Upload
v3it
View
114
Download
9
Tags:
Embed Size (px)
Citation preview
Activities for implementing Federated Portal Network – Step by Step
Applies to: Consumer Portal: SAP NetWeaver 2004s (SP12)
Producer Portal: SAP NetWeaver 2004s (SP12)
Summary This article describes the activities to be followed for implementing Federated Portal Network between SAP-SAP portals. It contains step-by-step explanation of the tasks to be performed at both Consumer portal and Producer portal along with screen shots. It is applicable to content usage mode: ‘Remote Role Assignment’
Author(s): Kapil Sharma
Company: Tata Consultancy Services Ltd.
Created on: 05 March 2008
Author Bio
Kapil Sharma is working with Tata Consultancy Services Ltd for the last 3 years.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 1
Activities for implementing Federated Portal Network – Step by Step
Table of Contents
1 Introduction................................................................................................................................................3
1.1 Role played by:................................................................................................................................3
1.2 Activities for Content Producers ...................................................................................................4
1.2.1 Portal Tools for NetWeaver Producers ....................................................................................................4
1.2.2 View all Consumers which are registered on Producer Portal ............................................................18
1.2.3 Enabling/Disabling Access to Registered Consumers.........................................................................20
1.2.4 Removing Consumers .............................................................................................................................20
1.2.5 Exposing Content to Consumers ...........................................................................................................24
1.3 Activities for Content Consumers ...............................................................................................25
1.3.1 Portal Tools for NetWeaver Consumers.................................................................................................25
1.3.2 View all Producers which are registered on Consumer Portal ............................................................26
1.3.3 Enabling/Disabling Access to Registered Producers...........................................................................28
1.3.4 Removing Producers ...............................................................................................................................30
1.3.5 Producer Registration (Adding Producers) ...........................................................................................31
1.3.6 Getting Remote Content from Producers ..............................................................................................37
1.3.7 Assigning End-User Permission to Producer Objects and Content....................................................37
1.4 Step-by-Step process of ‘Remote Role Assignment’ ................................................................39
1.5 Problems/Errors/Exception..........................................................................................................45
Related Content ..............................................................................................................................................46
Copyright .........................................................................................................................................................47
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 2
Activities for implementing Federated Portal Network – Step by Step
1 Introduction
Federated Portal Network
A federated portal network (FPN) allows organizations with multiple portals, SAP and non-SAP, to share content between the portals. By implementing a federated portal network and sharing content between portals, organizations can provide users at each location with a single portal access point. From each portal configured as an access point, the users are able to access information, services and applications distributed on portals throughout the entire organizational network.
This article describes the activities to be followed for implementing Federated Portal Network between SAP-SAP portals. It is applicable to content usage mode: ‘Remote Role Assignment’
1.1 Role played by:
1) User admin
1) Configuring the Federated Portal Network
- Connect to the user repository (Producer and consumer)
2) Creating the Federated Portal Network
- Assign remote roles to local users (consumer, optional)
2) System Admin
1) Configuring the Federated Portal Network
- Configure system settings (producer and consumer)
- Define and configure producers (consumer)
- Set permissions (producer)
2) Maintaining the Federated Portal Network
- Configure user mapping (optional)
- Maintain your portal network
3) Content Admin
1) Creating Federated Portal NetworkContent
- Copy remote content to local portal (consumer, optional)
- Create proxy-to-portlet iViews (consumer, optional)
- Configure content (consumer, optional)
2) Maintaining the Federated Portal Network
- Check copied content for changes (optional)
4) End User
1) Work with the Portal
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 3
Activities for implementing Federated Portal Network – Step by Step
1.2 Activities for Content Producers
1.2.1 Portal Tools for NetWeaver Producers
Navigation Path Tool/Screen Description
System Administration → System Configuration → Keystore Administration
Keystore Administration
Set up trust between your portal and other NetWeaver consumer portals. Setup trust between Consumer portal and Producer portal
Note: The Visual Administrator tool is also need to complete the trust configuration
Setup trust between Consumer portal and Producer portal
Procedure
The following procedure describes how to exchange portal server certificate files between the producer and the consumer. If you are setting up the mandatory one-way trust configuration, perform the procedure once only. If you are setting up the optional two-way trust configuration, perform the procedure twice by alternating the producer and consumer as shown in the following table.
Certificate-Issuing Portal Certificate-Receiving Portal
Pass 1 (mandatory) Consumer Producer
Pass 2 (optional) Producer Consumer
Activities on the Certificate-Issuing Portal (e.g tcs051014)
Fig. 1 - Activities on the Certificate-Issuing Portal
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 4
Activities for implementing Federated Portal Network – Step by Step
Description:
Above snapshot is of Consumer Portal while exporting certificate to Producer Portal. This section describes how to export a keystore file from your portal (the certificate-issuing portal).
1. In the Content tab, click on “Download verify.der File”. 2. Browse to the folder in which you want to save the file, and save it. Assign .ZIP extension to the file
name. Here save verify.der.zip file to local system (e.g. C:\Documents and Settings\154085\Desktop\temp\verify.der.zip).
3. Open the compressed file and extract verify.der file (e.g. C:\Documents and Settings\154085\Desktop\temp\verify.der).It will create verify.der folder containing verify.der security certificate.
