SAP BusinessObjects & SAP EP Integration
This guide describes the configuration steps required for the integration of the BusinessObjects Reports into SAP Enterprise Portal.
We had a requirement to integrate BO Reports into SAP EP with SRM system as SAP Entitlement system for BOBJ system.
When I searched for the integration documents over the web, I found quite a few blogs and documents (certainly helpful) but they had explained the Single Sign – On configuration steps between EP, BO and BW systems which drove me to write this blog.
In our landscape, we have integrated Portal 7.5 SP 5 & BOBJ 4.2 SP 3 Patch 4 with SRM system as SAP entitlement system.
Following are the configuration steps required to integrate the BusinessObjects Reports into SAP Enterprise Portal with SRM system configured for BOBJ Users Authentication.
Step 1 – Please check your BOBJ system version before you start the actual Integration steps as you might run into issues later on during the iView creation step using the BOBJ iView Templates.This is in accordance with the following SAP Note 2387610 – Remove dependency on com.sap.portal.common.commonservices package for SAP Business Objects iviews
Step 2 – Retrieve the below system files from the following BOBJ Server location: [BI4_INSTALL_PATH]/SAP BusinessObjects Enterprise XI 4.0/warfiles/portlet/iviews
Step 3 – Importing the EPA file into Portal
Browse the EPA file and click on the Upload button.
Content Uploaded and ready for Import. Click on the Import button.
Business Objects Content imported successfully into Portal.
Step 4 – Migrating the PAR file to EAR file.
Go to System Administration and click on PAR Migration Tool.
Browse the PAR file to be migrated and click on Upload button.
Add the file to the selected file on the right hand side to start migration process.
Click on the Download button to save the Migrated EAR file on your local file system.
Step 5 – Deploy the migrated EAR file on the portal and restart the portal server.
Step 6 – Create a System Object in the Portal using new system template: SAP BusinessObjects System Template and ensure that SSO is configured between the Portal and the SAP System mentioned in connector properties of System Object.
Specify the SAP BusinessObjects Category properties such as Embed Secret and Web Application Server URL.
Specify the same SAP Backend system Properties under the category group ‘Connector’ that has been defined as SAP Entitlement system in the Business Objects system.
Step 7 – Creating BusinessObjects iView using the new template: SAP BusinessObjects Document Viewer Template
Select the System Alias defined for Business Objects System and specify the other relevant properties as per the below screenshot.
Specify the relevant iView properties as per the below screenshot.
Step 8 – Assign the iView to a Role
Step 9 – Set up SSO for OpenDocument and BILaunchPad.
In the BOD server, go to <InstallDir>\tomcat\webapps\BOE\WEB-INF\conf\default and copy the below mentioned files to InstallDir>\tomcat\webapps\BOE\WEB-INF\conf\custom. Then modify the following parameters in the respective files.
Step 10 – After configuring the above properties, Restart the BOD server.
Step 11 – Create a Role in the SAP Entitlement system (In our landscape, it is SRM system) and assign the role to the test user.
Step 12 – Configure the BOD system Authentication to SAP Authentication.
Log onto the CMC. Go to the Authentication section. Select the SAP Authentication, In the Entitlement Systems tab, enter the values for System, Client, Application Server, System Number, User Name, Password SAP client, SAP System ID (SID) according to the SAP system. Check that SAP Authentication is enabled on the Option tab.
Make sure Enable SAP Authentication checkbox is enabled.
Upload the generated key store file and specify the Private Key Alias.
Step 13 – Import the above role in BOBJ server and assign the alias to the test user
And we are done 🙂
Now, to test the behavior, let’s login to Portal and access the BO Report and test the SSO.
And we are able to access the report without having a need to enter the user credentials again!!!
Hope you guys find this document useful while planning to implement such scenarios in your IT landscape.
Excellent blog you have written !!!
I am caught up into an issue here. Please could you help.
When I run the document list iview, I get system alias not defined or user does not have permission issue. What might be causing the issue.
I have given read permission to user on system object, iview, portal application com.sap.businessobjects.iviews also. Still issue persists.
thank you !
You can also refer to the below SAP KBA: 2030655 -
System Alias is not defined or permission denied for this user
Please let me know in case of any issues.
Thanks for the appreciation!
Have you selected the End User checkbox while assigning the permissions?
Can you please help us here
Our is BOBJ 4.2 and Portal 7.3
I was able to deploy and get system & iview template. I created BOBJ syste, however when creating iview using BOBJ document template, Im not getting option to select system alias at all. Just General Properties and Aummary, I dont see any Propperty in iview where I can system alias
Sorry for replying late, was away for a while.
Can you retrieve the system files again from the BOBJ server and repeat the exercise.
I am suspecting that the files might have got corrupted during the copy operation.
If still that does not help, you may look to upgrade your BOBJ system to the latest patch level which should resolve your issue in any case.
Thanks Anurag, it got resolved, our portal guys figured it out.. 🙂
Glad to hear that...
thanks so much and appreciate your effort. If Enterprise portal is in DMZ and bobj is in private network would this stil work without exposing bobj host ?? or we still need reverse proxy ??
This depends on the network configurations.
As per my understanding, the above solution will only work, if both the servers share the same domain names (FQDNs) which is mandatory for the Single Sign On to work as expected.
You can try to access your Portal server through a virtual host name with the matching domain name and test SSO with BOBJ system which is inside the firewall.
If that does not work out, it is advisable / best practice to use a reverse proxy server in between your Portal server and BOBJ server considering your IT landscape.