Skip to Content

Release 1.1.0 of the SAP IDM connector for SAP BusinessObjects BI Platform is now available for SAP IDM 8.0 and 7.2. Following up on my earlier post from SAP IDM 7.2, I’ll explain the installation step-by-step for SAP IDM 8.0.

Download and install SAP BI platform Java SDK

The prerequisites for installing the connector on SAP IDM 8.0 are exactly the same as for SAP IDM 7.2. Hence, it requires the following JAR files from SAP’s BI platform Java SDK:

aspectjrt.jar
bcm.jar
ceaspect.jar
cecore.jar
celib.jar
cesession.jar
corbaidl.jar
cryptojFIPS.jar
ebus405.jar
log4j.jar
logging.jar
TraceLog.jar

Copy these into a directory on the SAP IDM runtime. As usual, I’ll assume you’ll use C:\IDM_BOBJ_LIBS on the SAP IDM runtime. For details regarding where to obtain the SDK and how to extract the required JAR files, please refer to Download and install SAP BI platform Java SDK of the 7.2 version.

Add SDK JARs to SAP IDM dispatcher classpath

To make the SDK JARs visible from SAP IDM, add them to the dispatcher’s Java class path. On the SAP IDM runtime, start the Identity Management Dispatcher Utility in GUI mode using the command dispatcherutil gui

Open the Dispatcher Utility’s settings dialog using Tools -> Settings. Add all SDK JAR files listed above to the setting DSE Class Path. Defining the Settings for the Identity Management Dispatcher Utility in the SAP Help Center has all the details.

After saving your changes, regenerate the service scripts for all dispatchers and restart them.

Download connector and import IDM package

Use SAP Identity Management Developer Studio to connect to the IDM database. As the SAP BusinessObjects connector depends on package com.sap.idm.provisioning.engine that comes with SAP IDM 8.0, you’ll need to import that first if you haven’t already done so.

Download the latest stable connector release from https://github.com/foxysoft/idm-connector-bobj/releases/latest to the machine where SAP IDM Developer Studio is installed, and unzip idm-connector-bobj-<VERSION>.zip. It contains an IDM package file de.foxysoft.bobj.idmpck. Use SAP IDM Developer Studio to import that into your main Identity Store.

When prompted for an import reason, make sure you keep the default option “Import” selected. Don’t use “Import as new package”. Confirm the import using “OK”.

Create a SAP IDM repository

Open the SAP Identity Management administration UI at http://<host>:<port>/idm/admin in a web browser and create a new repository of type SapBusinessObjects42. This repository type is part of the SAP BusinessObjects connector package.

After the repository has been created, change repository constants HOST, LOGIN, PASSWORD and PORT as appropriate for your environment. Please refer to Import SAP IDM repository and initial load job in the 7.2 version for additional information on how to find out CMS host name and name server port.

Execute initial load and finalize repository configuration

Select the “Jobs” tab of the repository details view. A new job SAP BOBJ 4.2 – Initial Load has been created and assigned to the repository automatically. Execute this job now to load SAP BusinessObjects groups into SAP IDM.

This job should take a few minutes only to execute. Use “Refresh” to verify that the job has finished successfully, then open the SAP Identity Management UI at http://<host>:<port>/idm to verify that privileges from SAP BusinessObjects have been loaded.

As a final step, you may go back to the SAP Identity Management administration UI and update repository constant MX_REQ_PRIV with the master privilege just created by the initial load. In this example, that’s PRIV:BOE:ONLY.

If you have a suitable No Master Process to assign missing master privileges automatically, assign that to repository constant MX_REQ_PRIV_NOMASTER_TASK. In my screenshot below, this process reference is not set (-1 means “None”).

That’s it. You’re ready to manage all your SAP BusinessObjects Enterprise users and groups from SAP IDM 8.0 now. If you’re interested in learning more about this connector, visit its GitHub project, which also contains a small Wiki with additional resources.

