Integration of Outlook Web Access (OWA) into SAP Enterprise Portal



Similar documents
Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

Collaboration Technology Support Center - Microsoft - Collaboration Brief

How to Create Web Dynpro-Based iviews. Based on SAP NetWeaver 04 Stack 09. Jochen Guertler

Download and Install Crystal Reports for Eclipse via the Eclipse Software Update Manager

Configuring Distribution List in Compliant User Provisioning

Integration of SAP central user administration with Microsoft Active Directory

How to Set Up an Authorization for a Business Partner in Customer Relationship Management (CRM) Internet Sales: Sample Case

How To Configure MDM to Work with Oracle ASM-Based Products

Extract Archived Data from SAP ERP

Single Sign-On between SAP Portal and SuccessFactors

SAP Master Data Governance- Hiding fields in the change request User Interface

Implementing Outlook Integration for SAP Business One

SAP CCMS Monitors Microsoft Windows Eventlog

3 rd party Service Desk interface

SAP NetWeaver MDM 5.5 SP3 SAP Portal iviews Installation & Configuration. Ron Hendrickx SAP NetWeaver RIG Americas Foundation Team

How to configure BusinessObjects Enterprise with Citrix Presentation Server 4.0

prioritize XI messages on integration server

Backup & Restore with SAP BPC (MS SQL 2005)

SAP GRC Access Control: Background jobs for risk analysis and remediation (formerly Virsa Compliance Calibrator)

CREATING A PURCHASE ORDER STORE RECORD WEB SERVICE

Integrating Easy Document Management System in SAP DMS

Analyzing Sales Data for Choosing Forecast Strategies

Ronald Bueck SBO Product Definition

Integrate Third Party Collaboration Tools in the SAP NetWeaver Portal. SAP NetWeaver Product Management

Methodology to Implement SAP Process Integration

Performance Best Practices Guide for SAP NetWeaver Portal 7.3

Workflow extended notifications

Developing Applications for Integration between PI and SAP ERP in Different Network Domains or Landscapes

Posting Messages into XI

Maintaining Different Addresses and Ids for a Business Partner via CRM Web UI

Alert Notification in SAP Supply Network Collaboration. SNC Extension Guide

Integration of Universal Worklist into Microsoft Office SharePoint

Sales Rush Sales Order Processing S01- Lean Baseline Package. SAP Lean Baseline Package Version: V1.500 Country: UK Language: EN Date: February 2006

Business One in Action - How can we post bank fees and charges while posting Incoming or Outgoing Payment transactions?

E-Recruiting Job Board Integration using XI

Utilities for downloading and uploading OO ABAP classes in XML format

Process Archiving using NetWeaver Business Process Management

R/3 and J2EE Setup for Digital Signature on Form 16 in HR Systems

TM111. ERP Integration for Order Management (Shipper Specific) COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Global Transport Label - General Motors -

Roster Configuration (Payroll) in SAP ECC 6.0 Tips & Tricks

UI Framework Logo exchange without skin copy. SAP Enhancement Package 1 for SAP CRM 7.0

How to Configure and Trouble Shoot Notification for Process Control 2.5

NetWeaver Business Client (NWBC) for Incentives and Commissions Management (ICM)

Enterprise Software - Applications, Technologies and Programming

Third Party Digital Asset Management Integration

Understanding HR Schema and PCR with an Example

Sending Additional Files from SAP Netweaver PI to third Party System

Data Archiving in CRM: a Brief Overview

How to Create a Support Message in SAP Service Marketplace

HR400 SAP ERP HCM Payroll Configuration

UI Framework Task Based User Interface. SAP Enhancement Package 1 for SAP CRM 7.0

SAPFIN. Overview of SAP ERP Financials COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Integration of SAP Netweaver User Management with LDAP

Monitoring and Management of Landscapes with SAP NetWeaver Administrator. Dieter Krieger, SAP AG

Business Requirements... 3 Analytics... 3 Typical Use Cases... 8 Related Content... 9 Copyright... 10

UI Framework Simple Search in CRM WebClient based on NetWeaver Enterprise Search (ABAP) SAP Enhancement Package 1 for SAP CRM 7.0

Table of Contents. How to Find Database Index usage per ABAP Report and Creating an Index

Log Analysis Tool for SAP NetWeaver AS Java

Problems with your Data Model in SAP NetWeaver MDM Do s and Don ts

How To... Call BEx Web Applications from SAP BusinessObjects Dashboards (Xcelsius) and vice versa

K in Identify the differences between the universe design tool and the information design tool

DATA ARCHIVING IN SAP R/3 ENTERPRISE. Georg Fischer PM Data Archiving SAP AG

How To Balance In Sap Bw

AC200. Basics of Customizing for Financial Accounting: General Ledger, Accounts Receivable, Accounts Payable COURSE OUTLINE

