SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 1

Implementing SSO between the

Enterprise Portal and the EPM

Add-In

Applies to

SAP BusinessObjects Planning and Consolidation 10 version for SAP NetWeaver SP1 and higher

EPM Add-In SP3 and higher For more information visit the Enterprise Performance Management homepage

Summary

One of the major changes to SAP BusinessObjects Planning and Consolidation 10 version for SAP NetWeaver was moving to a more standard BW security model which was made possible by replacing the NET tier with the ABAP Web Application Server (WAS) This change allows us to connect to a BPC NetWeaver connection in the EPM Add-In directly from the portal without having to enter any user credentials giving Enterprise Portal customers a new deployment option

The SSO scenario covered in this guide can be incorporated into an existing Enterprise Portal implementation with minimal effort

Author Daniel Settanni

Company SAP Labs

Created on 2 December 2011

Author Bio

Daniel Settanni has worked SAP Labs in the EPM CSA for the last 5 years He specializes in SAP BusinessObjects Planning and Consolidation both the Microsoft and NetWeaver releases

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 2

Table of Contents

Prerequisites 3

Overview 4

Integration between the Enterprise Portal and BPC 10 for NetWeaverrsquos web client 4

Integration between the Enterprise Portal and BPC 10 for NetWeaverrsquos Office client (EPM Add-In) 5

Why would I want to integrate the Enterprise Portal with BPC 10 5

Whatrsquos included in the Web Application 6

Quick note on security 6

Importing the Web Project to NWDS 7

Importing the WAR file into NWDS 7

Adding References to the Apache HttpClient Libraries 8

Updating the Deployment Descriptor 9

Deploying the Web Application 11

Creating the Enterprise Application 11

Deploying the Enterprise Application 12

Testing the Web Application 14

Testing the Servlet 14

Using the Test JSP Page 16

Related Content 17

Copyright 18

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 3

Prerequisites

This solution depends on

An AS Java instance with the Enterprise Portal components installed

An AS ABAP instance with SAP BusinessObjects Planning and Consolidation 10 version for SAP NetWeaver SP1 or higher installed

The EPM Add-In SP3 or higher

NetWeaver Developer Studio (NWDS) 73

Apache HTTPComponents gt HttpClient 412

o Can be downloaded from httphcapacheorgdownloadscgi

o Required for proper cookie support (needed to generate reentrance tickets)

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 3

Prerequisites

This solution depends on

An AS Java instance with the Enterprise Portal components installed

An AS ABAP instance with SAP BusinessObjects Planning and Consolidation 10 version for SAP NetWeaver SP1 or higher installed

The EPM Add-In SP3 or higher

NetWeaver Developer Studio (NWDS) 73

Apache HTTPComponents gt HttpClient 412

o Can be downloaded from httphcapacheorgdownloadscgi

o Required for proper cookie support (needed to generate reentrance tickets)

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 4

Overview

The underlying architecture of SAP BusinessObjects Planning and Consolidation 10 version for SAP NetWeaver (herein referred to as BPC or BPC 10) has changed from its previous releases Specifically the NET server which previously supported Web operations has been replaced with the SAP ABAP Web Application Server (WAS) Due to this new architectural component BPC now supports SAP Logon tickets which allow users to authenticate to one SAP system and seamlessly logon to another trusted SAP system without having to reenter their credentials

This how-to guide provides a web application that can be deployed alongside the Enterprise Portal on an AS Java stack allowing you to launch the EPM Add-In directly from the portal without having to enter credentials a second time

Integration between the Enterprise Portal and BPC 10 for NetWeaverrsquos web client

Integrating the Enterprise Portal with the BPC 10 for NetWeaver web interface is a straight forward process and is supported by default You can simply create a new page in Portal Content making the BPC 10 for NetWeaver web client URL the target and you are ready to go As long as the AS ABAP server trusts the AS Java server users can seamlessly log into the BPC web client from the Portal A user can then launch the EPM Add-In from the BPC web client using the link provided in the web client home page

The basic flow is as follows

The only potential issue here is that a user has to go to the BPC web client even if they only want to use the EPM Add-In Itrsquos only a few extra steps but still not optimal In the next section we will explain how we can remove these extra steps to allow the user to log into the EPM Add-In directly

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 5

Integration between the Enterprise Portal and BPC 10 for NetWeaverrsquos Office client (EPM Add-In)