To report this post you need to login first.

12 Comments

You must be Logged on to comment or reply to a post.

  1. João Paulo de Araujo

    Dear Mr. Boskamp.

    I would like to confirm, if this connector for Business Object 4.2 is available to sybase database?

    In our enviroment we used the SAP IdM 8.0 SP 04 on Adaptive Server Enterprise 16.0 SP02 PL04 on Red Hat Enterprise Linux Server release 6.9 (Santiago).

    Best regards,

    João Paulo.

     

    (0) 
    1. Lambert Boskamp Post author

      As documented in the connector’s wiki, Sybase is currently not supported, unfortunately.

      If you have a skilled developer in your team, they may be able to fill in the missing pieces with some custom development, though. As far as I remember, it’s a matter of rewriting two SQL queries in the connector’s initial load job. Making it work on Sybase should require no more than one or two days of development effort.

      (1) 
      1. João Paulo de Araujo

        Thank you Mr. Boskamp for your reply.

        I understood. We will working to make it running on Sybase database.

        If you want, after this adjust we can share the update coding.

        (0) 
        1. Lambert Boskamp Post author

          Great idea. If you can share your results after successful implementation, I’ll update the source code of the open source version accordingly. Good luck!

           

          (0) 
        2. Nageswara Muthavarapu

          We are also on Sybase database and also integrating with BOBJ system. But, the connection did not go well.

          Did you guys connect successful with BOBJ, if so please share the solution?

          Thanks,

          Nagesh

           

          (0) 
          1. João Paulo de Araujo

            Hi Nageswara Muthavarapu.

            We decided to change our database, not because the connection between SAP IdM to BOBJ system was not working on Sybase.

            We had many problems to run SAP IdM 8.0 SP 05 on Sybase. So to solve that, we opened one incident ticket (OSS) to request the best practices when running the SAP IdM 8.0 on Sybase, but they didn’t reply appropriate.

            Now, we are doing the instalattion of our systems (DEV, QAS and PRD) to run on SQL Server 2016.

            Good luck.

            João Paulo.

            (0) 
  2. Giridhara Tadikonda

     

    How do we get the log/Tracelog for the activity like create or change to the backend irrespective of the connector type in IDM.

     

    Thanks and Regards,

    Giridhara Tadikonda

    (0) 
    1. Lambert Boskamp Post author

      As this is not specific to the BOBJ connector, you might get better answers by asking the same in the general SAP Identity Management Q&A forum.

      General information about which tasks have been executed by whom and when can be retrieved using the database view mcv_executionlog_list.

       

      (0) 
  3. Ridouan Taibi

    Hi Lambert,

    Great and useful blog.

    We are using the connector and I was wondering If there are any plans to include the removal of a specific user alias.

    The BI Support Tools (Enterprise Alias Manager) can remove or add Enterprise aliases only. This functionality would be a great extension to the existing SAP IDM connector for SAP BusinessObjects BI Platform.

    Keep up the good work!

    Thanks very much.

    Best Regards,

    Ridouan Taibi

    (0) 
    1. Lambert Boskamp Post author

      Ridouan,

      great feedback, thank you. The connector will likely not see any new feature development over the next couple of months at least, because the projects I’m involved in right now have a different focus.

      However, you may look into two options:

      1. Check whether you can add the required feature on your own. That’s the beauty of open source. The function fx_bobjUser.setAllAliasesDisabled() provides a working example of how (enterprise) aliases can be modified using the connector. This is currently used for the EnableUser/DisableUser plugins of the connector.
      2. In case your requirement pertains to 3rd party aliases, not to Enterprise aliases: check whether you’re going down the wrong rabbit hole. 3rd party aliases represent data from external systems (like SAP BW) in the BI platform. So instead of modifying the aliases in BI, it seems more reasonable to connect from IDM to SAP BW, modify the data there, and re-load them into BI.

      Hope that helps,

      Lambert

      (0) 

Leave a Reply