4. Manually transfer the verify.der file to a system administrator of the certificate-receiving portal.
Activities on the Certificate-Receiving Portal (e.g saptcs02)
Fig. 2 - Activities on the Certificate-Receiving Portal
Description:
Above snapshot is of Producer Portal while importing certificate from Consumer Portal. This section describes how to import the certificate file you received from another portal (the certificate-issuing portal) and to configure the necessary authorization settings.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 5
Activities for implementing Federated Portal Network – Step by Step
Importing the 'verify.der' File
1. In the portal, navigate to System Administration → System Configuration → Keystore Administration.
2. In the Import Trusted Certificate tab, click Browse.
3. Choose the verify.der file you obtained.
4. In the Alias field, specify a unique name (e.g. Fromtcs051014) for the key you are importing. The name should allow you to easily identify the portal it refers to.
5. Click Upload.
6. Open the Content tab and make sure that the key is listed in the keystore list.
Configuring Authorization Settings
1. Open the Visual Administrator tool.
1.1 Click “New”
Note: The above snapshot is after creating connection (e.g. “EP4saptcs02”) with SAP J2EE Engine
1.2 Enter Display Name (e.g. EP4saptcs02). Select “Direct Connection To a Dispatcher Node” radio button.
Click “Next”
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 6
Activities for implementing Federated Portal Network – Step by Step
1.3 Enter following fields:
User Name (e.g. “Administrator”)
Host (e.g. “XXXX.XXXX.XXXX.XXXX” (IP address) as saptcs02 is Producer Portal i.e. Certificate-Receiving Portal)
Port (e.g. 52004)
Transport Layer: default
1.4 Click “Save”. It will create connection “EP4saptcs02” as shown in the snapshot below and click “Connect”.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 7
Activities for implementing Federated Portal Network – Step by Step
1.5 Screen will prompt for Password. Enter authorized password and click “Connect”
2. Navigate to Server Node (e.g. saptcs02) → Services → Security Provider.
3. In the right-hand pane, navigate to the Runtime → Policy Configuration tab.
4. In the Components list, choose the ticket component.
Following screen appears:
Fig. 3 - Visual Administrator for saptcs02
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 8
Activities for implementing Federated Portal Network – Step by Step
5. Switch to edit mode by clicking icon (encircled in snapshot below).
Select each template or application that uses the login module CreateTicketLoginModule, for example, the template ticket. The login module stack for this component appears.
The table below shows the login module stack for the ticket template as it is delivered with the J2EE Engine. In this case, the option ume.configuration.active=true is set in the policy configuration for the ticket template.
Ticket Template Login Module Stack
Login Modules Flag Options
BasicPasswordLoginModule REQUISITE {}
com.sap.security.core.jaas. EvaluateTicketLoginModule
SUFFICIENT {ume.configuration.active=true}
com.sap.security.core.jaas. CreateTicketLoginModule
OPTIONAL {ume.configuration.active=true}
EvaluateAssertionTicketLoginModule SUFFICIENT {}
6. In the Authentication tab, choose the following login module:
com.sap.security.core.server.jaas.EvaluateTicketLoginModule and click “Modify” and “Edit Logon
Module” screen will appear as below.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 9
Activities for implementing Federated Portal Network – Step by Step
Note: Define a new set of parameters in the login module for each certificate-issuing portal. For each set of parameters, increment the suffix in the parameter name. For example: trusteddn2, trustediss2, trustedsys2, and so on.
Here trusteddn3, trustediss3, trustedsys3 are used as trusteddn1, trustediss1, trustedsys1 and trusteddn2,
trustediss2, trustedsys2 are already in use.
7. In the “Edit Logon Module” screen create the following parameters in the Options table:
Parameter Name Value
trusteddn3 Enter the distinguished name of the certificate owner. You can obtain this value as follows:
1. In the receiving portal, navigate to System Administration → System
Configuration → Keystore Administration.
2. In the Content tab, choose the alias of the certificate-issuing portal (e.g
“Fromtcs051014” – refer to section 1.2.2) in the dropdown list.
3. Copy the value of the DN of Owner property (e.g OU=J2EE,CN=EP1).
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 10
Activities for implementing Federated Portal Network – Step by Step
trustediss3 Enter the distinguished name of the certificate issuer. You can obtain this value as follows:
1. In the receiving portal, navigate to System Administration → System
Configuration → Keystore Administration.
2. In the Content tab, choose the alias of the certificate-issuing portal (e.g
“Fromtcs051014” – refer to section 1.2.2) in the dropdown list.
3. Copy the value of the DN of Issuer (e.g OU=J2EE,CN=EP1) property.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 11
Activities for implementing Federated Portal Network – Step by Step
trustedsys3 Enter the system ID and client ID of the certificate-issuing portal. Use the <System_ID>,<client_ID> format and separate values with a comma (,). 1. System ID: Specifies the 3-letter ID defined during the installation of
the portal.
2. Client ID: Specifies the client ID as specified in the login.ticket_client
property of the UME Provider in the portal. For a Java stack, the
default client ID is 000; however, in an Add-In installation, the client
ID must be unique and therefore cannot be 000.
NOTE: Description of the scenario – “Add-In- installation” where
client ID must be unique and cannot be 000 is explained in section
“Specifying the J2EE Engine Client to Use for Logon Tickets”
below.