Duet Enterprise Add SAP ERP Reports and SAP BI Queries/Workbooks to Duet Enterprise Configuration

Debugging Portal Applications

PE Training and Event Management. SAP ERP Central Component

SAP NetWeaver BRM 7.3

How to Add an Attribute to a Case, Record and a Document in NW Folder Management (ex-records Management)

Data Source Enhancement Using User Exit

Consume an External Web Service in a Nutshell with good old ABAP

Portfolio and Project Management 5.0: Excel Integration for Financial and Capacity Planning

Enabling Full-Text Search for Business Objects in mysap ERP

How To Use the ESR Eclipse Tool with the Enterprise Service Repository

Sample Universe on Microsoft OLAP Cube

Secure MobiLink Synchronization using Microsoft IIS and the MobiLink Redirector

ARCHIVING OF IDOCS IN SAP

How to Schedule Report Execution and Mailing

SEM and Budget Preparation. David Reifschneider Sr. Consultant, SAP SI America

Installation Guide Customized Installation of SQL Server 2008 for an SAP System with SQL4SAP.VBS

How to Configure Access Control for Exchange using PowerShell Cmdlets A Step-by-Step guide

SAP Sales and Operations Planning Software Product (xsop)

Budget Control by Cost Center

mysap ERP Talent Management Dr. Christian Acosta-Flamma

Configuring Single Sign-on for SAP HANA

ERP Quotation and Sales Order in CRM WebClient UI Detailed View. SAP Enhancement Package 1 for SAP CRM 7.0 CRM Sales - SFA

mysap PLM Lifecycle Collaboration: Transparente Produktentwicklung mit der cproject Suite Andreas Vetter Product Manager, SAP AG

Xcelsius Dashboards on SAP NetWaver BW Implementation Best Practices

Session ID: B410 A Secure Future Today with SAP NetWeaver

BW Workspaces Use Cases

SAP NetWeaver 04 Security Guide. Security Guide for SAP Mobile Infrastructure

Implementing SSO between the Enterprise Portal and the EPM Add-In

Siteco Relies on SDN for its SAP CRM 5.0 Upgrade

SAP xapp Resource and Portfolio Management (SAP xrpm)

Learning Management Systems. SAP Learning Solution overview. Integration. Demonstration. 5 Wrap-up. SAP AG 2002, Title of Presentation, Speaker Name 2

Learning Series: SAP NetWeaver Process Orchestration, secure connectivity add-on 1c SFTP Adapter

How To... Integrate Custom Formulas into the Formula Builder

SAP SYSTEM MEASUREMENT GUIDE

Transcription:

Collaboration Technology Support Center - Microsoft - Collaboration Brief October 2004 Integration of Outlook Web Access (OWA) into SAP Enterprise Portal André Fischer, Project Manager CTSC, SAP AG Michael Sambeth, NetWeaver Practice Unit Enterprise Portal, SAP Deutschland AG & Co. KG Summary Integrating Microsoft Exchange using Outlook Web Access allows portal users to access their Microsoft Outlook e-mail, task, contact and calendar information. The Web interface of Microsoft Outlook Web Access (OWA) for Exchange 2003 can be customized so that single folders can be made available only. SAP delivers the application integrator iview template that can be used for quickly integrating the inbox, calendar, task, and contacts folders into SAP Enterprise Portal. Beside the front end integration a new SAP Logon Ticket Kerberos Ticket bridging mechanism allows SAP Enterprise Portal to provide SSO to Microsoft Outlook Web Access also in extranet scenarios. Applies to SAP Enterprise Portal 6.0 SP2 Patch 4 or higher Microsoft Outlook WebAccess for Exchange 2003 Keywords Outlook WebAccess, SSO22KerbMap Module Level of difficulty Technical consultants, Developers Contact For feedback or questions you can contact the Collaboration Technology Support Center at ctsc@sap.com. Please check the.net interoperability area in the SAP Developer Network http://www.sdn.sap.com/sdn/developerareas/dotnet.sdn for any updates or further information. 1

Copyright 2004 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iseries, pseries, xseries, zseries, z/os, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, and Informix are trademarks or registered trademarks of IBM Corporation in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden. SAP, R/3, mysap, mysap.com, xapps, xapp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. 2

Contents Summary...1 Applies to...1 Keywords...1 Level of difficulty...1 Contents...3 Outlook WebAccess...4 Integrating single OWA components...6 Exchange Alias... 6 Localization... 7 Configuration of Outlook Web Access iviews...8 Single Sign-on...9 Conclusion...11 References...11 3

