Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
sandra_thimme
Product and Topic Expert
Product and Topic Expert

Single Sign-On in Remote Scenarios

The first part of this blog series dealt with accessing one or more ABAP back end systems (see here NWBC meets Single Sign-On: Simplify Secure Data... | SCN). Part two describes how to access multiple systems. Referencing from one system to the other via PFCG mapping.

For the following scenario no additional Java Server or Secure Login Server is needed.

Example:

You have a leading system (also your role system, let's call it system one, SY1) but you need to execute certain applications in a remote system (SY2). Alternatively, you are using what is known as side-by-side scenario* (see the screenshot below) to enhance transactions of older systems (e.g. by nice HTML5 charts), integrated remotely in PFCG, with a side panel that was not available before NetWeaver 7.03.

The procedure below describes a side-by-side scenario where a user calls a classic dynpro (sales order) with remote side panel content (charts, route planer). The main application running in SY1, the side panel content running in SY2.

*If your SAP ERP system is based on a release older than SAP ERP 6.0 EHP6 (not

older than SAP ERP ECC 6.0) and you want to avoid having to upgrade the system, you

can use the side panels in a side-by-side scenario. This means that the side

panels and application transactions do not run in the same physical system. The

role system contains the side panel definitions, CHIPs (including the

corresponding coding) and the tag table entries, based on SAP NetWeaver 7.31 and

SAP Business Suite Foundation 7.31 SP03 or higher. The application system

(back-end server) contains the dynpro applications and does not have to be

upgraded to SAP ERP 6.0 EHP6.

Source: SAP Note 1795171

Prerequisites

NWBC 4.0, SSO 2.0, SAP NetWeaver 7.3

Procedure

  1. Implement SSO with Kerberos (see How-To-Videos), create your SAP GUI system connection, for example System 1, in SAP Logon.
  2. Set up the NWBC and SAP GUI connections as described in part one of this blog series (including SNC, Secure Network Communication).
  3. Define the RFC destinations used by NWBC in SM59 (see SAP NetWeaver Business Client Administration Guide -> Role Maintenance in PFCG -> Remote Systems).
  4. Insert remote applications in PFCG and reference the target system (see SAP NetWeaver Business Client Administration Guide -> Role Maintenance in PFCG -> Remote Systems).


Define RFC Connections in SM59

Information to access transactions in system SY2 is derived from SY2CLNT001. SY2CLNT001_HTTP is mainly used for accessing web based applications.

Note: You set up these destinations for NWBC only. At runtime, RFC technology is not involved; NWBC simply evaluates a number of destination properties in order to generate navigation URLs.

Define RFC Destination for Application in Remote System (SY2CLNT001)

Tab: Technical Settings

Relevant fields: Target Host, System Number

Tab: Logon & Security

Relevant fields: Client

Note: SNC and load balancing settings are derived from the SAP GUI connection that is assigned to the NWBC connection for SY2. Define such NWBC connections for each SY2 application server (details in SAP NetWeaver Business Client End User Guide -> Configuring System Connections -> SAP GUI Logon Description).

Define RFC Destination for Application in Remote System (SY2CLNT001_HTTP)

Tab: Technical Settings

Relevant fields: Target Host (<server>.<domain>), Service No. (<port>).

To activate SSL, you can either create a destination SY2CLNT001_HTTPS, or activate it in a SY2CLNT001_HTTP connection in the “Logon & Security” settings as shown below.

Relevant fields: Client, SSL

Remote Applications in PFCG

Result

Runtime: Single Sign-On for user, SNC for transaction, SSL for Web Dynpro Applications

Find more information in the SCN Space for SAP NetWeaver Single-Sign On.

Find more information on side panels in Julies article: NWBC: Side Panels and Page Builder Entry Pages

1 Comment