In current scenario value of <System_ID>,<client_ID> is EP1, 000
8. Restart the server.
Specifying the J2EE Engine Client to Use for Logon Tickets
Use
When issuing logon tickets, it is necessary to make sure that the user’s ID for which the logon ticket has been issued is unique. For SAP Web AS, this includes determining the system ID and the client where the user exists. These attributes are necessary when maintaining the access control list in accepting systems and are therefore included in the user’s logon ticket.
When the J2EE Engine is the ticket-issuing system, its system ID is used as specified in the installation. Although the J2EE Engine does not have a client, it still needs to provide a client value to use for logon tickets so that the tickets can be accepted by other systems, for example, from an SAP Web AS ABAP. The default client for the J2EE Engine is 000, however, you can explicitly set a different value to use.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 12
Activities for implementing Federated Portal Network – Step by Step
The system ID and client combination must be unique when tickets are to be accepted by an SAP Web AS ABAP system. Therefore, in an Add-In installation, where the system IDs are the same, you must change the default client for the J2EE Engine (000) to a client that does not exist on the SAP Web AS ABAP system.
You can specify the configuration for logon tickets either in the UME properties or in the options for the login module CreateTicketLoginModule. The configuration to use depends on the value of the property ume.configuration.active.
If you use the UME configuration, then to specify the J2EE Engine’s client set the property login.ticket_client in the UME property sheet as specified in the snapshot below:
Note: Value of login.ticket_client must match with the value of client_ID defined for “trustedsys3” in section “In the “Edit Logon Module” screen create the following parameters in the Options table:” In current scenario the value of <System_ID>,<client_ID> is EP1, 000, where client_ID = ‘000’ which matches with login.ticket_client value.
Otherwise, set the property client in the options for the login module CreateTicketLoginModule. (The reason for these two configuration options is to provide for downward compatibility.)
See the procedures below for information about checking the ume.configuration.active property and where to set the logon ticket client property.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 13
Activities for implementing Federated Portal Network – Step by Step
Procedure
Checking the Property ume.configuration.active
To check the value of the property ume.configuration.active for the login module CreateTicketLoginModule, use the Security Provider service. Check for this parameter in both the policy configurations as well as in the user store configuration.
1) Checking the Property in the Policy Configurations
1. In the Security Provider service, choose Policy Configurations.
2. Select each template or application that uses the login module CreateTicketLoginModule, for
example, the template ticket.
The login module stack for this component appears.
Select each template or application that uses the login module CreateTicketLoginModule, for example, the template ticket. The login module stack for this component appears.
The table below shows the login module stack for the ticket template as it is delivered with the J2EE Engine. In this case, the option ume.configuration.active=true is set in the policy configuration for the ticket template.
Ticket Template Login Module Stack
Login Modules Flag Options
BasicPasswordLoginModule REQUISITE {}
com.sap.security.core.jaas. EvaluateTicketLoginModule
SUFFICIENT {ume.configuration.active=true}
com.sap.security.core.jaas. CreateTicketLoginModule
OPTIONAL {ume.configuration.active=true}
EvaluateAssertionTicketLoginModule SUFFICIENT {}
2) Checking the Property in the User Store Configuration
1. In the Security Provider service, choose the User Management tab page.
2. Choose UME User Store.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 14
Activities for implementing Federated Portal Network – Step by Step
3. Select the login module CreateTicketLoginModule and choose View / Change Properties.
The options are shown in the Options section. Following screen appears. Set the value of ume.configuration.active=true (encircled in snapshot).
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 15
Activities for implementing Federated Portal Network – Step by Step
Recommendation
If the ume.configuration.active property (or any other property) is set in the policy configurations and not in the login module options in the user store, then we recommend moving the setting(s) to the user store.
Reason
If properties are set in the login module options in the user store, then these properties are inherited by the policy configurations that use the corresponding login module.
However, if a property is set in the policy configurations, then no inheritance will take affect, even for additional properties that are set in the user store. Therefore, we recommend only setting options in the user store and not in the policy configurations.
Navigation Path Tool/Screen Description
System Administration → System Configuration → Service Configuration
Service Configuration Editor
1. Configure network proxy settings 2. Configuring your registration password
Configure network proxy settings
Note: Not applicable in current scenario because both Consumer and Producer Portals both are in same domain
Configuring your registration password (To be performed at Producer Portal e.g saptcs02)
Applicable to: remote role assignment, remote delta link, WSRP application sharing (for
NetWeaver consumers only)
Use
For increased security, you can set a registration password, which a NetWeaver consumer needs to enter upon registration with your producer portal
The procedure described here is only applicable for NetWeaver consumers. For non-SAP consumers, you need to set up consumer-specific users on your producer portal
This is a global setting for all NetWeaver consumers; you cannot set a different registration password for each consumer.
Procedure
1. In the producer portal, navigate to System Administration → System Configuration → Service
Configuration.
2. In the Portal Catalog, navigate to the com.sap.portal.ivs.wsrpservice application.
3. Open the AutoGenProducer1_0 service.
4. Enter a password in the REGISTRATION_PASSWORD property.
The default password is password. If you enter a blank password, the consumer does not
request one upon registration. Refer to snapshot below.
5. Save and close the service.
6. Open the com.sap.portal.ivs.wsrpservice application, and restart the
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 16
Activities for implementing Federated Portal Network – Step by Step
com.sap.portal.ivs.wsrpservice|AutoGenProducer1_0 service.
