1

Implementing a Federated PortalNetworkRemote Role Assignment

SAP NetWeaver Product Management

February 2008

2

© SAP 2008 / Page 2

Content Sharing Content Usage Modes

SAP NetWeaverProducer Portal

SAP NetWeaverConsumer Portal Remote role assignment

SAP NetWeaver 7.0 SPS09

Remote delta linksSAP NetWeaver 7.0 SPS10

Producer role

BI JavaApplications

Remote application integrationSAP NetWeaver 7.0 SPS13 for BI

The Federated Portal Network supports 3 content sharing modes when discussing SAPNetWeaver – SAP NetWeaver Integration:

Remote Role Assignment (RRA): Here you have the full content administration performed onthe producer portal. You deploy applications, create iViews / pages / worksets / roles on theproducer and want to reuse the content as is on the central consumer portal. In the consumer, youthen have no content administration effort at all, but you can assign the remote roles to users onthis consumer portal directly. This is available since SAP NetWeaver 7.0 SPS 09.

Remote Delta Links (RDL): With this content usage mode, portal content (like iViews, pages …)from a producer portal can be reused, adjusted and embedded into the local content offering of aconsumer portal. You can browse the portal content directory (pcd) of the producer portal, copy thecontent and paste as delta link into the local PCD of the consumer portal. This mode is availablesince SAP NetWeaver 7.0 SPS 10.

Remote Application Integration (RAI): This content sharing mode is available in SAPNetWeaver 7.0 SPS 13 for BI reports only. It is basically a contrary content usage mode to RemoteRole Assignment. In RAI you don’t have any content administration on the producer portal, but dothe full content administration flow only through the central consumer portal. Thus you can createiViews on the consumer portal that are integrating BI reports from a remote producer portal.

For SAP NetWeaver Portal & non-SAP Portal integration this content sharing mode is available:

WSRP content sharing: In order to integrate standard-compliant content coming from Non-SAPportals, an iView template is available in the Portal Content Studio. Consuming and producingcontent is supported since SAP NetWeaver 7.0 (2004s) SPS 09.

3

© SAP 2008 / Page 3

Remote Role Assignment – Runtime TechnicalFlow

http://portal.....

Buildnavigation andcreate newURLS

Request framework andcontent

Request navigation *

Navigation properties *

Get navigation andURL redirect

Request content

Get content

SAP NetWeaverProducer Portal

SAP NetWeaverConsumer Portal

* This step happens only once then cached

Explanation of the runtime flow:

1. The end user opens the browser, enters the URL of the central consumer portal and requestssome content

2. The requested role is located on a remote producer portal, thus the navigation is requested fromthis producer.

3. The navigation properties from the producer are sent back to the consumer.

4. On the consumer the navigation properties have to be rebuild, since those navigation nodesshould point directly to the producer portal and an “enhanced URL redirect“ will be performedwhen clicking on it.

5. The navigation is displayed in the browser.

6. The content itself is requested from the producer portal directly via this URL redirect – there isno additional interaction taking place with the consumer.

7. The content is executed on the producer, sent back to the browser and displayed in the contentarea of the portal.

4

© SAP 2008 / Page 4

Remote Role Assignment – Facts

An SAP NetWeaver producer portal can offer complete rolesto an SAP NetWeaver consumer.

Role content is maintained on the producer.

The navigation structure of the role is built on the consumer(top level navigation and detailed navigation) .

Role content is executed on the producer.

The remote roles are assigned to the consumer users using thestandard Role Assignment tools.

Remote Role Assignment is ideal in cases were no changes tothe provided content are required.

Merging Remote Roles is possible.

With Remote Role Assignment you can integrate roles from the producer portal as is into aconsumer portal. Thereby content is fully created and maintained on the producer portal. Duringruntime, the navigation structure will be built on the consumer portal – that comprehends both thetop-level navigation as well as the detailed navigation. The major load is residing on the producerportal during runtime, since the portal content as well as the application are rendered and executedthere. In order to integrate remote roles into the consumer portal, you can assign the roles to theconsumer portal‘s user with the standard role assignment tools – the User Management UIsavailable in the portal. Usually, remote role assignment is ideal if you would like to use the contentas is in the consumer portal and you don‘t require any changes locally. The only modification optionis to merge remote roles for example with local roles. You can merge local only roles as well asremote roles – if you define a merge ID and the same title of the role, then the navigation will bemerged into one common navigation point.

5

© SAP 2008 / Page 5

DEMO- Remote Role Assignment -

6

© SAP 2008 / Page 6

Prerequiste: Producer Object

Before we can really perform remote role assignment, the federated portal network setup should befinalized: this includes for example

Maintain proxy settings

Setting up Single Sign-On between portals (exchange SAP Logon Tickets)

Create producer object in consumer portal and register: The screenshot here for example showsa consumer portal which has some producer portals connected to it.

These steps are usually performed only once as an initial setup. The following steps of actuallyperforming then the remote role assignment are done whenever needed.

7

© SAP 2008 / Page 7

Modify User – Choose Data Source

You can use the standard user administration tools of the portal in order to perform remote roleassignment.

For this purpose you navigate to User Administration Identity Management. Here you can selecta user that should receive the additional role – in this case we chose user admin.

