Step by Step FPN Configuration for RRA(Remote Role Assignment)

1   Step by Step FPN Configuration for RRA(Remote Role Assignment)

Remote Role Assignement (RRA) in this we create roles in Producer Portal and Assign them in Consumer Portal.

======================================================================================== 

C      1)  CREATING  TRUST BETWEEN CONSUMER AND PRODUCER PORTAL.

           STEP: 1 Export Certificate from (CONSUMER PORTAL).

           STEP: 2 IMPORT THE DOWLOADED CERTIFICATE TO (PRODUCER PORTAL).

               STEP: 3 Updating  (CONSUMER PORTAL) IN VA OF  (PRODUCER PORTAL).

    

1       2)  REGISTRATING PRODUCER IN CONSUMER.

          STEP: 1 Checking Producer Name in (CONSUMER PORTAL).

            STEP: 2 Checking Consumer Name in (PRODUCER PORTAL).

            STEP: 3 Checking (PRODUCER PORTAL) folders in (CONSUMER PORTAL).

    3)   TEST CASE FOR RRA USING FEDERATED PORTAL NETWORK.

===========================================================================================================

1)   CREATING TRUST BETWEEN CONSUMER AND PRODUCER PORTAL

STEP: 1 Export Certificate from (CONSUMER PORTAL)

Logon to (CONSUMER PORTAL) as Administrator

Choose System Administration==System Configuration==Key Store Administration==Content

Choose SAP LogonTicketKeyPair-cert from Dropdown

Choose Download verify.der button

File gets downloaded in zip format.Unzip the file.

STEP: 2 IMPORT THE DOWLOADED CERTIFICATE TO D(PRODUCER PORTAL)

Logon to (PRODUCER PORTAL) as Administrator

Choose System Administration==System Configuration==Key Store Administration==Import Trusted Certificate.

Choose Browse to (Consumer Portal) Certificate and Specify Some Alias name (EP7) which will get reflected in Visual Admin of (PRODUCER PORTAL)

Choose Upload.

AFTER IMPORTING THE CERTIFICATE FROM (CONSUMER PORTAL) IN (PRODCUER PORTAL)

Open Visual administrator on (Producer Portal)

Navigate to Server Node–>Services–>Key Storage–>TicketKeystore

Under Entries you can see EP7 once you click on it you can find the Ticket details.

STEP: 3 Updating (CONSUMER PORTAL) IN VA OF (PRODUCER PORTAL)

Open Visual administrator on (Producer Portal)

Navigate to Server Node–>Services–>Security Provider–>select ticket Component

In the Authentication tab select the com.sap.security.core.server.jaas.EvaluateTicketLoginModule login module.

Click on the Modify button in the button.

In the Edit login module that opens (see figure) add the following 3 options:

•         trustediss1 – the value of the property should be taken from the imported Keystore verify.der in the portal. It is the DN of issuer.
•          trusteddn1 – the value of the property should be taken from the imported Keystore verify.der in the portal. It is the DN of Owner.
•           trustedsys1 – <System_ID>, <client_ID>   explanation – the system ID is the 3 letters ID you entered during the installation, the client ID is 000 if you are using another J2ee system.

In our Case:

Name                          Description                                                Value

Trusteddn1            DN of the Certificate of Consumer              CN=EP7

Trustediss1            DN of the CA for this certificate                  CN=EP7

Trustedsys1           SID and Client of Consumer                        EP7, 000

Restart the server

2) REGISTERING PRODUDER IN CONSUMER

Go to System Administration -> Federated Portal -> Myself as Content Consumer -> Manage My Producers -> Right Click on Net Weaver Content Producers -> New content producer

Choose ‘New’ -> ‘Net Weaver Content Producer’ Enter producer name and producer id              

Choose the protocol (http/https) – for RRA (top) and RDL (P4)

Host name and Port of the Producer – for RRA (top) and RDL (P+4)

Summary of details of Producer Object

STEP: 1 Checking Producer Name in (CONSUMERPORTAL)

Logon to  (Consumer Portal) –>System Administration–>Federated Portal–>Expand Myself as Content Consumer folder –>Choose View My Producers.

There you can see the Producer that you have registered

STEP: 2 Checking Consumer Name in (PRODUCER PORTAL)

Logon to (Producer Portal) –>System Administration–>Federated Portal–>Expand Myself as Content Producer folder –>Choose View My Consumers.

STEP: 3 Checking (PRODUCER PORTAL) folders in (CONSUMER PORTAL)

Logon to (Consumer Portal) –>Content Administration

We can see the two folders of (PRODUCER PORTAL) once you expand Netweaver Content Producers of (CONSUMER PORTAL).

Business Objects and Portal Content are the folders of (PRODUCER PORTAL) in (CONSUMER PORTAL).

3)TEST CASE FOR RRA USING FEDERATED PORTAL NETWORK.

Before checking the usage of RRA We need to perform the below steps

1. Logon to (Producer Portal) to Navigate to User Administration -> Identity Management.

2. In the Search Criteria option, select Role, and then click Create Role.

3. Create a new role (e.g., remote_access_role) and then save your settings.

4. Select the Assigned Actions tab and then search for the following two actions:

Remote_producer_Read_Access

Remote_producer_Write_Access

5. Assign the two UME actions to your role and save.

6. Select the Assigned Users tab and then search for the pcd_service user.

7. Assign your role to the pcd_service user.

8. Save your settings.

In order to test RRA Using FPN

1.       Create user TEST_FPN and group fpn_grp in both (PRODUCER PORTAL) in (CONSUMER PORTAL).

2.       Assign TEST_FPN User to fpn_grp in both (PRODUCER PORTAL) in (CONSUMER PORTAL).

3.       ROLEFROMD45 is created in (PRODUCER PORTAL).

4.       Logon to  (Consumer Portal) to Navigate to User Administration -> Identity Management.

                In the Search Criteria option, select Role and search for ROLEFROMD45

   

You can notice one thing under Data Source it will display <ProducerName>which is nothing but the Producer Name that is registered in the Consumer.

Then we will assign this role to TEST_FPN user in Consumer Portal

After assigning the role

The role also get assigned in (PRODUCER PORTAL)

Cheers

Revanth Pasupuleti