Now that we have seen what is possible ldquoout of the boxrdquo letrsquos look at the solution provided by this How-To guide It is very similar to the one above with one key difference the user doesnrsquot have to navigate to the BPC 10 web client to launch the EPM Add-In Instead they can click on a link directly in the portal which bypasses the BPC 10 web client completely The target in the link is the custom web application included in this HTG This web application communicates with the BPC 10 web services for the client obtains the reentrance ticket and passes it to the EPM Add-In

The basic flow for this scenario is as follows

Why would I want to integrate the Enterprise Portal with BPC 10

So why would someone want to enable SSO between the Enterprise Portal and their BPC 10 NetWeaver installation Wersquove already covered one reason seamless authentication but there is another equally valid reason ndash to enable additional authentication scenarios Currently the web client and EPM Add-In support three basic types of authentication and in each case the credentials are all stored in BW

Basic Forms based o Credentials are stored in BW

X509 Client Certificates o X509 certificates are stored in BW and mapped to BW users

SAP Logon Tickets o Allows users to login to the EPM Add-In without entering credentials when launched from

the web client

If you are familiar with authentication in the previous releases you will notice that authentication using Active Directory credentials is not supported (this was the only supported mechanism previously) Integration with the Enterprise Portal puts this option back on the table because AS Java supports using LDAP as a data source with the UME This means that you can still use Active Directory credentials to authenticate to BPC 10 for NetWeaver assuming the Enterprise Portal is your starting point

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 6

Whatrsquos included in the Web Application

The web application includes three classes and one JSP in addition to all the standard web application components The Java source is also included in the WAR file in case you want to tweak anything or just get more insight on how this was implemented

comsapcsabpcEPM_AddIn_Launcherjava o Description Servlet implementation providing the core functionality for the HTG o Default URI PCNW10_SSO_EAEPM_AddIn_Launcher

comsapcsabpcHostDescriptorjava o Description Standard ldquobeanrdquo style class used to store connectivity information for the BPC

10 NetWeaver AS ABAP Web Application Server (WAS)

comsapcsabpcReentranceDetailsjava o Description Stores the Reentrance token and logs associated with retrieving the token

indexjsp o Description A basic JSP really just an HTML form that allows you to test calling the

EPM_AddIn_Launcher servlet with different hostportprotocolenvironment parameters using the GET and POST HTTP methods

o Default URI PCNW10_SSO_EAindexjsp

Note You can change the default context root (PCNW10_SSO_EA) in the enterprise applications applicationxml file This change would not require any changes in the web app

You can also change the default servlet URI (EPM_AddIn_Launcher) in the web applications webxml file You will have to update the form actions in indexjsp if you change the servlet URI

Quick note on security

Two sensitive pieces of information get passed between the client and the Portal during this process the SAP Logon Ticket and the Reentrance Ticket These tickets could be compromised if the end user accesses the Portal without using SSL Due to this SSL (HTTPS) must be used when deploying this solution in production

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 7

Importing the Web Project to NWDS

This section covers importing the PCNW10_SSO_WPwar file into NWDS as well as adding references to the libraries included with the Apache HttpClient 412

The PCNW10_SS_WPwar file can be downloaded here

PCNW10_SS_WPwar file

Importing the WAR file into NWDS

1 Launch NWDS

2 Select File gt Import

3 Expand ldquoWebrdquo and select ldquoWar Filerdquo Click Next

4 Enter the path to ldquoPCNW10_SSO_WPwarrdquo in the ldquoWar filerdquo text box then click ldquoFinishrdquo

5 You should now see the ldquoPCNW10_SSO_WPrdquo project in Project Explorer

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 5

Integration between the Enterprise Portal and BPC 10 for NetWeaverrsquos Office client (EPM Add-In)

Now that we have seen what is possible ldquoout of the boxrdquo letrsquos look at the solution provided by this How-To guide It is very similar to the one above with one key difference the user doesnrsquot have to navigate to the BPC 10 web client to launch the EPM Add-In Instead they can click on a link directly in the portal which bypasses the BPC 10 web client completely The target in the link is the custom web application included in this HTG This web application communicates with the BPC 10 web services for the client obtains the reentrance ticket and passes it to the EPM Add-In

The basic flow for this scenario is as follows

Why would I want to integrate the Enterprise Portal with BPC 10

So why would someone want to enable SSO between the Enterprise Portal and their BPC 10 NetWeaver installation Wersquove already covered one reason seamless authentication but there is another equally valid reason ndash to enable additional authentication scenarios Currently the web client and EPM Add-In support three basic types of authentication and in each case the credentials are all stored in BW

