Skip to Content

The Motivation for Automating SAP Login

 

Many of us would be working on several SAP systems on any day. If you’re tired of entering the username and password in every SAP system you enter, this document will help you by automating the entrance to SAP landscapes by skipping the logon screen using a simple GuiXT script. GuiXt is based on a simple scripting language.

From version 4.x GuiXT is included with SapGui free of charge. For earlier versions we would have to procure it from Synactive.

Steps to be followed-

  1. Activate GuiXT by navigating to Customize Local Layout (customise_local_layout) and selecting Activate GuiXT.

Activate_GUIXT

    2.   Navigate to C Drive and create a folder and name it – GuiXT

Nav2CDrive

    3.   Create a subfolder and name it – Scripts

CR8_Scripts_folder

    4.   Now create a report program with code-

*External files        : None
*SAP Release          : SAP ECC 6.0
*DESCRIPTION: Program to download Logon script for auto-sign in

REPORT  ZAJ_GUIXT no STANDARD PAGE HEADING.
*------------------------------------------------------------------------------*
* DATA TYPE DECLARATION
*------------------------------------------------------------------------------*

data: BEGIN OF it_tab OCCURS 0,
       line_text type string,
      END OF it_tab.
data: filenam type string.
*------------------------------------------------------------------------------*
* SELECTION
*------------------------------------------------------------------------------*
SELECTION-SCREEN BEGIN OF BLOCK b1 WITH FRAME TITLE text-002.
SELECTION-SCREEN COMMENT /1(79) text-001.
parameters: p_file type string default 'c:\guixt\scripts' .
parameters:p_sid(3) type c DEFAULT 'RET',
           p_clnt(3) type c DEFAULT '112',
           p_unam(8) type c default '123456',
           p_pwd type maktx default 'xxxxxx'. " Case Sensitive
SELECTION-SCREEN END OF BLOCK b1.

CONCATENATE 'if V[_database=' p_sid ']' INTO it_tab-line_text.
append it_tab.

CONCATENATE 'Set F[RSYST-MANDT]   "' p_clnt '"' into it_tab-line_text.
append it_tab.

CONCATENATE 'Set F[RSYST-BNAME]   "' p_unam '"' into it_tab-line_text.
append it_tab.

CONCATENATE 'Set F[RSYST-BCODE]   "' p_pwd '"' into it_tab-line_text.
append it_tab.

it_tab-line_text = 'Set F[RSYST-LANGU]   "en"'.
append it_tab.

it_tab-line_text = 'Enter'.
append it_tab.

it_tab-line_text = 'EndIf'.
append it_tab.

CONCATENATE p_file '\Logon.txt' INTO filenam.

CALL FUNCTION 'GUI_DOWNLOAD'
  EXPORTING
*   BIN_FILESIZE                    =
    FILENAME                        = filenam
   FILETYPE                        = 'ASC'
   APPEND                          = 'X'
*   WRITE_FIELD_SEPARATOR           = ' '
 TABLES
    DATA_TAB                        = it_tab
 EXCEPTIONS
   FILE_WRITE_ERROR                = 1
   NO_BATCH                        = 2
   GUI_REFUSE_FILETRANSFER         = 3
   INVALID_TYPE                    = 4
   NO_AUTHORITY                    = 5
   UNKNOWN_ERROR                   = 6
   HEADER_NOT_ALLOWED              = 7
   SEPARATOR_NOT_ALLOWED           = 8
   FILESIZE_NOT_ALLOWED            = 9
   HEADER_TOO_LONG                 = 10
   DP_ERROR_CREATE                 = 11
   DP_ERROR_SEND                   = 12
   DP_ERROR_WRITE                  = 13
   UNKNOWN_DP_ERROR                = 14
   ACCESS_DENIED                   = 15
   DP_OUT_OF_MEMORY                = 16
   DISK_FULL                       = 17
   DP_TIMEOUT                      = 18
   FILE_NOT_FOUND                  = 19
   DATAPROVIDER_EXCEPTION          = 20
   CONTROL_FLUSH_ERROR             = 21
   OTHERS                          = 22
          .
IF SY-SUBRC eq 0.
  message s057(zmsg) WITH filenam.
  else.
 MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF. 
 