7. Close the editor.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 17
Activities for implementing Federated Portal Network – Step by Step
1.2.2 View all Consumers which are registered on Producer Portal
Navigation Path Tool/Screen Description
System Administration → Federated Portal → Myself as Content Producer → View My Consumers
View My Consumers
1. View all consumers which are registered on your portal
2. Block and unblock content consumers
3. Remove content consumers
Applicable to: remote role assignment, remote delta link, WSRP application sharing
Use
In the portal you can view all NetWeaver and non-SAP portals that have registered themselves as consumers on your producer portal.
Prerequisites
You have access to the federated portal administration tools in the standard System Administration role on your portal.
Procedure
In the portal, navigate to System Administration → Federated Portal → Myself as Content Producer → View My Consumers.
Fig. 4 – View My Consumers
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 18
Activities for implementing Federated Portal Network – Step by Step
In the View My Consumers screen, the following details are displayed:
Column Description
Status Displays the current access status of a registered consumer on your portal: • Access allowed: The content consumer is permitted to access your
portal and use shared content. • Access blocked: The content consumer is not permitted to access
your portal and use shared content.
Last Interaction Displays when the consumer last interacted successfully with your portal
(Interactions include WSRP-related procedures only, such as consumer registration, execution of remote content from the consumer portal, and the display of remote portlets in the iView wizard (WSRP application sharing mode).)
It does not include remote Portal Catalog lookup (between NetWeaver portals only) and connection tests, for example.)
Consumer Name Displays the name of the consumer (e.g “tcs051014”)
(NetWeaver consumers define their name in the Producer Registration tool)
Vendor Displays the vendor of the consumer (e.g “NetWeaver”)
In this screen, you can also: 1. Refresh the list of consumers. Click “Refresh”.
2. Block and unblock content consumers (Refer to section: “Enabling/Disabling Access to
Registered Consumers”)
3. Remove content consumers (Refer to section: “Removing Consumers)
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 19
Activities for implementing Federated Portal Network – Step by Step
1.2.3 Enabling/Disabling Access to Registered Consumers
Applicable to: remote role assignment, remote delta link, WSRP application sharing
Use
In the View My Consumers screen, you can block or unblock access to your portal by other portals that are already registered as consumers of your portal. The Status column displays the current access status of the consumer.
The Block Access and Allow Access settings have no effect on your ability to consume content from the same portal if you are a registered consumer of their content.
By default, a consumer is allowed access to your portal upon registration.
Prerequisites
You have access to the federated portal administration tools in the standard System Administration role on the producer portal.
Procedure
2.1 In the portal, navigate to System Administration → Federated Portal → Myself as Content
Producer → View My Consumers.
2.2 Select the checkbox of the consumer(s) whose access status you want to change.
2.3 o Click Block Access to prevent a consumer from interacting with your portal and using
shared content. o Click Allow Access to allow a blocked consumer to interact with your portal and use shared
content.
The Status column displays the current status of each consumer portal.
1.2.4 Removing Consumers
Applicable to: remote role assignment, remote delta link, WSRP application sharing
Use
In the View My Consumers screen, you can remove a consumer instance from your portal.
When you remove a consumer, all content (including its personalization data) on the consumer that originates from your portal becomes permanently invalidated. The consumer is then unable to use or restore the validity of these content objects. If the consumer has additional instances registered on the portal, the content consumed through those instances is not affected.
To temporarily prevent a content consumer from using your content, use the Block Access option instead.
Prerequisites
You have access to the federated portal administration tools in the standard System Administration role on the producer portal.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 20
Activities for implementing Federated Portal Network – Step by Step
Procedure
1. In the portal, navigate to System Administration → Federated Portal → Myself as Content
Producer → View My Consumers.
2. Select a consumer(s).
3. Click Remove. (Refer to Fig. 4 – View My Consumers)
4. Accept the confirmation message. The consumer is removed from the consumer display list.
Result
You have removed the consumer from your portal. All content consumed by the consumer in the same registration scope becomes invalidated.
The portal does not notify the consumer portal upon its deletion. We recommend that you manually notify the consumer to manually remove the producer from their portal in the Manage My Producers screen.
Navigation Path Tool/Screen Description
System Administration → Permissions → Portal Permissions
Permission Editor
Assign permissions to portal content to make it available to consumers and assign runtime permissions.
Note: In current scenario it is applicable to “Remote Role Assignment” content usage mode
(Permission Editor is also accessible from the Portal Content Studio, which allows you to assign permissions to portal content, such as iViews and roles. However, you are required to assign permissions to portal components—the Portal Content Studio does not display portal components. Therefore you will also need to use the main Permission Editor to access portal components.)
In remote role assignment mode, the system administrator on a NetWeaver producer (e.g saptcs02) must set permissions to its roles (e.g “MyRoleBHBP”) to expose them to user administrators from a NetWeaver consumer.
Setting Permissions on the Producer for ‘Remote Role Assignment’
Applicable to: remote role assignment
Use
To support the design time workflow and runtime activities for remote role assignment on the consumer portal, permissions need to be configured by administrators on both the producer and consumer portal.
The permissions that must be assigned on the producer portal so that: - User administrators on a consumer portal can search for remote roles and assign users (e.g user id: “146306” – Preeti Iyer) to them. - Business users on a consumer portal can run content embedded in a remote role.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 21
Activities for implementing Federated Portal Network – Step by Step
Prerequisites
1. The same user (e.g user id: “146306” – Preeti Iyer) base exists on both producer (e.g saptcs02) and consumer (e.g tcs051014) portals.