Basic Forms based o Credentials are stored in BW

X509 Client Certificates o X509 certificates are stored in BW and mapped to BW users

SAP Logon Tickets o Allows users to login to the EPM Add-In without entering credentials when launched from

the web client

If you are familiar with authentication in the previous releases you will notice that authentication using Active Directory credentials is not supported (this was the only supported mechanism previously) Integration with the Enterprise Portal puts this option back on the table because AS Java supports using LDAP as a data source with the UME This means that you can still use Active Directory credentials to authenticate to BPC 10 for NetWeaver assuming the Enterprise Portal is your starting point

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 6

Whatrsquos included in the Web Application

The web application includes three classes and one JSP in addition to all the standard web application components The Java source is also included in the WAR file in case you want to tweak anything or just get more insight on how this was implemented

comsapcsabpcEPM_AddIn_Launcherjava o Description Servlet implementation providing the core functionality for the HTG o Default URI PCNW10_SSO_EAEPM_AddIn_Launcher

comsapcsabpcHostDescriptorjava o Description Standard ldquobeanrdquo style class used to store connectivity information for the BPC

10 NetWeaver AS ABAP Web Application Server (WAS)

comsapcsabpcReentranceDetailsjava o Description Stores the Reentrance token and logs associated with retrieving the token

indexjsp o Description A basic JSP really just an HTML form that allows you to test calling the

EPM_AddIn_Launcher servlet with different hostportprotocolenvironment parameters using the GET and POST HTTP methods

o Default URI PCNW10_SSO_EAindexjsp

Note You can change the default context root (PCNW10_SSO_EA) in the enterprise applications applicationxml file This change would not require any changes in the web app

You can also change the default servlet URI (EPM_AddIn_Launcher) in the web applications webxml file You will have to update the form actions in indexjsp if you change the servlet URI

Quick note on security

Two sensitive pieces of information get passed between the client and the Portal during this process the SAP Logon Ticket and the Reentrance Ticket These tickets could be compromised if the end user accesses the Portal without using SSL Due to this SSL (HTTPS) must be used when deploying this solution in production

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 7

Importing the Web Project to NWDS

This section covers importing the PCNW10_SSO_WPwar file into NWDS as well as adding references to the libraries included with the Apache HttpClient 412

The PCNW10_SS_WPwar file can be downloaded here

PCNW10_SS_WPwar file

Importing the WAR file into NWDS

1 Launch NWDS

2 Select File gt Import

3 Expand ldquoWebrdquo and select ldquoWar Filerdquo Click Next

4 Enter the path to ldquoPCNW10_SSO_WPwarrdquo in the ldquoWar filerdquo text box then click ldquoFinishrdquo

5 You should now see the ldquoPCNW10_SSO_WPrdquo project in Project Explorer

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 6

Whatrsquos included in the Web Application

The web application includes three classes and one JSP in addition to all the standard web application components The Java source is also included in the WAR file in case you want to tweak anything or just get more insight on how this was implemented

comsapcsabpcEPM_AddIn_Launcherjava o Description Servlet implementation providing the core functionality for the HTG o Default URI PCNW10_SSO_EAEPM_AddIn_Launcher

comsapcsabpcHostDescriptorjava o Description Standard ldquobeanrdquo style class used to store connectivity information for the BPC

10 NetWeaver AS ABAP Web Application Server (WAS)

comsapcsabpcReentranceDetailsjava o Description Stores the Reentrance token and logs associated with retrieving the token

indexjsp o Description A basic JSP really just an HTML form that allows you to test calling the

EPM_AddIn_Launcher servlet with different hostportprotocolenvironment parameters using the GET and POST HTTP methods

o Default URI PCNW10_SSO_EAindexjsp

Note You can change the default context root (PCNW10_SSO_EA) in the enterprise applications applicationxml file This change would not require any changes in the web app

You can also change the default servlet URI (EPM_AddIn_Launcher) in the web applications webxml file You will have to update the form actions in indexjsp if you change the servlet URI

Quick note on security

Two sensitive pieces of information get passed between the client and the Portal during this process the SAP Logon Ticket and the Reentrance Ticket These tickets could be compromised if the end user accesses the Portal without using SSL Due to this SSL (HTTPS) must be used when deploying this solution in production

