Hey all,

We are in process of implementing Fiori Wave 1 Applications. SAP Portal Integration is required for below 2 primary reasons-

  1. SAP Portal UME is connected to organization’s LDAP (Active Directory). We want users to use same AD credentials to access Fiori applications from SmartPhones/ Tablets and Desktops to keep the experience same (main purpose behind UI5 applications).

   2. We have been using SAP Portal as a single point of entry for all SAP systems- ECC, SRM, CRM, BW, BOBJ, GRC, MDG etc. Portal is our preference for        accessing Fiori too.

As most of the SAP documentation/ SCN blogs suggest, we tried implementing Portal on Device. We created UI5 iView to access Fiori Launchpage and added that iView to Mobile Portal Launcher.  But even though we set iView to open in separate window,  it fails to open in separate window on Mobile.

This makes it impossible to navigate from launchpage to applications by clicking on Tiles.

Another way out was instead of integrating Fiori Launchpage/LaunchPad, create separate iViews for each Fiori application. But this way, we lose the beautiful LaunchPad which has capabilities of dynamic tiles, groupings. In this case we also cannot use Gateway PFCG roles created for Fiori Catalogs.

So here is solution which works perfectly fine.

Configure SSO between SAP Portal and SAP Gateway system

We achieve SSO between portal and gateway system using SAP Login Tickets.

Export Portal Certificate and import into SAP Gateway system using STRUSTSSO2 transaction code and maintain other parameters. This is standard process.

Create URL iView

Use URL iView template and create a iView with below properties:

  1. URL: http://gatewayhost:gatewayport/sap/bc/ui5_ui5/ui2/launchpage/home.html

   b.  Height Type: Full Page

  1. Launch in New Window: Display in Separate Window

Note that I have specified URL points for Fiori Launchpage.You can use Fiori LaunchPad or any UI5 application URL.

Create a standard Portal Role and add above iView to it as shown below.


Image2.png


Now use below URL for accessing Fiori launchpage/launchpad directly.

http://portalhost:portalport/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.test!2ffiori!2froles!2fcom.test.fiori!2fcom.test.iv.fiorilaunchpad_url

It is direct URL to iView under Portal role.  We can use portal PCD permissions so that only users having this portal role can access it.

Test Results:

We have performed tests on mobile as well as desktops and it works perfectly fine.

Below are results with screenshots from Mobile device.

  1. Open URL:

http://portalhost:portalport/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.test!2ffiori!2froles!2fcom.test.fiori!2fcom.test.iv.fiorilaunchpad_url

Image3.png

Note that this is standard Portal Login Page which adapts for Mobile devices. We have not enabled Portal on Device for it.


As soon as user provides credentials to login, user automatically gets redirected to Fiori Launchpage.


Image4.png


User logs off from Fiori Launchpage


Image5.png

Above Logout will log off user just from Gateway and not portal.

We configured log off service of Gateway so that it redirects log off URL to a custom application deployed to Portal.


Image6.png


Custom application (com.testr.logoutFiori) contains simple Java servlet (logoff) which simply logs off user from portal and redirects to

http://portalhost:portalport/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.test!2ffiori!2froles!2fcom.test.fiori!2fcom.test.iv.fiorilaunchpad_url

Thus, user gets logged off from Gateway , Portal and comes back to starting URL.

You can ask that instead of custom application why not redirect log off ICF service to below URL-

https://Portalhost:PortalPort/irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.masthead.LogOutComponent?logout_submit=true

This logs off user from Portal but redirects to https://Portalhost:PortalPort/irj/portal instead of
http://portalhost:portalport/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.test!2ffiori!2froles!2fcom.test.fiori!2fcom.test.iv.fiorilaunchpad_url

Hope this helps. Please do post your comments and let me know your thoughts on this.

Enjoy,

Vinod Patil


To report this post you need to login first.

19 Comments

You must be Logged on to comment or reply to a post.