2. Roles (e.g “MyRoleBHBP”) have been created on the producer portal.
3. Owner permission in the objects to which you want to assign permissions.
4. Access to the Permission Editor in the portal.
Procedure
Certain settings must be configured on the producer before the consumer can perform remote role assignment, while other settings must be performed after remote role assignment has taken place on the consumer.
Permissions Settings on the Producer Portal before Remote Role Assignment
In the Permission Editor on the producer portal, assign the permissions described below: Object (on Producer)
Target User (on Consumer)
Permission Level
Description
Role User Admin -or- Delegated User Admin
Role assigner: enabled
Allows the user administrator on the consumer portal to do the following in the Identity Management tool:
1. Search for and view the remote role.
2. Assign local users on the consumer to the remote role.
Permissions Settings on the Producer Portal after Remote Role Assignment
Object (on Producer)
Target User (on Consumer)
Permission Level Description
Portal component (for iViews, pages, and page layouts)
Business user End user: enabled
Allows users to execute the iViews, pages, and layouts at runtime, which are assigned to remotely assigned roles.
System Business user End user: enabled
If an iView on the producer uses a system object to enable access to a backend system, the system administrator on the producer must assign end-user permission to business users in these system objects.
Once the remote roles can be accessed by the consumer, the user administrator can then assign these roles to their users and groups.
Note: Once a remote consumer has assigned users to your roles, make sure you adhere to the following instructions to ensure the continuous availability of remote roles:
Do not change the ID of the role. You can however change the role name. Steps to change the ID of the role (e.g “MyRemoteBHBP”) are shown in snapshots below.
Do not move the role to a new PCD location.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 22
Activities for implementing Federated Portal Network – Step by Step
Fig. 5 – Step 1 to change ID of the role “MyRemoteBHBP”
Fig. 6 – Step 2 to change ID of the role “MyRemoteBHBP”
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 23
Activities for implementing Federated Portal Network – Step by Step
Navigation Path Tool/Screen Description
Content Administration → Portal Content
Portal Content Studio
1. Create and manage content.
The Portal Content Studio provides a central
environment for developing and managing
the following types of portal content:
(iViews, pages, Layouts, roles, worksets,
business objects, business object operations)
2. Set permissions to portal content objects
(see references above for “Permission
Editor”)
1.2.5 Exposing Content to Consumers
To make content on your portal available to other consumers, you need to assign the appropriate portal permissions to content on your producer portal. The manner, in which you assign the permission, the type of permission needed, and the need to apply additional settings, depends on which content usage mode you choose to support.
Content usage modes that support the federated portal network scenario in SAP NetWeaver Portal:
1) ‘Remote Role Assignment’ Mode
2) ‘Remote Delta Link’ Mode
3) ‘WSRP Application Sharing’ Mode
Note: Out of these 3 content usage modes only ‘Remote Role Assignment’ mode is applicable for the current scenario
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 24
Activities for implementing Federated Portal Network – Step by Step
1.3 Activities for Content Consumers
1.3.1 Portal Tools for NetWeaver Consumers
Navigation Path Tool/Screen Functionality
System Administration → System Configuration → Keystore Administration
Keystore Administration Set up trust between your portal and other NetWeaver producer portals)
Refer to section:
Setup trust between Consumer portal and Producer portal
Activities on the Certificate-Issuing Portal
Navigation Path Tool/Screen Functionality
System Administration → System Configuration → Service Configuration
Service Configuration Editor ● Configure network proxy settings (Configuring Proxy Settings)
● Configure general cache settings for a portal in a federated network (Congiguring Caching for the Federated Portal)
● Configure settings to optimize your consumer profile (Optimizing Your Consumer Profile)
Note: Following activities are not applicable in current scenario:
Configure network proxy settings Configure general cache settings for a portal in a federated network Configure settings to optimize your consumer profile
Navigation Path Tool/Screen Functionality System Administration → Federated Portal → Myself as Content Consumer → Cache Management
Content Cache ● Clear cached role content that you have consumed through remote role assignment.
● Synchronize remote delta link content on the consumer with updates made to its source content on the producer. (Configuring Caching for the Federated Portal)
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 25
Activities for implementing Federated Portal Network – Step by Step
Note: Following activities are not applicable in current scenario:
Clear cached role content that you have consumed through remote role assignment Synchronize remote delta link content on the consumer with updates made to its source content on the
producer.
Navigation Path Tool/Screen Functionality System Administration → Federated Portal → Myself as Content Consumer → Cache Management
Cache Configuration Configure cache settings specific to federated portal content (Configuring Caching for the Federated Portal)
Note: Following activities are not applicable in current scenario:
Configure cache settings specific to federated portal content
1.3.2 View all Producers which are registered on Consumer Portal
Navigation Path Tool/Screen Functionality System Administration → Federated Portal → Myself as Content Consumer → View My Producers
View My Producers 1. View all the producers on which you are registered 2. Block and unblock content
producers
Applicable to: remote role assignment, remote delta link, WSRP application sharing
Use
You can view all the NetWeaver and non-SAP producers you have defined on your consumer portal. Useful information about each producer is also displayed.
Prerequisites
You have access to the federated portal administration tools in the standard System Admin role on your portal.