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 7

Importing the Web Project to NWDS

This section covers importing the PCNW10_SSO_WPwar file into NWDS as well as adding references to the libraries included with the Apache HttpClient 412

The PCNW10_SS_WPwar file can be downloaded here

PCNW10_SS_WPwar file

Importing the WAR file into NWDS

1 Launch NWDS

2 Select File gt Import

3 Expand ldquoWebrdquo and select ldquoWar Filerdquo Click Next

4 Enter the path to ldquoPCNW10_SSO_WPwarrdquo in the ldquoWar filerdquo text box then click ldquoFinishrdquo

5 You should now see the ldquoPCNW10_SSO_WPrdquo project in Project Explorer

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 7

Importing the Web Project to NWDS

This section covers importing the PCNW10_SSO_WPwar file into NWDS as well as adding references to the libraries included with the Apache HttpClient 412

The PCNW10_SS_WPwar file can be downloaded here

PCNW10_SS_WPwar file

Importing the WAR file into NWDS

1 Launch NWDS

2 Select File gt Import

3 Expand ldquoWebrdquo and select ldquoWar Filerdquo Click Next

4 Enter the path to ldquoPCNW10_SSO_WPwarrdquo in the ldquoWar filerdquo text box then click ldquoFinishrdquo

5 You should now see the ldquoPCNW10_SSO_WPrdquo project in Project Explorer

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 8

Adding References to the Apache HttpClient Libraries

1 Download ldquohttpcomponents-client-412-binziprdquo from httphcapacheorgdownloadscgi and extract

it

2 Right click the ldquoPCNW10_SSO_WPrdquo project in your NWDS Project Explorer and select ldquoPropertiesrdquo

3 Select ldquoJava Build Pathrdquo and click ldquoAdd External JARshelliprdquo on the Libraries tab

4 Browse to ldquohttpcomponents-client-412librdquo and select all 6 JAR files Click Open

5 Click ldquoOKrdquo in the Properties window

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 9

Updating the Deployment Descriptor

The deployment descriptor contains the following initialization parameters used by the servlet

host ndash The fully qualified domain name or IP address of the AS ABAP instance hosting BPC 10 NetWeaver

port ndash The TCP port used by the Web Application Server hosting the BPC 10 NetWeaver instance

protocol ndash Either HTTP or HTTPS o Note ndash If you select HTTPS you must ensure that your AS Java system trusts the WAS

servers certificate and certificate path

environment ndash The default Environment or Appset for the EPM Add-In to connect to unless another is specified in the request

To update the deployment descriptor

1 Launch NWDS

2 Expand PCNW10_SSO_WP and double click on the Deployment Descriptor

3 Ensure you are looking at the Design View

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 10

4 Expand web-app gt servlet There are four init-param blocks one for each initialization parameter Expand the first init-param (param-name = host) and update the param-value to reflect the FQDN or IP address of your BPC 10 for NetWeaver WAS server

5 Expand the second init-param (param-name = port) and update the param-value to reflect the TCP port of your BPC 10 for NetWeaver WAS server

6 Expand the third init-param (param-name = protocol) and update the param-value to reflect the transport protocol to use when connecting to your BPC 10 for NetWeaver WAS server

Note You should use HTTPS in a production landscape to ensure that the SAP Logon Ticket and Reentrance Tickets donrsquot cross the network in clear text unless you are certain that communication between the AS Java and AS ABAP systems is on a trusted network

7 Expand the fourth init-param (param-name = environment) and update the param-value to reflect the default environment (appset) to use if one is not provided in the HTTP request

8 Save the deployment descriptor (webxml) using File gt Save or CTRL + S

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 11

Deploying the Web Application

Web applications are deployed to the Enterprise Portal via NetWeaver Developer Studio (NWDS) This section provides step-by-step instructions for creating and deploying our new Enterprise Application

Creating the Enterprise Application

1 Launch NWDS

2 Click File gt New gt Enterprise Application Project

3 Enter ldquoPCNW10_SSO_EArdquo as the project name Click Next

4 Select ldquoPCNW10_SSO_WPrdquo as a Java EE Module Dependency and select ldquoGenerate applicationxml deployment descriptorrdquo Click Finish

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 12

5 Right click on the project ldquoPCNW10_SSO_EArdquo in the Project Explorer and select Properties

6 Select the Server page select the server you want to deploy this project to and click OK

Tip You can add servers by navigating to Window gt Preferences gt SAP AS Java and clicking ldquoAddrdquo