5. Execute the code to generate the Logon script.

Xecute_Prog

Note: If your Login script was generated successfully, you should get this message-

Success_MSG

Note: You need to do this ‘One-Time’ task to set the Profile in GuiXT-

6.  Launch GuiXT using the command- ‘GUIXT.EXE VISIBLE’ as shown-

Launch_GuiXT

GuiXT_screen

7. Navigate to Profiles Screen and Provide the path as shown-

Profile_1

8. Your Screen should like below. If not, make necessary changes. The
    highlighted  areas are important. Finally Click on OK.

Profile_2

9.  When you have verified/ changed the GuiXT Profile settings, click OK. In the  
    following pop-up, select Yes. Upon clicking Yes, the window will be closed.

Save_Profile

Now its time to test it!

Launch your Landscape to see it open!

SAP_Logon_Pad

SAP_MENU

Note: Execute the report program to ‘Add’ multiple instances of the Landscape.

If you think this is cumbersome, you may change the Path (here- c:\guixt\scripts) to your shared drive and later change the GuiXT Profile accordingly.

To report this post you need to login first.

30 Comments

You must be Logged on to comment or reply to a post.

  1. Michelle Crapo
    I agree it would be cumbersome.  Password changes would become difficult.  And I’m not sure of the purpose behind the code.

    What was your business reasons?  Why did you write it to begin with?  What kind of journey did you take to come up with this approach?

    Nice start for a first blog.  I just would love to see more of the why along with the how-to.

    Michelle

    (0) 
    1. Ajay Mukundan Post author
      In one of our clients, they had many landscapes- SAP DEV, QUALITY, PROD, PMR, BI, SOLMAN. It was a requirement to have auto-logon pad.

      While giving demo to clients, this helped a lot! How? Sometimes our Tech guy mistypes the password and he gets frustrated when it gets locked! You see him making a couple of phone calls to get the password reset. The duration to fix this would be half an hour. Whereas, if you have the ‘Auto Login’ Setup, you would save the time!

      Am I making some sense?

      (0) 
      1. Michelle Crapo
        OK – I understand why you used it. 

        I’ve been reading the other comments and wait to read your response.  SSO came to my mind when I read this as well.

        (0) 
    1. Ajay Mukundan Post author
      You need to pay for GuiXt Designer. GuiXt which is available by typing ‘guixt visible’ in your Run command is free. GuiXT designer can be used to design your front-end without impacting the actual Gui Screens.

      Am I making some sense?

      Regards,
      Ajay

      (0) 
  2. Olivier CHRETIEN
    Hi,

    Nice explanation but if I understand well the password is stored in a local file on the PC (GuiXt script). If true, this is a security problem.

    The blog is nice to explain GuiXT usage but the problem of passwords is much better solved with the use of SNC single sign on.

    (0) 
    1. Ajay Mukundan Post author
      Hmm… The client followed a ‘one user- one PC’ policy. So, this worked fine! But if there were people working on different shifts, then they could probably save the script in “C:\Documents and Settings\ Username”.

      Our Basis folks were not ‘aware’ of SNC SSO… so I had to develop this utility. I’ll definitely have a look at how this works.

      Regards,
      Ajay

      (0) 
  3. Edgar Soares
    I never used GuiXt, it seems a nice excuse to try it :-).

    I actually use shortcuts to register username and password for several machines, and I do think it’s a security issue, but hey… Those are too many systems these days…

    (0) 
  4. John Moy
    Hi Ajay,

    Thanks for this blog.  Just wondering … was there a portal in the landscape?  If it was configured with SSO (eg. Kerberos) it is a very simple step from there to launch SAPGUI using single sign on, without needing all the manual steps you outlined.

    Rgds

    John

    (0) 
    1. Ajay Mukundan Post author
      Hi John,

      I have neither worked on Portal before nor did the clients have Portal on the landscape. I am guessing it works on NWBC (similar to PMR). Then, I guess this can be configured via SSO.

      Thnx,
      Ajay

      (0) 
  5. Dewang TRIVEDI
    This is really something new for me to learn ….

    Earlier i just though as to why was this option ” Activate GUIxt ” , well now i have a reason for why it is there …

    thanks .