Procedure
In the portal, navigate to System Administration → Federated Portal → Myself as Content Consumer → View My Producers.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 26
Activities for implementing Federated Portal Network – Step by Step
Fig. 7 – View My Producers
In the View My Producers screen, the following details are displayed: Column Description
Status Displays the current registration and access status of a registered producer on your portal: • Not registered: You have not registered the content producer. • Access allowed: You have registered the producer and all types of interaction
with it from your portal are permitted. • Access blocked: You have registered the producer, but all types of interaction
with it from your portal are not permitted.
Last Interaction
Displays when your portal last interacted successfully with the producer. (Interactions include WSRP-related procedures only, such as consumer registration, execution of remote content from the consumer portal, and the display of remote portlets in the iView wizard (WSRP application sharing mode).) It does not include remote Portal Catalog lookup (between NetWeaver portals only) and connection tests, for example.
Producer Name
Displays the name of the producer. (e.g. “saptcs02_Producer”)
Producer URL
Displays the URL of the producer. (e.g. “http://saptcs02:52000/irj/servlet/prt/portal/prtroot/com.sap.portal.wsrp.coreproducer.WsdlGenerator”)
Vendor Displays the vendor of the producer. (e.g. “NetWeaver”)
Alias Displays the aliases assigned to the producer. (e.g “saptcs02_Producer”)
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 27
Activities for implementing Federated Portal Network – Step by Step
In this view, you can also:
1. Refresh the list of producers. Click Refresh.
2. Block and unblock content producers. (Refer to section: “Enabling/Disabling Access to
Registered Producers”)
1.3.3 Enabling/Disabling Access to Registered Producers Applicable to: remote role assignment, remote delta link, WSRP application sharing Use In the View My Producers screen you can permit or block access to registered producers from your
consumer portal.
If the producer is registered as a consumer on your portal, the Block Access and Allow Access capabilities you have as a consumer have no effect on the producer's ability (as a consumer) to consume content from your portal. Explanation as below:
On “tcs051014” Portal acting as both Consumer and Producer Portal
In Fig. 8 Myself as Content Consumer -> View My Producers saptcs02 with Producer Name “saptcs02_Producer” acts as Producer Portal
Fig. 8 – saptcs02 with Producer Name “saptcs02_Producer” acts as Producer Portal
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 28
Activities for implementing Federated Portal Network – Step by Step
In Fig. 9 Myself as Content Producer -> View My Consumers saptcs02 with Consumer Name “saptcs02” also acts as a Consumer Portal
Fig. 9 - saptcs02 with Consumer Name “saptcs02” also acts as a Consumer Portal
So here even if “Block Access” is enabled under Myself as Content Consumer -> View My Producers -> saptcs02_Producer (Producer Name), it have no effect on the producer’s (saptcs02) ability (as a consumer and tcs051014 as a producer) to consume content from “tcs051014” portal.
Prerequisites You have access to the federated portal administration tools in the standard System Admin role on the
consumer portal. Procedure 1. In the portal, navigate to System Administration → Federated Portal → Myself as Content Consumer → View My Producers.
2. Select the checkbox of the producer(s) whose access status you want to change. 3.
o Click Allow Access to permit your portal to interact with a blocked producer and use its shared content.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 29
Activities for implementing Federated Portal Network – Step by Step
o Click Block Access to prevent your portal from interacting with a producer and using its shared content.
The Status column displays the current status of each producer portal.
1.3.4 Removing Producers Applicable to: remote role assignment, remote delta link, WSRP application sharing Use You can remove a producer if you no longer want to use the content exposed by it, if the producer portal is no longer running, or for any other reason.
(When you remove a producer, all content that originates from the producer in the same registration scope remains intact on your portal, but becomes invalidated and all personalization settings are permanently lost. Content you have consumed through additional instances of the same producer are not affected. If you add the same producer, you still are not able to restore the functionality of the invalidated content.)
You can remove a producer if you no longer want to use the content exposed by it, if the producer portal is To temporarily prevent a content consumer from using your content without deleting it, use the Block Access feature instead. For more information, refer to Section: “Enabling/Disabling Access to Registered Producers”
Prerequisites You have access to the federated portal administration tools in the standard System Admin role on the consumer portal.
Fig. 10 – Removing Producer/s
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 30
Activities for implementing Federated Portal Network – Step by Step
Procedure 1. In the portal, navigate to System Administration → Federated Portal → Myself as Content Consumer → Manage My Producers. 2. In the Portal Catalog, navigate to the producer object you want to remove. 3. Right-click the producer object and choose Delete. A confirmation message is displayed. 4. Confirm the delete action.(Refer to Fig. 10) 5. Delete any proxy-to-portlet iViews and copied content you have generated on your consumer
Result You have removed the selected producer instance from your portal.
Note: However that no unregistration procedure for your consumer is performed on the producer portal. Therefore, on a NetWeaver producer you are still listed in their View My Consumers screen. We recommend that you notify the producer and request they remove your consumer instance from their portal.