Deploying the Enterprise Application

1 Open the J2EE Perspective by clicking on the ldquoOpen Perspectiverdquo button in the upper right hand of

the NWDS display and selecting ldquoOtherrdquo

2 Select ldquoJava EErdquo and click OK

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 13

3 Switch to the Serverrsquos tab in the bottom pane

4 Right click your server and select ldquoAddRemoverdquo

5 Select ldquoPCNW10_SSO_EArdquo and click the ldquoAdd gtrdquo button Click Finish

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 14

6 Right click ldquoPCNW10_SSO_EArdquo in the Servers tab and select Publish

7 Verify the project deployed successfully in the Deployment View Console tab

Testing the Web Application

We will perform two tests in this section

In the first test we will navigate to the servlet directly This will launch the EPM Add-In using the server port protocol and environment that you specified in the deployment descriptor This test provides a viable solution for simple integration scenarios where users only access a single environment hosted on a single server

The servlet responsible for launching the EPM Add-In can also use URL parameters to override the default server port protocol andor environment specified in the deployment descriptor In the second test we will use a JSP page included in the web application to override the host we specified in the deployment descriptor The JSP page creates the appropriate URL based on your specifications and can be used to generate links for more complex integration scenarios (ie where there are multiple BPC 10 NetWeaver servers and environments)

Testing the Servlet

1 Launch internet explorer and navigate to the servlet Default URL is httpas_java_serverportPCNW10_SSO_WPEPM_AddIn_Launcher

2 You will receive a message stating that the MYSAPSSO2 logon cookie was not detected Click the

link provided to log into the Enterprise Portal

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 10

4 Expand web-app gt servlet There are four init-param blocks one for each initialization parameter Expand the first init-param (param-name = host) and update the param-value to reflect the FQDN or IP address of your BPC 10 for NetWeaver WAS server

5 Expand the second init-param (param-name = port) and update the param-value to reflect the TCP port of your BPC 10 for NetWeaver WAS server

6 Expand the third init-param (param-name = protocol) and update the param-value to reflect the transport protocol to use when connecting to your BPC 10 for NetWeaver WAS server

Note You should use HTTPS in a production landscape to ensure that the SAP Logon Ticket and Reentrance Tickets donrsquot cross the network in clear text unless you are certain that communication between the AS Java and AS ABAP systems is on a trusted network

7 Expand the fourth init-param (param-name = environment) and update the param-value to reflect the default environment (appset) to use if one is not provided in the HTTP request

8 Save the deployment descriptor (webxml) using File gt Save or CTRL + S

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 11

Deploying the Web Application

Web applications are deployed to the Enterprise Portal via NetWeaver Developer Studio (NWDS) This section provides step-by-step instructions for creating and deploying our new Enterprise Application

Creating the Enterprise Application

1 Launch NWDS

2 Click File gt New gt Enterprise Application Project

3 Enter ldquoPCNW10_SSO_EArdquo as the project name Click Next

4 Select ldquoPCNW10_SSO_WPrdquo as a Java EE Module Dependency and select ldquoGenerate applicationxml deployment descriptorrdquo Click Finish

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 12

5 Right click on the project ldquoPCNW10_SSO_EArdquo in the Project Explorer and select Properties

6 Select the Server page select the server you want to deploy this project to and click OK

Tip You can add servers by navigating to Window gt Preferences gt SAP AS Java and clicking ldquoAddrdquo

Deploying the Enterprise Application

1 Open the J2EE Perspective by clicking on the ldquoOpen Perspectiverdquo button in the upper right hand of

the NWDS display and selecting ldquoOtherrdquo

2 Select ldquoJava EErdquo and click OK

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 13

3 Switch to the Serverrsquos tab in the bottom pane

4 Right click your server and select ldquoAddRemoverdquo

5 Select ldquoPCNW10_SSO_EArdquo and click the ldquoAdd gtrdquo button Click Finish

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 14

6 Right click ldquoPCNW10_SSO_EArdquo in the Servers tab and select Publish

7 Verify the project deployed successfully in the Deployment View Console tab

Testing the Web Application

We will perform two tests in this section

In the first test we will navigate to the servlet directly This will launch the EPM Add-In using the server port protocol and environment that you specified in the deployment descriptor This test provides a viable solution for simple integration scenarios where users only access a single environment hosted on a single server

