So I'll make a short list to illustrate what I've done so far:

Fiori RFC Connections

Basically you'll need to create <system_alias>_HTTP RFCs in the Fiori system point to the back-end system for every entry in /UI2/V_SYSALIAS, (if doesn't work, try deleted the _HTTPS RFCs for testing purpose).

Fiori Launchpad System Alias

I just changed the system alias for the individual lancupad to the default in LDP_CUST.

Remove the global system alias settings in /UI2/V_ALIASMAP

That's all, this's not a nice way to solve the problem, but I can't find another way, still no response from SAP.

Regards,

Michael

Former Member
0 Kudos

Hi Michael,

I've tested and indeed it Works... but as the RFC is HTTP and my fiori is configured to work with HTTPS, the browser throws an Mixed Content Alert (some content are HTTP and others HTTPS) showing the grey shield (Chrome) in the address bar. This is an issue for me because it prevents me to use the general lauchpad on mobile devices ... Because on mobile devices I can not bypass the alert

BR,

Mariana

former_member205280
Active Participant
0 Kudos

Hi Mariana,

After done few more tests, I finally solved the problem, guess SAP didn't tell that you'll need an Web Dispatcher.

Remove those _HTTP RFCs in Fiori system, and re-create _HTTPS RFCs if you've deleted them as I did.

You also need to configure HTTPS  in Web Dispatcher as well as mentioned in SAP S/4 HANA Fiori Basic Network and Security Configuration.

Configure the the Web Dispatcher instance profile, for example:

wdisp/system_0 = SID=<Fiori_SID>, MSHOST=<fiori.xxxxx.com>, MSPORT=<message_service_port>, SRCSRV=*:80;*:443, SRCURL=/sap/bc/ui2/flp;/sap/opu/;/sap/bc/ui2/;/sap/bc/apc/;/sap/bc/ui5_ui5/;/sap/public/bc/;/sap/saml2/;/ui2/nwbc/;/resources/sap/dfa/help/, CLIENT=430

wdisp/system_1 = SID=<Backend_SID>, MSHOST=<prd.xxxxx.com>, MSPORT=<message_service_port>, SRCSRV=*:80;*:443, SRCURL=/sap/es/;/sap/bw/ina/;/sap/bw/Mime/DS/Content/;/sap/bc/gui/sap/its/;/sap/public/icmandir/, CLIENT=800

icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=300, EXTBIND=1

icm/server_port_1 = PROT=HTTP, PORT=80, TIMEOUT=300, EXTBIND=1

Then access Launchpad using Web Dispatcher host instead of fiori's.

Hope this will finally help you, or if you've figured it out another way, you're very welcomed to share it with us!

Regards,

Michael

Former Member
0 Kudos

Hi Michael,

Well, that might be a solution for a productive system... but I dont think for QA and DEV systems is the way to solve it ... just because those environments are internal Access only and webdispatcher, is for actívate the internet access to the infrastructure...

Thales commented to me on the ticket there was an issue with the mysso2 sicf service and the domain resolved (different from the one is configured for the systems) .... so he has changed the ticket's component but for now is still in processing....

I think there is a serious issue with SSL communication because if it works without SSL ... why it does not work with SSL????

If I get an update from SAP I will let you know...

BR,

Mariana

0 Kudos

Hi Mariana,

Are you having this problem with laptop/desktop devices, tablets, and/or mobile devices, either iOS or Android? 

Thanks, Mike

SAP Technology RIG

Former Member
0 Kudos

Hi Michael,

I'm testing the fiori launchpad on a few laptops and in all of them throws the same error...well is not an error but it prompt the logon page.... I think the trans/webdynpro apps  are only configure for laptop....

Thanks Mike, hope you can help me...

BR,

Mariana