Security Made Easy with SAP NetWeaver Gateway Productivity Accelerator for Microsoft
Imagine… the possibility to develop .NET based enterprise applications that integrate SAP NetWeaver Gateway OData services into Microsoft products in a secure, reliable and scalable manner.
Well, you don’t have to imagine anymore. The SAP NetWeaver Gateway Productivity Accelerator for Microsoft (GWPAM) is a new tool designed and developed by SAP to enable .NET developers to consume and customize OData services exposed by SAP NetWeaver Gateway without having to worry about the security aspects of their applications to adhere to the enterprise security policies.
.NET developers can leverage out of the box GWPAM auto generated security and connectivity libraries to perform the CRUDQ operations supported by the SAP NetWeaver Gateway OData services against the SAP backend systems.
As an illustrated example, a Windows Forms Application can be quickly developed in Microsoft Visual Studio to fetch a list of Business Partners from a SAP system using the Add SAP Service Reference feature of GWPAM.
Security in GWPAM
GWPAM supports three types of security authentication mechanism: Basic (default mode), SAML 2.0 and X509.
The required end-user’s authentication to access the SAP NetWeaver Gateway system can be implemented in the generated GWPAM Visual Studio project or controlled via group policies in the Domain Controller system.
The App.config file
As part of the generated GWPAM Visual Studio project, the file App.config is available under the folder SAP Service Reference in the Solution Explorer. This file contains important configuration settings like the URL of the OData service, the authentication mode and logging settings.
The developers can develop and test their applications with Basic authentication in the Development environment. They can change the “SSO” value to either “SAML20” or “X509” in the App.config file and deploy these applications in QA and Production environment where Single Sign On (SSO) is enabled. Other settings including “URL” and “Client” may need to be adjusted. However, beside these security and connectivity configuration settings in the App.config file, no other configuration or code change is required in the generated GWPAM project.
The ADM file
The generated GWPAM Visual Studio project also contains an administrative template file with the .adm file extension. This file can be used by the domain administrator to roll out the policy based configuration globally. The ADM template file (for example BusinessPartners.adm) is available under the folder SAP Service Reference together with the App.config file and other generated proxy and extension classes.
As a side note, if configurations are maintained in both the ADM and App.config file, the configurations maintained in the App.config file are given preference. If configurations are not maintained in the App.config file for the login user, then configurations in the ADM are consumed.
GWPAM’s interoperability feature provides single sign on and ensures secure interaction with SAP NetWeaver Gateway OData services. Now imagine the possibilities to develop .NET based enterprise applications like:
- Manage contracts as Word docs while seamlessly integrating data and process in SAP CRM
- Provide web based InfoPath form for employees to access and update information like personal information, change dependents, etc. in SAP HCM
- Manage your projects in Microsoft Projects with data seamlessly flowing in and out of SAP PLM
- Create PowerPoint with custom ribbons which fetches Sales order data from SAP SRM and creates slides with charts
- Create flow diagrams in Microsoft Visio and attach them to objects in SAP SCM in one click
The opportunities are endless.
To learn more about GWPAM, please check out the following resources: