Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
IngoH
Active Contributor

In the last blog we did install all the required software so that we can now configure the BusinessObjects server to allow SAP accounts and SAP roles to leverage the software.

 

In the next step we enable the SAP Authentication on the BusinessObjects Edge server.

The SAP authentication allows the administrator to leverage the SAP users and roles and it allows the end user to leverage functionality like single-sign-on with BusinessObjects Enterprise.

 

I am calling the Central Management Console

...and logon as administrator.

 

After Logon I am presented with the main screen of the Central Management Console  

 

... and can now navigate to the item Authentication (right hand side).

 

I select the SAP Authentication from the list of available authentications and are now presented with the list of SAP Entitlement systems, which in our case is empty because so far we have not configured any systems.

 

I can now enter the System ID and Client number from my SAP system and can then enter either a combination of the Message Server and Logon Group or a Application Server and System number.

 

The credentials used here is to read users and roles and to validate role membership during the authentication process. Please refer to the Installation Guide for the Integration Kit for SAP Solutions (Page 73) to see a detailed list of required authorizations for this user.

 

I enter the details and then click Update to add the system to the list of available entitlement systems.

 

Now I navigate to the tab "Options".

 

Here I can configure multiple items but for now I will only set the Default System to my newly created system and I will set the flag for the option "Automatically import user". By setting this option all users that are assigned to the roles that I will import in the next step will also become BusinessObjects Enterprise users. In case I would not set this option the users would get created based on the rolemembership as part of the initial authentication towards BusinessObjects Enterprise.

 

 

Now I navigate to the tab "Role Import".

 

By importing SAP roles into BusinessObjects Enterprise, you allow role members to log onto BusinessObjects Enterprise with their usual SAP credentials. In addition, single-sign-on is enabled so that SAP users can be logged onto BusinessObjects Enterprise automatically when they access reports from within the SAP GUI or an SAP Enterprise Portal.

 

For each role that is imported BusinessObjects Enterprise generates a user group. Each group is named with the following naming convention:

[SAP system ID] ~ [SAP client number] @  [SAP role]


For example:     R37~800@BOBJ_TRAIN_ROLE_01


I now select the roles that I want to import and click "Add" and then "Update" to import those roles into my BusinessObjects Enterprise system.

 

 

Now I close the SAP Authentication screen and select the item "Users and Groups" to show the imported Groups and User.

 

Here you can see the imported roles and because I did set the option to "Automatically import users" the assigned users of those roles are imported as well.

 

To now validate this I call InfoView and select the SAP Authentication and logon to InfoView with my SAP credentials.

 

In case everything is configured correct you should be able to logon now with the SAP credentials and the SAP account is shown in the top right corner in InfoView

 

 

The user and roles that we imported into the BusinessObjects Enterprise system have no rights / authorizations in the BusinessObjects Enterprise system so far but you can use the standard mechanism to assign rights in the Central Management Console to those users and user groups.

 

For the scenario where you want to use SSO based on tickets with the BusinessObjects Enterprise and the BI System (either from the SAP GUI or via the SAP Enterprise Portal) you need to configure profile parameters in the SAP BI System.

The two profile parameters are:

  • login/accept_sso2_ticket
  • login/create_sso2_ticket
 

 

                 
 

Profile parameter

 
 

Value

 
 

Comment

 
 

login/create_sso2_ticket

 
 

1 or 2

 
 

Use the value 1 if the server possesses a public-key   certificate signed by the SAP CA. Use the value 2 if the certificate is   self-signed. If you are not sure, then use the value 2.

 
 

login/accept_sso2_ticket

 
 

1

 
 

Use the value 1 so that the system will also accept logon   tickets.

 

 

Please also check the SAP documentation for more details and keep in mind that those changes will require to restart the SAP system.

 

I hope you are now at a point where you were able to install everything and you are now able to use your SAP Credentials to authenticate towards the BusinessObjects Enterprise system. In the next part we will configure the publishing of Crystal Reports in combination with SAP BI.

 

For those that missed the installation parts, here are the links to the blogs:

BusinessObjects and SAP - Installation and Configuration Part 1 of 4

BusinessObjects and SAP - Installation and Configuration Part 2 of 4

BusinessObjects and SAP - Installation and Configuration Part 3 of 4

BusinessObjects and SAP - Installation and Configuration Part 4 of 4

53 Comments