In a typical integration landscape involving PI we use a service user for communication between involved systems. This configuration works most of the times accept in the scenarios where we are required to pass logged in user information as user context to PI.

In this blog I will try to describe the configuration of Principal Propagation using SAP assertion ticket between CRM and SAP PO7.31.

Configuring Trust Relationship in CRM for issuing Assertion Ticket:

Call transaction STRUST to check whether a system PSE is maintained.

             By default, a self-signed system PSE should exist, which is sufficient

Call transaction RZ11 and parameter login/create_sso2_ticket

             Default value is ‘0’ change it to ‘2’.

Configuring PO7.31 to accept assertion ticket:

NWA -> Configuration->Trusted Systems-> Add Trusted System->By Querying Trusted System

Provide the details of ticket issueing system(CRM).

once import is complete click finish.

Configuring the Login Module Stack:

NWA -> Configuration-> Authentication and Single Sign-On

I have created a custom template for Login Module “assertionTicket”.

Below login module is added. This configuration means if assertion ticket is successful message is passed to PI else if assertion ticket is unsuccessful basic authentication is required.

EvaluateAssertionTicketLoginModule: SUFFICIENT

BasicPasswordLoginModule :               REQUIRED

to create a template click on add.

Add this custom template to SOAP adapter policy configuration

Enabling Principal Propagation in CRM system:

Execute T-Code SXMB_ADM-> Configure Principal Propagation->Restore

It will create PIPPUSER & RFC destination SAPXIPP<clnt no.>

Now add interface and user id using 2^nd tab “interface Conf. For Transfer of User IDs>

You can use * for all the entries to include all interfaces.

Configure RFC destination to P2D as per below screen shot.

Set ASMA and variable Transport Binding in sender comm. Channel.

Now we are ready to execute the interface.

using SE80 transaction I executed one proxy and below is the screenshot from PI log. Here SOAP channel is using customer template created by me.

The user id is passed to dynamic configuration of PI.

Below is one of the use cases.  This UDF  get logged in user from dynamic configuration and  fetch last name of that user from UME.

  public String getName(Container container) throws StreamTransformationException{

AbstractTrace trace = container.getTrace();

DynamicConfiguration conf =(DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);

String user = "unknown";

String name = "initial";

if (conf != null) {

  DynamicConfigurationKey keyUser =DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP", "SRemoteUser");

  user = conf.get(keyUser);

  }

IUserFactory iuf = UMFactory.getUserFactory();

try {

  IUser iu = iuf.getUserByLogonID(user);

  name = iu.getLastName();

  }

catch (UMException e) {

  name = e.getMessage();

  trace.addDebugMessage(e.getMessage());

  }

return(name);

  }