Hey all,
We are in process of implementing Fiori Wave 1 Applications. SAP Portal Integration is required for below 2 primary reasons-
- SAP Portal UME is connected to organization’s LDAP (Active Directory). We want users to use same AD credentials to access Fiori applications from SmartPhones/ Tablets and Desktops to keep the experience same (main purpose behind UI5 applications).
2. We have been using SAP Portal as a single point of entry for all SAP systems- ECC, SRM, CRM, BW, BOBJ, GRC, MDG etc. Portal is our preference for accessing Fiori too.
As most of the SAP documentation/ SCN blogs suggest, we tried implementing Portal on Device. We created UI5 iView to access Fiori Launchpage and added that iView to Mobile Portal Launcher. But even though we set iView to open in separate window, it fails to open in separate window on Mobile.
This makes it impossible to navigate from launchpage to applications by clicking on Tiles.
Another way out was instead of integrating Fiori Launchpage/LaunchPad, create separate iViews for each Fiori application. But this way, we lose the beautiful LaunchPad which has capabilities of dynamic tiles, groupings. In this case we also cannot use Gateway PFCG roles created for Fiori Catalogs.
So here is solution which works perfectly fine.
Configure SSO between SAP Portal and SAP Gateway system
We achieve SSO between portal and gateway system using SAP Login Tickets.
Export Portal Certificate and import into SAP Gateway system using STRUSTSSO2 transaction code and maintain other parameters. This is standard process.
Create URL iView
Use URL iView template and create a iView with below properties:
b. Height Type: Full Page
- Launch in New Window: Display in Separate Window
Note that I have specified URL points for Fiori Launchpage.You can use Fiori LaunchPad or any UI5 application URL.
Create a standard Portal Role and add above iView to it as shown below.
Now use below URL for accessing Fiori launchpage/launchpad directly.
It is direct URL to iView under Portal role. We can use portal PCD permissions so that only users having this portal role can access it.
Test Results:
We have performed tests on mobile as well as desktops and it works perfectly fine.
Below are results with screenshots from Mobile device.
- Open URL:
Note that this is standard Portal Login Page which adapts for Mobile devices. We have not enabled Portal on Device for it.
As soon as user provides credentials to login, user automatically gets redirected to Fiori Launchpage.
User logs off from Fiori Launchpage
Above Logout will log off user just from Gateway and not portal.
We configured log off service of Gateway so that it redirects log off URL to a custom application deployed to Portal.
Custom application (com.testr.logoutFiori) contains simple Java servlet (logoff) which simply logs off user from portal and redirects to
Thus, user gets logged off from Gateway , Portal and comes back to starting URL.
You can ask that instead of custom application why not redirect log off ICF service to below URL-
This logs off user from Portal but redirects to https://Portalhost:PortalPort/irj/portal instead of
http://portalhost:portalport/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.test!2ffiori!2froles!2fcom.test.fiori!2fcom.test.iv.fiorilaunchpad_url
Hope this helps. Please do post your comments and let me know your thoughts on this.
Enjoy,
Vinod Patil
Thanks Vinod. This is most helpful.
I was wondering if you could share the code of the custom Java logoff servlet?
SAme here I would love to see that Java Logoff servlet.
also does that code kill JSESSIONID?
Here is logoff code- Its simple Servlet with doGet method as below
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
UMFactory.getLogonAuthenticator().logout(request, response);
// now simply redirect to URL iView
response.sendRedirect(“/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.test!2ffiori!2froles!2fcom.test.fiori!2fcom.test.iv.fiorilaunchpad_url“);
}
Hi Vinod Patil,
thanks a lot for sharing this wonderful documents…
We have another scenario apart from your one. We need to use FIORI apps from outside of Domain ( i.e from Internet ) but with Employee Domain (AD userid) ID.
We have SAP Webdispatcher on DMZ which connects Firor Front End server ( SAP NW 7.4). But right now we are using front end user id /password to login.
We need to use AD for authenticating the employee.
