Automating SAP Login
The Motivation for Automating SAP Login
Many of us would be working on several SAP systems on any day. If you’re tired of entering the username and password in every SAP system you enter, this document will help you by automating the entrance to SAP landscapes by skipping the logon screen using a simple GuiXT script. GuiXt is based on a simple scripting language.
From version 4.x GuiXT is included with SapGui free of charge. For earlier versions we would have to procure it from Synactive.
Steps to be followed-
- Activate GuiXT by navigating to Customize Local Layout (
) and selecting Activate GuiXT.
2. Navigate to C Drive and create a folder and name it – GuiXT
3. Create a subfolder and name it – Scripts
4. Now create a report program with code-
*External files : None
*SAP Release : SAP ECC 6.0
*DESCRIPTION: Program to download Logon script for auto-sign in
REPORT ZAJ_GUIXT no STANDARD PAGE HEADING.
*------------------------------------------------------------------------------*
* DATA TYPE DECLARATION
*------------------------------------------------------------------------------*
data: BEGIN OF it_tab OCCURS 0,
line_text type string,
END OF it_tab.
data: filenam type string.
*------------------------------------------------------------------------------*
* SELECTION
*------------------------------------------------------------------------------*
SELECTION-SCREEN BEGIN OF BLOCK b1 WITH FRAME TITLE text-002.
SELECTION-SCREEN COMMENT /1(79) text-001.
parameters: p_file type string default 'c:\guixt\scripts' .
parameters:p_sid(3) type c DEFAULT 'RET',
p_clnt(3) type c DEFAULT '112',
p_unam(8) type c default '123456',
p_pwd type maktx default 'xxxxxx'. " Case Sensitive
SELECTION-SCREEN END OF BLOCK b1.
CONCATENATE 'if V[_database=' p_sid ']' INTO it_tab-line_text.
append it_tab.
CONCATENATE 'Set F[RSYST-MANDT] "' p_clnt '"' into it_tab-line_text.
append it_tab.
CONCATENATE 'Set F[RSYST-BNAME] "' p_unam '"' into it_tab-line_text.
append it_tab.
CONCATENATE 'Set F[RSYST-BCODE] "' p_pwd '"' into it_tab-line_text.
append it_tab.
it_tab-line_text = 'Set F[RSYST-LANGU] "en"'.
append it_tab.
it_tab-line_text = 'Enter'.
append it_tab.
it_tab-line_text = 'EndIf'.
append it_tab.
CONCATENATE p_file '\Logon.txt' INTO filenam.
CALL FUNCTION 'GUI_DOWNLOAD'
EXPORTING
* BIN_FILESIZE =
FILENAME = filenam
FILETYPE = 'ASC'
APPEND = 'X'
* WRITE_FIELD_SEPARATOR = ' '
TABLES
DATA_TAB = it_tab
EXCEPTIONS
FILE_WRITE_ERROR = 1
NO_BATCH = 2
GUI_REFUSE_FILETRANSFER = 3
INVALID_TYPE = 4
NO_AUTHORITY = 5
UNKNOWN_ERROR = 6
HEADER_NOT_ALLOWED = 7
SEPARATOR_NOT_ALLOWED = 8
FILESIZE_NOT_ALLOWED = 9
HEADER_TOO_LONG = 10
DP_ERROR_CREATE = 11
DP_ERROR_SEND = 12
DP_ERROR_WRITE = 13
UNKNOWN_DP_ERROR = 14
ACCESS_DENIED = 15
DP_OUT_OF_MEMORY = 16
DISK_FULL = 17
DP_TIMEOUT = 18
FILE_NOT_FOUND = 19
DATAPROVIDER_EXCEPTION = 20
CONTROL_FLUSH_ERROR = 21
OTHERS = 22
.
IF SY-SUBRC eq 0.
message s057(zmsg) WITH filenam.
else.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
5. Execute the code to generate the Logon script.
Note: If your Login script was generated successfully, you should get this message-
Note: You need to do this ‘One-Time’ task to set the Profile in GuiXT-
6. Launch GuiXT using the command- ‘GUIXT.EXE VISIBLE’ as shown-
7. Navigate to Profiles Screen and Provide the path as shown-
8. Your Screen should like below. If not, make necessary changes. The
highlighted areas are important. Finally Click on OK.
9. When you have verified/ changed the GuiXT Profile settings, click OK. In the
following pop-up, select Yes. Upon clicking Yes, the window will be closed.