1.3.5 Producer Registration (Adding Producers)
System Administration -> Myself as Content Consumer -> Manage My Producers
Under “NetWeaver Content Producers” folder
1) Right click “NetWeaver Content Producers” folder -> New -> NetWeaver Content Producer (Refer to Fig. 11)
Fig. 11 – Producer Registration
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 31
Activities for implementing Federated Portal Network – Step by Step
2) Step 1: General Properties
Producer Name: “saptcs02_Producer”
Producer ID: “saptcs02_Producer”
Producer ID Prefix (optional)
Click “Next”
Fig. 12 – Producer Registration (Step 1 – General Properties)
3) Step 2: Define Producer URL
Protocol: http
Host name: “saptcs02”
Port: 52000
Path of WSDL Definition File: (Default path to the WSDL file)
/irj/servlet/prt/portal/prtroot/com.sap.portal.wsrp.coreproducer.WsdlGenerator
Click “Next”
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 32
Activities for implementing Federated Portal Network – Step by Step
Fig. 13 – Producer Registration (Step 2 – Define Producer URL)
4) Step 3: Summary
Click “Finish
Open the object for editing”
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 33
Activities for implementing Federated Portal Network – Step by Step
Fig. 12 – Producer Registration (Step 3 – Summary)
5) Producer Alias Editor (Alias Name: “saptcs02_Producer”)
In this screen, you can view the alias of the selected producer portal. The alias is used in various administrative and user interfaces to identify the producer portal.
The alias is automatically defined by your portal and cannot be changed. You cannot add or remove aliases.
Fig. 13 – Producer Registration (Producer Alias - “saptcs02_Producer”)
6) Tests the connection to the WSDL file and ports of a content producer
Fig. 14 – Producer Registration (Test the Connection)
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 34
Activities for implementing Federated Portal Network – Step by Step
7) Producer Registration
Your Consumer Name: “tcs051014_Consumer_Demo”
Your Consumer URL: “http://tcs051014:50000/irj/portal”
Registration Password: “Marudhar123”. This is the password which is set at Producer Portal (saptcs02) shown in snapshot below:
Note: Password setting is optional. It is used to provide high level of security
Note: Before registering, check connectivity to the producer in the 'Connection Tests' screen.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 35
Activities for implementing Federated Portal Network – Step by Step
Fig. 14 – Producer Registration (Producer Registration)
8) Manage My Producers
Manage My Producers enables you to add NetWeaver and WSRP content producers to your portal. You can also test connections as well as register, edit, and delete producers. And you can set permissions to producers and define aliases.
Fig. 14 – Consumer Portal: “tcs051014” successfully registered on Producer Portal: saptcs02
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 36
Activities for implementing Federated Portal Network – Step by Step
1.3.6 Getting Remote Content from Producers NetWeaver consumer can bring remote content from another portal (NetWeaver and non-SAP) to your portal using the various tools offered in the portal user interface. The “Identity Management tool” supports the federated portal network scenario in SAP NetWeaver Portal: Content Usage Modes:
1) ‘Remote Role Assignment’ Mode 2) ‘Remote Delta Link’ Mode 3) ‘WSRP Application Sharing’ Mode
Note: Currently only ‘Remote Role Assignment’ Mode is applicable
Purpose
In remote role assignment mode, a user administrator on a NetWeaver portal (the consumer) assigns local users to NetWeaver remote roles residing on another portal (the producer).
Process Flow
In the Identity Management tool in the consumer portal, the user administrator does either of the following: o Searches for a remote role and then assigns local users or groups to it. o Searches for a local user or group and then assigns a remote role to it.
1.3.7 Assigning End-User Permission to Producer Objects and Content
Applicable to: remote role assignment, remote delta link, WSRP application sharing
Use
End-user permission enables business users to run content at runtime. Just as end users require end-user permission to run local content on your portal, they also need end-user permission for local content originating from a remote producer.
This topic describes when to assign end-user permission to a producer object and the remote-based local content on the consumer portal.
Prerequisites 1. You have authorization to access the main Permission Editor. (Not mandatory for system
administrators who have authorization to access the Manage My Producers screen.) 2. You have owner administrator permission. 3. You have consumed remote content from a producer portal.
Procedure
In the Permission Editor, assign end-user permission as follows:
Content usage mode End-user permission to producer object on consumer
End-user permission to localized content on consumer
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 37
Activities for implementing Federated Portal Network – Step by Step
Remote role assignment Yes (not applicable)1
Remote content copy Yes Yes2
WSRP application sharing
Yes Yes3
1 No local content is created on the consumer during remote role assignment. 2 Permission is assigned to remote-based local iViews, pages, worksets and roles on the consumer. 3 Permission is assigned to proxy-to-portlet iViews on the consumer.
(In addition to the end-user permission assigned to remote-based local content on the consumer, the system administrator on the producer must also assign end-user permission to the remote content on the producer. End users also require permission to run the portal components on which remote iViews and pages are based; these portal components are located in security zones on the producer.)
If an iView on the producer uses a system object to enable access to a backend system, the system administrator on the producer must assign end-user permission to consumer-based business users in these system objects.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 38
Activities for implementing Federated Portal Network – Step by Step
1.4 Step-by-Step process of ‘Remote Role Assignment’
Step 1: Remote role creation at Producer Portal • “MyRoleBHBP” role is created at Producer Portal (saptcs02) having “BHBP_WS” as workset and
“BHBP_Page” page within workset.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 39
Activities for implementing Federated Portal Network – Step by Step
Step 2: Scenario before ‘Remote Role Assignment’ • When user “146306” (Preeti Iyer) logs in Consumer Portal (tcs051014), following screen appears.
Here remote role “MyRoleBHBP” assignment is still not done.
Note: User “146306” (Preeti Iyer) must have “End User” role on the content object at Producer Portal
Step 3: User Mapping (Remote iViews)
Description
- Mapping of logon credentials for users, such as user name and password, to secured data sources
provides Single Sign-on (SSO) capabilities.
