Skip to Content

You may preform these steps either on a Web Dispatcher or any application server using ICM as web dispatcher.

Prerequisites

Download the required TLS certificate “Verizon Public SureServer CA G14-SHA2” from the internet.

Installation Steps

TLS/SSL Certificate

In any Web Browser open the web dispatcher’s admin page
(http(s)://<FQDN>:<Port>/sap/wdisp/admin or http(s)://<FQDN>:<Port>/sap/admin)

You’ll find the right address in the Web Dispatcher’s profile as parameter
icm/HTTP/admin_0.

Open PSE Management of “SSL and Trust Configuration”

Change “Manage PSE” to Client pse (normally SAPSSLC.pse respectivly “SSL client SSL Client (Standard) in case of an AS ABAP):

Click on “Import Certificate”:

Open the TLS certificate in any text editor, copy all lines
(including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)
and put it into the textfield:

Click on “import” to store the new certificate into SAPSSLC.pse (or the according PSE of your SSL Client (Standard).

In the list of available certificates within the SSL Client, you shall now find the newly imported Verizon certificate:

Verify the imported certificate is valid (“Not after” – line).

Profile Preparation

Open the instance profile of your Web Dispatcher using any text editor and add the following two lines to it:

wdisp/system_* = SID=HAC, EXTSRV=https://cp.hana.ondemand.com, SRCURL=/sap/dfa/help/,SRCSRV=*:*,STANDARD_COOKIE_FILTER=OFF
wdisp/system_* = SID=HAX, EXTSRV=https://xray.hana.ondemand.com, SRCURL=/resources/sap/dfa/help/,SRCSRV=*:*,STANDARD_COOKIE_FILTER=OFF

Add, if not exists, the following line to your profile:
icm/HTTP/mod_* = PREFIX=/, FILE=$(DIR_DATA)$(DIR_SEP)filter_rules.txt

Replace the “*” after wdisp/system_  and icm/HTTP/mod_ by the next upper unused number.

Save your new profile and close it.

Add Redirect Rules

If not exists, create a new filter_rules.txt file in your profile directory (or any directory specified within the icm/HTTP/mod_* parameter).

Add the following lines to the filter_rules.txt:

if %{SID} = CP1
begin
SetHeader HOST cp.hana.ondemand.com
RegRewriteRawUrl ^/sap/dfa/help/(.*) /dps/$1
end

if %{SID} = CP2
begin
SetHeader HOST xray.hana.ondemand.com
RegRewriteRawUrl ^/resources/sap/dfa/help/(.*)/xRayControls/resources/sap/dfa/help/$1
end

Restart

You’ll now need to restart your Web Dispatcher. For a standalone Web Dispatcher use sapcontrol, for any application server, use the tool supported (eq. SMICM).

Check Redirect

If everything is setup correctly, you should be able to call the following URL using your web browser, where FQDN and Port are specified by your Web Dispatcher:

http(s)://<FQDN>:<Port>/sap/dfa/help/odata.svc/?$format=json

As a result, you should get a JSON string like:

{"d":{"EntitySets":["DeliverableForReplication","TransportHistory","Product","Context","TourIssue","Hotspot","Project","Tile","Deliverable","Transport","ReplicationTourIssue"]}}

Respectively calling the SAP Cloud XRay using:
http(s)://<FQDN>:<Port>/resources/sap/dfa/help/sap/cfg/XrayBootstrapHelpConfig.json

The result will be a JSON string bit longer than the upper one, but starts with:

{
"description":"This configuration registers the Xray bootstrap plug-in",
"modulePaths":{
"sap.dfa.help":"/resources/sap/dfa/help/~201601071332~"
},

Configure Context-sensitive Help Plugin

Open the following URL in your web browser:

http(s)://<FQDN>:<Port>/sap/bc/ui5_ui5/sap/arsrvc_upb_admn/main.html?sap-client=<Client>

Where <FQDN>, <Port> and <Client> reflect your SAP NetWeaver Gateway.