Could you please provide your valuable comments on this…
Regards,
Mohammad Anoarul Islam
Thanks a lot for this! worked perfectly as per my requirement.
Hi Vinay B
Please could you tell me how to get the direct URL of the iView assigned to the role?
Regards,
Pablo
Hello Pablo,
You could consider using a short url. I used a very crude method to call my iview which is inside the role. Suppose the iview location within the role is something like:
portal_content/com.fol.Portal_Content/fol.fiori_content/com.rl.fiori_role/com.iview.fiori_dashboard
then I replaced the ‘/’ with ‘!2f’
so my path to the iview became something like:
http://hostname:portno/irj/servlet/prt/portal/prtroot/pcd!3aportal_conten!2fcom.fol.Portal_Content!2ffol.fiori_content!2fcom.rl.fiori_role!2fcom.iview.fiori_dashboard
hope the help wasn’t too late 😉
Regards,
Vinay
Hi Vinay,
Thank you so much for your answer.
I commented that I could and get the direct URL iView. But I have one last question, and I can not create the portal application. Could you please tell me how to create it and call the servlet?.
thank you so much
Best Regards.
Pablo
Do you mean to say that you are unable to create the URL iview?
What sort of portal application are you looking to create?
Regards,
Vinay
Hi Vinay,
Apparently I express incorrectly, but if I could create a URL iView and I could get the direct URL iView. Now, my problem is how to create the application that calls the servlet and logs out of Portal. As Vinod mentioned, when you logoff in Fiori, this leads to standard logoff FIORI. So it is necessary to return to the top (direct URL iView). But the problem is the session Portal remains open.
From already thank you very much for the help.
Regards.
Pablo.
Aah! Now I get it. My Bad!
This is what we did: Use NWDS to create a new application, use the code mentioned by Vinod in the comments, and deploy it on the portal.
Once this is done, maintain the path to the application in the logoff configuration as explained above.
Regards,
Vinay
Hi Vinay,
Indeed that is what needs to be done, the problem is the how. Because as I understand, it is necessary to perform a Portal application and from this, call the servlet code delivered by Vinod. Could you tell me how to develop the Portal application and call the servlet?
From already thank you very much.
Regards.
Pablo
Hello,
Create a simple web project (normal) and deploy it. Call the serv directly (no need to create iView). You don’t need any special portal application.
Regards,
Vinod Patil
Hi Vinod,
Thanks for your prompt reply, but my problem is: how to create web project and call this servlet. could you tell me how to create and call webproject servlet?
From already thank you very much
Regards.
Hello Pablo,
Did you download SAP NWDS? Download that and then you could probably refer to this link:
https://help.sap.com/saphelp_nw70ehp1/helpdata/en/fd/ed32a8c9994b4ba4a1645a764814db/content.htm
It gives you a step by step guide to create an application.
Note that Vinod has already shared the code that needs to be placed for the application that needs to be created for the current requirement.
Regards,
Vinay
Hi Vinay,
Finally i not developed an application and calling servlet, but i created a JSP that calls the component portal session close it,(http://portalhost:portalport/irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.masthead.LogOutComponent?logout_submit=true), and After that, I redirected to login.
Thank you for all the assistance.
Regards.
HI Vinod Patil
Please could you tell me how to get the direct URL of the iView assigned to the role?
I tried the following url but do not look anything like that indicate your
http://portalhostportalport/irj/portal?NavigationTarget=ROLES://portal_content/com.sap.pct/com.alemana.Grupo_Alemana/com.sap.cas.fiori.Fiori/com.sap.cas.launchpad_fiori.iv.launchpad_fiori
Regards
Pablo
Hello Pablo,
Preview iView from content admin and use network sniffer to get URL similar to one I mentioned in blog.
Regards,
Vinod
Hi Vinod Patil
It appears that with the recent app upgrade, Fiori client refuses to take the exclamation as an accepted character for URL’s. Without that, we wouldn’t be able to redirect to the iView within the role. Do you see any workaround for this?
Regards,
Vinay