Then in the details of the user, under assigned roles, you can select which role you are looking for.Here you receive a drop down box that includes all data sources that might contain roles. Thiscomprehens the local data sources as well as all SAP NetWeaver producer portals connected to it.We can see for example the alias of the producer object from the previous slide: MTP.

8

© SAP 2008 / Page 8

Select Role from Producer

After choosing in the search criteria the proper producer alias (MTP), you can search for roleslocated on this portal. In this case we are looking for Employee Self-Services and on the producerportal we can find some roles that match those criteria. You can select the appropriate role andclick on the button „Add“.

9

© SAP 2008 / Page 9

Roles from Different Portals are assigned toUser

After adding the role to the user and saving these settings, you can see the changes in theoverview of assigned roles. Here the field „Data Source“ exists as well so that anadministrator can easily see where the role is coming from that is assigned to this user.

10

© SAP 2008 / Page 10

Remote Role – End User Runtime (Consumer)

After a refresh of the browser, the new navigation entry is visible in the consumer portal. Now youcan click on „Employee Self-Services“ and see the content that is located on a different producerportal. The whole business package was integrated as is and the theme of the consumer portal isapplied to the content. For the end user the whole experience is seemless and there are almost novisual indicators that show where the content is really persisted. Thus for end users the setup istransparent.

11

© SAP 2008 / Page 11

End User Runtime on Producer Portal

When logging in to the producer portal that really holds the role Employee Self-Services as well asthe application itself, you can see that the navigation structure and content is the same. However,here the original theme and look & feel was applied. Moreover, the navigation structure in theproducer portal can vary. However, if you assign a role to the user of the consumer portal, anautomatic assignment of the same role on the producer portal takes place.

12

© SAP 2007 / Page 12

Thank you!

13

© SAP 2007 / Page 13

Copyright 2008 SAP AGAll rights reserved

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changedwithout prior notice.Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, Duet, Business ByDesign, ByDesign, PartnerEdge and other SAP products and services mentioned herein as well as theirrespective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned andassociated logos displayed are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

The information in this document is proprietary to SAP. This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This documentcontains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy,and/or development. SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, orother items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties ofmerchantability, fitness for a particular purpose, or non-infringement.SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitationshall not apply in cases of intent or gross negligence.The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in thesematerials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages

Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche Genehmigung durchSAP AG nicht gestattet. In dieser Publikation enthaltene Informationen können ohne vorherige Ankündigung geändert werden.Einige von der SAP AG und deren Vertriebspartnern vertriebene Softwareprodukte können Softwarekomponenten umfassen, die Eigentum anderer Softwarehersteller sind.SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, Duet, Business ByDesign, ByDesign, PartnerEdge und andere in diesem Dokument erwähnte SAP-Produkte und Servicessowie die dazugehörigen Logos sind Marken oder eingetragene Marken der SAP AG in Deutschland und in mehreren anderen Ländern weltweit. Alle anderen in diesem Dokument erwähntenNamen von Produkten und Services sowie die damit verbundenen Firmenlogos sind Marken der jeweiligen Unternehmen. Die Angaben im Text sind unverbindlich und dienen lediglich zuInformationszwecken. Produkte können länderspezifische Unterschiede aufweisen.

Die in diesem Dokument enthaltenen Informationen sind Eigentum von SAP. Dieses Dokument ist eine Vorabversion und unterliegt nicht Ihrer Lizenzvereinbarung oder einer anderenVereinbarung mit SAP. Dieses Dokument enthält nur vorgesehene Strategien, Entwicklungen und Funktionen des SAP®-Produkts und ist für SAP nicht bindend, einen bestimmtenGeschäftsweg, eine Produktstrategie bzw. -entwicklung einzuschlagen. SAP übernimmt keine Verantwortung für Fehler oder Auslassungen in diesen Materialien. SAP garantiert nicht dieRichtigkeit oder Vollständigkeit der Informationen, Texte, Grafiken, Links oder anderer in diesen Materialien enthaltenen Elemente. Diese Publikation wird ohne jegliche Gewähr, wederausdrücklich noch stillschweigend, bereitgestellt. Dies gilt u. a., aber nicht ausschließlich, hinsichtlich der Gewährleistung der Marktgängigkeit und der Eignung für einen bestimmten Zwecksowie für die Gewährleistung der Nichtverletzung geltenden Rechts.SAP übernimmt keine Haftung für Schäden jeglicher Art, einschließlich und ohne Einschränkung für direkte, spezielle, indirekte oder Folgeschäden im Zusammenhang mit der Verwendungdieser Unterlagen. Diese Einschränkung gilt nicht bei Vorsatz oder grober Fahrlässigkeit.Die gesetzliche Haftung bei Personenschäden oder die Produkthaftung bleibt unberührt. Die Informationen, auf die Sie möglicherweise über die in diesem Material enthaltenen Hotlinkszugreifen, unterliegen nicht dem Einfluss von SAP, und SAP unterstützt nicht die Nutzung von Internetseiten Dritter durch Sie und gibt keinerlei Gewährleistungen oder Zusagen überInternetseiten Dritter ab.Alle Rechte vorbehalten.