The servlet responsible for launching the EPM Add-In can also use URL parameters to override the default server port protocol andor environment specified in the deployment descriptor In the second test we will use a JSP page included in the web application to override the host we specified in the deployment descriptor The JSP page creates the appropriate URL based on your specifications and can be used to generate links for more complex integration scenarios (ie where there are multiple BPC 10 NetWeaver servers and environments)

Testing the Servlet

1 Launch internet explorer and navigate to the servlet Default URL is httpas_java_serverportPCNW10_SSO_WPEPM_AddIn_Launcher

2 You will receive a message stating that the MYSAPSSO2 logon cookie was not detected Click the

link provided to log into the Enterprise Portal

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 11

Deploying the Web Application

Web applications are deployed to the Enterprise Portal via NetWeaver Developer Studio (NWDS) This section provides step-by-step instructions for creating and deploying our new Enterprise Application

Creating the Enterprise Application

1 Launch NWDS

2 Click File gt New gt Enterprise Application Project

3 Enter ldquoPCNW10_SSO_EArdquo as the project name Click Next

4 Select ldquoPCNW10_SSO_WPrdquo as a Java EE Module Dependency and select ldquoGenerate applicationxml deployment descriptorrdquo Click Finish

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 12

5 Right click on the project ldquoPCNW10_SSO_EArdquo in the Project Explorer and select Properties

6 Select the Server page select the server you want to deploy this project to and click OK

Tip You can add servers by navigating to Window gt Preferences gt SAP AS Java and clicking ldquoAddrdquo

Deploying the Enterprise Application

1 Open the J2EE Perspective by clicking on the ldquoOpen Perspectiverdquo button in the upper right hand of

the NWDS display and selecting ldquoOtherrdquo

2 Select ldquoJava EErdquo and click OK

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 13

3 Switch to the Serverrsquos tab in the bottom pane

4 Right click your server and select ldquoAddRemoverdquo

5 Select ldquoPCNW10_SSO_EArdquo and click the ldquoAdd gtrdquo button Click Finish

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 14

6 Right click ldquoPCNW10_SSO_EArdquo in the Servers tab and select Publish

7 Verify the project deployed successfully in the Deployment View Console tab

Testing the Web Application

We will perform two tests in this section

In the first test we will navigate to the servlet directly This will launch the EPM Add-In using the server port protocol and environment that you specified in the deployment descriptor This test provides a viable solution for simple integration scenarios where users only access a single environment hosted on a single server

The servlet responsible for launching the EPM Add-In can also use URL parameters to override the default server port protocol andor environment specified in the deployment descriptor In the second test we will use a JSP page included in the web application to override the host we specified in the deployment descriptor The JSP page creates the appropriate URL based on your specifications and can be used to generate links for more complex integration scenarios (ie where there are multiple BPC 10 NetWeaver servers and environments)

Testing the Servlet

1 Launch internet explorer and navigate to the servlet Default URL is httpas_java_serverportPCNW10_SSO_WPEPM_AddIn_Launcher

2 You will receive a message stating that the MYSAPSSO2 logon cookie was not detected Click the

link provided to log into the Enterprise Portal

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 12

5 Right click on the project ldquoPCNW10_SSO_EArdquo in the Project Explorer and select Properties

6 Select the Server page select the server you want to deploy this project to and click OK

Tip You can add servers by navigating to Window gt Preferences gt SAP AS Java and clicking ldquoAddrdquo

Deploying the Enterprise Application

1 Open the J2EE Perspective by clicking on the ldquoOpen Perspectiverdquo button in the upper right hand of

the NWDS display and selecting ldquoOtherrdquo

2 Select ldquoJava EErdquo and click OK

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 13

3 Switch to the Serverrsquos tab in the bottom pane

4 Right click your server and select ldquoAddRemoverdquo

5 Select ldquoPCNW10_SSO_EArdquo and click the ldquoAdd gtrdquo button Click Finish

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 14

6 Right click ldquoPCNW10_SSO_EArdquo in the Servers tab and select Publish

7 Verify the project deployed successfully in the Deployment View Console tab

Testing the Web Application

We will perform two tests in this section

In the first test we will navigate to the servlet directly This will launch the EPM Add-In using the server port protocol and environment that you specified in the deployment descriptor This test provides a viable solution for simple integration scenarios where users only access a single environment hosted on a single server