Now its time to test it!
Launch your Landscape to see it open!
Note: Execute the report program to ‘Add’ multiple instances of the Landscape.
If you think this is cumbersome, you may change the Path (here- c:\guixt\scripts) to your shared drive and later change the GuiXT Profile accordingly.
What was your business reasons? Why did you write it to begin with? What kind of journey did you take to come up with this approach?
Nice start for a first blog. I just would love to see more of the why along with the how-to.
Michelle
While giving demo to clients, this helped a lot! How? Sometimes our Tech guy mistypes the password and he gets frustrated when it gets locked! You see him making a couple of phone calls to get the password reset. The duration to fix this would be half an hour. Whereas, if you have the 'Auto Login' Setup, you would save the time!
Am I making some sense?
I've been reading the other comments and wait to read your response. SSO came to my mind when I read this as well.
Thanks,
Srini
Am I making some sense?
Regards,
Ajay
Nice explanation but if I understand well the password is stored in a local file on the PC (GuiXt script). If true, this is a security problem.
The blog is nice to explain GuiXT usage but the problem of passwords is much better solved with the use of SNC single sign on.
Our Basis folks were not 'aware' of SNC SSO... so I had to develop this utility. I'll definitely have a look at how this works.
Regards,
Ajay
I actually use shortcuts to register username and password for several machines, and I do think it's a security issue, but hey... Those are too many systems these days...
Thanks for this blog. Just wondering ... was there a portal in the landscape? If it was configured with SSO (eg. Kerberos) it is a very simple step from there to launch SAPGUI using single sign on, without needing all the manual steps you outlined.
Rgds
John
I have neither worked on Portal before nor did the clients have Portal on the landscape. I am guessing it works on NWBC (similar to PMR). Then, I guess this can be configured via SSO.
Thnx,
Ajay
Earlier i just though as to why was this option " Activate GUIxt " , well now i have a reason for why it is there ...
thanks .
Keep it up .
cheers ,
Dewang
While creating a SAP Logon Shortcut, the password field is disabled and has a comment next to it- 'Use not recommended'. I guess Passwords can not be stored while creating SAP Logon Shortcuts.
How is it at your end?
Rgds,
Ajay
[Label]
Key1=SAP T38 800 EN sm04
[Command]
Key1=-desc="T38 [PUBLIC]" -sid="T38" -clt="800" -u="training" -l="EN" -tit="SAP T38 800 EN sm04" -cmd="sm04" -wd="C:\Documents and Settings\Administrator\SapWorkDir" -ok="/nsm04" -pwenc="PW_1CE06A4489A0684A"
Which T-code you are using to execute script (Ref: Step no. 5)?
You need to save, activate and run the report program (Ref: Step #4).
Did it work?
Regards,
Ajay
Just one Question !
a. When the password expiration time comes, and at this time, when you try to login to your SAP System (without GUIXT) the system will pop-up a screen which asks to enter the new password.
b. How does this get treated in the GUIXT usage case?
c. Will the system do the same when you try to login using the GUIXT or will the login fail ?
Regards,
Deepu.
I'm guessing the Login will Fail. This is like recording and play back. It doesn't check for validations. I would suggest you to check it out. Since my password is set never to expire, I can't check this scenario.
Please check and get back.
Regards,
Ajay
In case of password expiration, popup will appear asking for new password when you login using guixt.
I have verified it.
Unfortunately while this solution may work, it requires a user to store their username and password details in a text file on their PC. Regardless of their IT policy on PC usage, this is not a secure solution and cannot be recommended.
I would suggest that anyone with a requirement for Single Sign On for SAPGUI investigate the the use of Secure Network Communications (SNC), which offers a secure Kerberos based solution to this requirement. For systems running on the Microsoft platform, SAP provides a complete solution (see Note 352295). For other platforms, solutions are available from OS vendors, and from third-parties (see Note 150380).
Cheers,
Jon
Choice lies with the end user whether he wants to automate the login process or not, just like saving password on frequently used websites.
Thanks for the SNOTES on 'Single-sign on'. As our BASIS guy was a newbie, he wasn't of implementing the notes. As a result, I had to go for a 'work-around'.
I agree this is not the 'BEST' solution for the 'Security' part.
Thanks for correcting me!
Regards,
Ajay
I followed your steps and it worked like a charm.
While logging in, I don't get the option of choosing a client.
Lets say i have created script for client 111, but i want to login to client 222(same SID). Is there any way to achieve this?