- With SSO with user mapping, users are not prompted for logon information every time an iView
retrieves data from a secure source at runtime.
- In the federated portal network users which are executing producer content connected to systems
must be mapped to systems defined on the producer.
- The user mapping can be accomplished from the producer or the consumer.
• User “154085” (Kapil Sharma - Role to be played by “User Admin”) logs in Consumer Portal
(tcs051014).
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 40
Activities for implementing Federated Portal Network – Step by Step
• Go to Personalize -> User Mapping (Remote iViews) -> Select “saptcs02_Producer” from Remote
Content Provider. Here choose a producer to display its systems and properties for entering logon data. Following screen appears prompting to enter your user mapping credentials for content originating from a remote producer portal. Exit from User Mapping (Remote iViews) screen.
• Enter User credentials of Remote Producer Portal i.e “saptcs02”
User id: 154085 (Kapil Sharma)
Password:XXXX
Now “User Admin” (154085 – Kapil Sharma) can perform remote role assignments on Consumer Portal
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 41
Activities for implementing Federated Portal Network – Step by Step
Step 4: Assigning remote roles (“MyRoleBHBP”) local users “146306” (Preeti Iyer)
• Navigate to User Administration -> Identity Management. Perform role “MyRoleBHBP” assignment to
local users “146306” (Preeti Iyer) • Steps:
o Enter “146306” in search criteria o Click Modify. Select Assigned Roles tab o Under “Available Role”, select “saptcs02_Producer” in search criteria. o Enter “*” to search all the remote roles available on Producer Portal “saptcs02”. Alternatively
search for “MyRoleBHBP” remote role. Following screen appears displaying remote role “MyRoleBHBP”.
o Assign “MyRoleBHBP” to user “146306” (Preeti Iyer). Following screen shows remote role
“MyRoleBHPB” successfully assigned to local user “146306” (Preeti Iyer).
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 42
Activities for implementing Federated Portal Network – Step by Step
o Save the changes
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 43
Activities for implementing Federated Portal Network – Step by Step
Step 5: Scenario after ‘Remote Role Assignment’
• Now when user “146306” (Preeti Iyer) logs in Consumer Portal (tcs051014), following screen
appears. Here remote role “MyRoleBHBP” assignment is still successfully done, so remote role “MyRoleBHBP” (encircled) appears under Navigation Structure
NOTE: To enable remote role “MyRoleBHBP” to appear under Navigation Structure set “Entry
Point” property of remote object = true
• Following screen appears on click to “MyRoleBHBP”
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 44
Activities for implementing Federated Portal Network – Step by Step
1.5 Problems/Errors/Exception • Problem may get encounter due to following reason:
1. User should exist in both user store of Consumer and Producer portal otherwise it won’t work.
2. Incase if the registration is successful then there might be some problem with your servers
(Consumer & Producer) clock timings. 3. If runtime exception gets encountered on click to remote role because of Access denied to
Object (snapshot below), then user (User Admin) need to enter user mapping credentials for content originating from a remote producer portal through User Mapping (Remote iViews)
4. ‘Remote Role Assignment’ may get fail perhaps because user to whom remote role assignment is done doesn’t have “End User” role assigned to him/her at Producer Portal. End-user permission enables business users to run content at runtime. Just as end users require end-user permission to run local content on your portal, they also need end-user permission for local content originating from a remote producer.
5. You should have Owner permission in the objects to which you want to assign permissions
otherwise ‘Remote Role Assignment’ wont work.
6. In the portal content studio, open the producer under 'NetWeaver content producers'. If it does not contain folders in it, the registration is considered to be unsuccessful even though it stated it was successful while registration.
7. Change the data source to Producer object id while searching producer role in consumer
user administration
8. Make sure your administrator does not have any remote roles assigned to him/her. Do this when you can afford a potential downtime. In System administration -> System configuration -> Service configuration you'll find com.sap.portal.gpnavigationconnector. Restart it. After this is done (might take a while) try to get the remote roles again. If this works, you have probably not updated your system with the latest patch from SMP. Another thing to check: In the portal content studio, open the producer under 'NetWeaver content producers'. If it does not contain folders in it, the registration was unsuccessful even though it stated it was.
9. During the process of Registering (Adding) Producer Portal, while entering the connection
parameters of the NetWeaver producer portal use appropriate Host name against “Host Name” input field instead of IP address. Perhaps this might create some problem during execution in later stage. E.g. Host Name: use “saptcs02” instead of XXXX.XXXX.XXXX.XXXX (IP address)
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 45
Activities for implementing Federated Portal Network – Step by Step
Related Content 1) Activities for Content Consumers
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/22387b0b413fe1e10000000a11466f/frameset.htm
2) Activities for Content Producers
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/22387b0b413fe1e10000000a11466f/frameset.htm
3) Workflow: Remote Role Assignment
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/23fd33cad10d23e10000000a1553f7/frameset.htm
4) Configure Remote Role Assignment
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/2dd5abcd-0b01-0010-2c92-81b9f8efc2e1
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 46
Activities for implementing Federated Portal Network – Step by Step
Copyright © 2008 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, System p5, System x, System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
These materials are provided “as is” without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
SAP shall not be liable for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials.
SAP does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third party web pages nor provide any warranty whatsoever relating to third party web pages.
Any software coding and/or code lines/strings (“Code”) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent.
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com © 2008 SAP AG 47