The servlet responsible for launching the EPM Add-In can also use URL parameters to override the default server port protocol andor environment specified in the deployment descriptor In the second test we will use a JSP page included in the web application to override the host we specified in the deployment descriptor The JSP page creates the appropriate URL based on your specifications and can be used to generate links for more complex integration scenarios (ie where there are multiple BPC 10 NetWeaver servers and environments)

Testing the Servlet

1 Launch internet explorer and navigate to the servlet Default URL is httpas_java_serverportPCNW10_SSO_WPEPM_AddIn_Launcher

2 You will receive a message stating that the MYSAPSSO2 logon cookie was not detected Click the

link provided to log into the Enterprise Portal

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 13

3 Switch to the Serverrsquos tab in the bottom pane

4 Right click your server and select ldquoAddRemoverdquo

5 Select ldquoPCNW10_SSO_EArdquo and click the ldquoAdd gtrdquo button Click Finish

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 14

6 Right click ldquoPCNW10_SSO_EArdquo in the Servers tab and select Publish

7 Verify the project deployed successfully in the Deployment View Console tab

Testing the Web Application

We will perform two tests in this section

In the first test we will navigate to the servlet directly This will launch the EPM Add-In using the server port protocol and environment that you specified in the deployment descriptor This test provides a viable solution for simple integration scenarios where users only access a single environment hosted on a single server

The servlet responsible for launching the EPM Add-In can also use URL parameters to override the default server port protocol andor environment specified in the deployment descriptor In the second test we will use a JSP page included in the web application to override the host we specified in the deployment descriptor The JSP page creates the appropriate URL based on your specifications and can be used to generate links for more complex integration scenarios (ie where there are multiple BPC 10 NetWeaver servers and environments)

Testing the Servlet

1 Launch internet explorer and navigate to the servlet Default URL is httpas_java_serverportPCNW10_SSO_WPEPM_AddIn_Launcher

2 You will receive a message stating that the MYSAPSSO2 logon cookie was not detected Click the

link provided to log into the Enterprise Portal

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 14

6 Right click ldquoPCNW10_SSO_EArdquo in the Servers tab and select Publish

7 Verify the project deployed successfully in the Deployment View Console tab

Testing the Web Application

We will perform two tests in this section

In the first test we will navigate to the servlet directly This will launch the EPM Add-In using the server port protocol and environment that you specified in the deployment descriptor This test provides a viable solution for simple integration scenarios where users only access a single environment hosted on a single server

The servlet responsible for launching the EPM Add-In can also use URL parameters to override the default server port protocol andor environment specified in the deployment descriptor In the second test we will use a JSP page included in the web application to override the host we specified in the deployment descriptor The JSP page creates the appropriate URL based on your specifications and can be used to generate links for more complex integration scenarios (ie where there are multiple BPC 10 NetWeaver servers and environments)

Testing the Servlet

1 Launch internet explorer and navigate to the servlet Default URL is httpas_java_serverportPCNW10_SSO_WPEPM_AddIn_Launcher

2 You will receive a message stating that the MYSAPSSO2 logon cookie was not detected Click the

link provided to log into the Enterprise Portal

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 15

3 Enter your Enterprise Portal credentials

4 Navigate back to the URL provided in step 1 You will see the Reentrance Token used as output in Internet Explorer

5 The EPM Add-In will be launched providing you with one of two logon prompts

a If you already have a connection in the EPM Add-In for the specified host you will be logged in automatically

b If you donrsquot have a connection in the EPM Add-In for the specified host you will be prompted to select which application to log into

Note When deploying this on the portal you can launch the servlet in a hidden IFrame to keep the details from being displayed to end users

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 16

Using the Test JSP Page

In this section we will use the provided JSP page to override the hostname we specified for the BPC 10 NetWeaver server (in the deployment descriptor) with the IP address In real life you would change parameters to match the various BPC 10 NetWeaver environments that you want to integrate with the Enterprise Portal You could add the resulting URLrsquos as portal content to complete your integration scenario

1 Launch internet explorer and navigate to the test page Default URL is httpas_java_serverportPCNW10_SSO_WPindexjsp

2 Select GET as your HTTP method and change one of the hostportprotocolenvironment parameters to another valid value

Note The most likely candidates for things you can change are the host (use IP Address if you specified the FQDN in the deployment descriptor or vice-versa) and environment

Note HTTP GET requests pass parameters via the URL while POST requests pass parameters in the request body

The servlet supports both but GET is much easier to demonstrate since the URL is easily viewed