    Keep it up .

    cheers ,
    Dewang

    (0) 
  6. Michael Nicholls
    When you create a shortcut with SAP Logon, you can optionally store a username and password. The shortcuts are stored in a .ini file, so you could edit that with notepad or some other tool.
    (0) 
    1. Ajay Mukundan Post author
      Hi Michael,

      While creating a SAP Logon Shortcut, the password field is disabled and has a comment next to it- ‘Use not recommended’. I guess Passwords can not be stored while creating SAP Logon Shortcuts.

      How is it at your end?

      Rgds,
      Ajay

      (0) 
      1. Michael Nicholls
        I built one 2 minutes ago with SAPGUI 7.20 patch level 7. In the sapshortcut.ini file the pw is stored encoded:

        [Label]
        Key1=SAP T38 800 EN sm04
        [Command]
        Key1=-desc=”T38 [PUBLIC]” -sid=”T38″ -clt=”800″ -u=”training” -l=”EN” -tit=”SAP T38 800 EN sm04″ -cmd=”sm04″ -wd=”C:\Documents and Settings\Administrator\SapWorkDir” -ok=”/nsm04″ -pwenc=”PW_1CE06A4489A0684A”

        (0) 
  7. deepu k
    Good One Ajay,

    Just one Question !

    a. When the password expiration time comes, and at this time, when you try to login to your SAP System (without GUIXT) the system will pop-up a screen which asks to enter the new password.
    b. How does this get treated in the GUIXT usage case?
    c. Will the system do the same when you try to login using the GUIXT or will the login fail ?

    Regards,
    Deepu.

    (0) 
    1. Ajay Mukundan Post author
      Thank Deepu,

      I’m guessing the Login will Fail. This is like recording and play back. It doesn’t check for validations. I would suggest you to check it out. Since my password is set never to expire, I can’t check this scenario.

      Please check and get back.

      Regards,
      Ajay

      (0) 
  8. Jonathan Wilson
    Hi Ajay,

    Unfortunately while this solution may work, it requires a user to store their username and password details in a text file on their PC. Regardless of their IT policy on PC usage, this is not a secure solution and cannot be recommended.

    I would suggest that anyone with a requirement for Single Sign On for SAPGUI investigate the the use of Secure Network Communications (SNC), which offers a secure Kerberos based solution to this requirement. For systems running on the Microsoft platform, SAP provides a complete solution (see Note 352295). For other platforms, solutions are available from OS vendors, and from third-parties (see Note 150380).

    Cheers,
    Jon

    (0) 
    1. Michael Nicholls
      I agree 100%, Jonathan. I can’t believe there would be a reputable auditor anywhere in the world who would be comfortable with this. Entering your ABAP password into an SAP screen except at logon time is a really bad idea. A rogue version of this program could do things like send a version of the details by email or copy tjem to a compleyely different file etc.
      (0) 
      1. Manish Kumar
        Abap program is given only to simplify the process of creating or updating script. You can write the script without running program. The end result is just a plain text file (c:/guixt/scripts/logon.txt) with 5-6 lines each for one logon entry.

        Choice lies with the end user whether he wants to automate the login process or not, just like saving password on frequently used websites.

        (0) 
    2. Ajay Mukundan Post author
      Greetings Jon,

      Thanks for the SNOTES on ‘Single-sign on’. As our BASIS guy was a newbie, he wasn’t of implementing the notes. As a result, I had to go for a ‘work-around’.

      I agree this is not the ‘BEST’ solution for the ‘Security’ part.

      Thanks for correcting me!

      Regards,
      Ajay

      (0) 
  9. Manish Kumar
    Hello. Thanks for the article.
    I followed your steps and it worked like a charm.

    While logging in, I don’t get the option of choosing a client.

    Lets say i have created script for client 111, but i want to login to client 222(same SID). Is there any way to achieve this?

    (0) 
      1. Manish Kumar
        If i make multiple entries for same server but different clients, how will the system know which client i am trying to log into when i choose the shortcut in Logonpad?
        (0) 
  10. Karol Seman
    It is nice example of GuiXT but I would never store my login data in not encrypted text file. I have a feeling that after 1st audit I would be fired …
    (0) 

Leave a Reply