Login with a user, that has administrative rights on the SAP NetWeaver Gateway.

At the bottom of the customizing page, you’ll find a big “+”. Click on it to create a new catalog:

Use a name, that you may remember. You’ll need it later to create a role for the plugin:

Click on “Target Mapping” in the middle of the window and then on “Create Target Mapping”:

Semantic Object Shell
Action plugin
Application Type SAPUI5 Fiori App
Title (optional) Help4 Plugin – End User View – Relevant for all Users
URL /resources/sap/dfa/help/utils/adapters/fiori/
ID sap.dfa.help.utils.adapters.fiori
Information (optional) Help4 Plugin – End User View – Relevant for all Users.
Device Types Check all, maybe skip Phone
Parameters product =>  SAP_S4HANA_ON-PREMISE
version =>  1511 001
editor => true (for testing & content assignment)
false (in productive system)

Use the parameters from the table so that the target mapping looks like the following screenshots:


Note, that the parameter “editor” should be switched to “false” in productive environments.

Create Role for context-sensitive help

Start your SAP GUI and open transaction PFCG. Create a new single role and name it according your role concept:

Save your role.

Switch to “Menu” tab and switch “Transaction” to “SAP Fiori Tile Catalog”:

Assign your newly created catalog to the role, including applications:

Add your users to this role and have them check this new functionality.

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

  1. Jocelyn Dart

    HI Michael

    It would be great if you could add a screenshot of what the Context sensitive help looks like to the end users

    That would help people be confident the instructions worked for them

    Rgds

    Jocelyn

    (1) 
  2. Andreas Rahe

    Hi, this is how it looks like when it is active, in this case within the Inventory Turnover App.

    And thank you Michael for the blog!

    Regards,

    Andreas

    (1) 
  3. Damian Gibbs

    Hi Michael

     

    A good concise blog. I would like to add the following comments if you dont mind.

    • SSL Configuration. You actually need to add the certificates to the Anonymous PSE (SAPSSLA.PSE) not the Client PSE. If you want to use the Client PSE as you have described then you need to specifiy it in the wdisp/system_* configuration using the parameter SSL_CLIENT_PSE i.e.

     

    wdisp/system_*=SID=HAC,EXTSRV=https://cp.hana.ondemand.com,SSL_CLIENT_PSE=SAPSSLC.PSE

     

    • In the Profile Preperation section, you talk about adding the new wdisp/system_* additions for the HAC and HAX systems. As you are using SRCURL mappings to redirect then you need to be carefull where they are pllaced in the entry list (SAP Help actually recommends them being number 0 and 1) otherwise requests may not get directted to them, if there is a SRCURL mapping of /sap already declared at a lower entry

     

    One way you can get around this is with the following configuration.

     

    Instance Profile

     

    wdisp/system_* = SID=HAC, EXTSRV=https://cp.hana.ondemand.com,STANDARD_COOKIE_FILTER=OFF

    wdisp/system_* = SID=HAX, EXTSRV=https://xray.hana.ondemand.com,STANDARD_COOKIE_FILTER=OFF

     

    filter_rules.txt

     

    if %{PATH} regimatch “^/sap/dfa/help/”
    begin
     RegRewriteRawUrl “^/sap/dfa/help/(.*)” “/dps/$1”
     SetHeader “HOST” “cp.hana.ondemand.com”
     SetHeader x-sap-webdisp-target-sid HAC [break]
    end

     

    if %{PATH} regimatch “^/resources/sap/dfa/help/”
    begin
     RegRewriteRawUrl (.*) “/xRayControls/$1”
     SetHeader “HOST” “xray.hana.ondemand.com”
     SetHeader x-sap-webdisp-target-sid HAX [break]
    end

     

    This does without the SRCURL mapping for these sites, and gets around any conflict resolutiion, and it does not matter where the entries now go in the instance profile.

     

    Hope this helps

    Damian

     

    (0) 

Leave a Reply