3 Click ldquoTest it Outrdquo

Note If the servlet fails to find the MYSAPSSO2 cookie log into the portal then navigate back to the test JSP page

4 Note the URL for the servlet ndash it now includes an HTTP parameter for hostportprotocol and environment You can use these parameters to tell the servlet to launch the EPM Add-In against different BPC 10 instances andor environments

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 16

Using the Test JSP Page

In this section we will use the provided JSP page to override the hostname we specified for the BPC 10 NetWeaver server (in the deployment descriptor) with the IP address In real life you would change parameters to match the various BPC 10 NetWeaver environments that you want to integrate with the Enterprise Portal You could add the resulting URLrsquos as portal content to complete your integration scenario

1 Launch internet explorer and navigate to the test page Default URL is httpas_java_serverportPCNW10_SSO_WPindexjsp

2 Select GET as your HTTP method and change one of the hostportprotocolenvironment parameters to another valid value

Note The most likely candidates for things you can change are the host (use IP Address if you specified the FQDN in the deployment descriptor or vice-versa) and environment

Note HTTP GET requests pass parameters via the URL while POST requests pass parameters in the request body

The servlet supports both but GET is much easier to demonstrate since the URL is easily viewed

3 Click ldquoTest it Outrdquo

Note If the servlet fails to find the MYSAPSSO2 cookie log into the portal then navigate back to the test JSP page

4 Note the URL for the servlet ndash it now includes an HTTP parameter for hostportprotocol and environment You can use these parameters to tell the servlet to launch the EPM Add-In against different BPC 10 instances andor environments

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 17

Related Content

BPC 10 for NetWeaver Authentication Scenarios Blog

Implementing Client Certificate Authentication in SAP BusinessObjects Planning and Consolidation 100 version for NetWeaver

SBOP PC 10 for NetWeaver Security Guide

SAP NetWeaver 73 Security Guide gt User Authentication and SSO

For more information visit the Enterprise Performance Management homepage

SAP COMMUNITY NETWORK SDN - sdnsapcom | BPX - bpxsapcom | BOC - bocsapcom | UAC - uacsapcom

copy 2011 SAP AG 18

Copyright

copy Copyright 2011 SAP AG All rights reserved

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG The information contained herein may be changed without prior notice

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors

Microsoft Windows Excel Outlook and PowerPoint are registered trademarks of Microsoft Corporation

IBM DB2 DB2 Universal Database System i System i5 System p System p5 System x System z System z10 System z9 z10 z9 iSeries pSeries xSeries zSeries eServer zVM zOS i5OS S390 OS390 OS400 AS400 S390 Parallel Enterprise Server PowerVM Power Architecture POWER6+ POWER6 POWER5+ POWER5 POWER OpenPower PowerPC BatchPipes BladeCenter System Storage GPFS HACMP RETAIN DB2 Connect RACF Redbooks OS2 Parallel Sysplex MVSESA AIX Intelligent Miner WebSphere Netfinity Tivoli and Informix are trademarks or registered trademarks of IBM Corporation

Linux is the registered trademark of Linus Torvalds in the US and other countries

Adobe the Adobe logo Acrobat PostScript and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States andor other countries

Oracle is a registered trademark of Oracle Corporation

UNIX XOpen OSF1 and Motif are registered trademarks of the Open Group

Citrix ICA Program Neighborhood MetaFrame WinFrame VideoFrame and MultiWin are trademarks or registered trademarks of Citrix Systems Inc

HTML XML XHTML and W3C are trademarks or registered trademarks of W3Creg World Wide Web Consortium Massachusetts Institute of Technology

Java is a registered trademark of Oracle Corporation

JavaScript is a registered trademark of Oracle Corporation used under license for technology invented and implemented by Netscape

SAP R3 SAP NetWeaver Duet PartnerEdge ByDesign SAP Business ByDesign and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries

Business Objects and the Business Objects logo BusinessObjects Crystal Reports Crystal Decisions Web Intelligence Xcelsius and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects SA in the United States and in other countries Business Objects is an SAP company

All other product and service names mentioned are the trademarks of their respective companies Data contained in this document serves informational purposes only National product specifications may vary

These materials are subject to change without notice These materials are provided by SAP AG and its affiliated companies (SAP Group) for informational purposes only without representation or warranty of any kind and SAP Group shall not be liable for errors or omissions with respect to the materials The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services if any Nothing herein should be construed as constituting an additional warranty