    1. Vinod Patil Post author

      Here is logoff code- Its simple Servlet with doGet method as below

      protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

              // TODO Auto-generated method stub

              UMFactory.getLogonAuthenticator().logout(request, response);

        // now simply redirect to URL iView     

              response.sendRedirect(“/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.test!2ffiori!2froles!2fcom.test.fiori!2fcom.test.iv.fiorilaunchpad_url“);

            

            

          }

      (0) 
  1. Mohammad Anoarul Islam

    Hi Vinod Patil,

    thanks a lot for sharing this wonderful documents…

    We have another scenario apart from your one. We need to use FIORI apps from outside of Domain ( i.e from Internet ) but with Employee Domain (AD userid) ID.

    We have SAP Webdispatcher on DMZ which connects Firor Front End server ( SAP NW 7.4). But right now we are using front end user id /password to login.

    We need to use AD for authenticating the employee.

    Could you please provide your valuable comments on this…

    Regards,

    Mohammad Anoarul Islam

    (0) 
      1. Vinay Baji

        Hello Pablo,

        You could consider using a short url. I used a very crude method to call my iview which is inside the role. Suppose the iview location within the role is something like:


        portal_content/com.fol.Portal_Content/fol.fiori_content/com.rl.fiori_role/com.iview.fiori_dashboard

        then I replaced the ‘/’ with ‘!2f’

        so my path to the iview became something like:

        http://hostname:portno/irj/servlet/prt/portal/prtroot/pcd!3aportal_conten!2fcom.fol.Portal_Content!2ffol.fiori_content!2fcom.rl.fiori_role!2fcom.iview.fiori_dashboard

        hope the help wasn’t too late 😉

        Regards,

        Vinay

        (0) 
        1. Pablo Acevedo

          Hi Vinay,

          Thank you so much for your answer.

          I commented that I could and get the direct URL iView. But I have one last question, and I can not create the portal application. Could you please tell me how to create it  and call the servlet?.

          thank you so much

          Best Regards.

          Pablo

          (0) 
          1. Vinay Baji

            Do you mean to say that you are unable to create the URL iview?

            What sort of portal application are you looking to create?

            Regards,

            Vinay

            (0) 
            1. Pablo Acevedo

              Hi Vinay,

              Apparently I express  incorrectly, but if I could create a URL iView and I could get the direct URL iView. Now, my problem is how to create the application that calls the servlet and logs out of Portal. As Vinod mentioned, when you logoff in Fiori, this leads to standard logoff FIORI. So it is necessary to return to the top (direct URL iView). But the problem is the session Portal remains open.

              From already thank you very much for the help.

              Regards.

              Pablo.

              (0) 
              1. Vinay Baji

                Aah! Now I get it. My Bad!

                This is what we did: Use NWDS to create a new application, use the code mentioned by Vinod in the comments, and deploy it on the portal.

                Once this is done, maintain the path to the application in the logoff configuration as explained above.

                Regards,

                Vinay

                (0) 
                1. Pablo Acevedo

                  Hi Vinay,

                  Indeed that is what needs to be done, the problem is the how. Because as I understand, it is necessary to perform a Portal application and from this, call the servlet code delivered by Vinod. Could you tell me how to develop the Portal application and call the servlet?

                  From already thank you very much.

                  Regards.

                  Pablo

                  (0) 
                  1. Vinod Patil Post author

                    Hello,

                    Create  a simple web project (normal) and deploy it. Call the serv directly (no need to create iView).  You don’t need any special portal application.

                    Regards,

                    Vinod Patil

                    (0) 
                    1. Pablo Acevedo

                      Hi Vinod,

                      Thanks for your prompt reply, but my problem is: how to create web project and call this servlet. could you tell me how to create and call webproject servlet?

                      From already thank you very much

                      Regards.

                      (0) 
    1. Vinod Patil Post author

      Hello Pablo,

      Preview iView from content admin and use network sniffer to get URL similar to one I mentioned in blog.

      Regards,

      Vinod

      (0) 
  2. Vinay Baji

    Hi Vinod Patil

    It appears that with the recent app upgrade, Fiori client refuses to take the exclamation as an accepted character for URL’s. Without that, we wouldn’t be able to redirect to the iView within the role. Do you see any workaround for this?

    Regards,

    Vinay

    (0) 

Leave a Reply