Outlook WebAccess Microsoft Exchange Server supports the deployment of Exchange in a manner that distributes server tasks among front-end and back-end servers. A front-end server accepts requests from clients, performs the authentication and distributes them to the appropriate back-end server for processing. Microsoft Exchange Front-End and Back-End Server Architecture Firewall Exchange front-end servers Global catalog server Client Extranet Exchange back-end servers Client - Intranet SAP AG 2004, MS ADS & SSO, Andre Fischer / Michael Sambeth / 45 Figure 1 Microsoft Exchange Front-End and Back-End Server Architecture The frond-end server can be accessed using the URL http://<server_hostname>:<port>/exchange. 4

Figure 2 Outlook Web Access 2003 Outlook Web Access now more closely matches the Outlook 2003 user interface (see Figure 2 Outlook Web Access 2003). Outlook Web Access 2003 allows users the selection of different pre-defined color schemes for their Outlook Web Access experience. The Administrator can however define which of the color schemes is used as default. The default color scheme can be assigned using the Outlook Web Access Web Administration tool provided by Microsoft that allows a preview so that one can see what it will look like. If installed it allows the administration of Outlook Web Access using the URL https://servername/owaadmin. 5

Integrating single OWA components If single OWA components such as the calendar should be integrated as single iviews into the SAP Enterprise portal one faces two problems: 1. The URL that is used to access a single OWA component like the calendar must contain the name of the Exchange Alias. The Exchange Alias is stored in the attribute mailnickname in Active Directory. 2. The URL to access a single OWA component like the calendar is also localized and will usually depend on the default language used by a client in its browser settings when the client logs on the first time to Outlook WebAcces. The URL for a English localization would be http://<server_hostname>:<port>/exchange/myexchangealias /Calendar/?cmd=contents. while for a German localization the name of the URL would be http://<server_hostname>:<port>/exchange/myexchangealias /Kalender/?cmd=contents. Exchange Alias In a default portal configuration the samaccountname is used as the portal user id. In many customer installations the samaccountname contains the same value as the attribute mailnickname. In this case the portal user id can be used to retrieve the Exchange Alias. However it is not mandatory to use the samaccountname as the mailnickname. Moreover it is possible to use any user attribute as portal user id. This is very likely for multi domain scenarios. Since the samaccountname is unique only on domain level an attribute like the userprincipalname has to be used as portal user id that is unique in the complete forest. The UME can be configured to provide access to any number of arbitrary user LDAP attributes. This is accomplished by editing the datasourceconfiguration.xml file associated with the LDAP Server. If the portal is configured to retrieve the attribute mailnickname for a new portal user attribute called myexchangealias this value can dynamically be inserted into the URL that is called by an iview based on the SAP Application Integrator component using the syntax <User.myexchangealias>. The data source configuration file has to be changed as follows. <responsiblefor> <principal type="user"> <namespaces> <namespace name="com.sap.security.core.usermanagement"> <attributes> <attribute name=" myexchangealias"/> </attributes> <attributemapping> <principals> <principal type="user"> <namespace name="com.sap.security.core.usermanagement"> 6

<attributes> <attribute name= myexchangealias > <physicalattribute name="mailnickname > </attribute> </attributes> </namespace> Figure 3 UME data source configuration file Localization When a user is created in Active Directory the mailbox in Exchange 2000/2003 is not created until the user first logs on to the mailbox. Depending on the settings for the default language used in Internet Explorer when the user does access Outlook Web Access the first time the folders will be created. An example of the portalized Outlook WebAccess calendar component (with German localization) is shown in the following figure. Figure 4 OWA iview (German localization) In the example above a German localization is used. Since the URL used by an iview has to contain the folder name this results into different URL s if several localizations of Outlook WebAccess are used. 7

If the folder names were already set and you want to change them a procedure has been described in the document Dealing with Localization of Outlook Folders that is mentioned in the reference. Configuration of Outlook Web Access iviews iviews that are created from the generic template of the SAP Application Integrator component can be used for quickly integrating the inbox, calendar, task, and contacts folders on the Microsoft Exchange Server. You can integrate this iview into a SAP Enterprise Portal framework page. Proceed as follows to configure an OWA iview for displaying the calendar folder for an NT user that is using an folder structure with English localization: 1. Select New From Portal Archive and then iview. (Do not select New.) 2. Select the SAP Enterprise Portal application com.sap.portal.appintegrator.sap and choose Next. 3. On the next screen, choose Generic and Next. 4. On the iview Wizard, enter the iview Name and ID for the new namespace, and choose Next. 5. Select Open for editing when wizard completes, and choose Finish. 6. In the Property Editor for Property Category choose Show All. 7. Scroll down and set the iview property URL template as URL to your target application. You configure the following link as follows: a. If the portal user id is the same as the exchange alias: http://<server_hostname>:<port>/exchange/<user.userid>/calendar/?cmd=cont ents b. If the portal user id is NOT the same as the exchange alias the value has to be retrieved by UME as described in section above: http://<server_hostname>:<port>/exchange/<user.myexchangealias>/calendar/?cmd=contents 8. Replace <server_hostname> and <port> with the Outlook Web Access server name and port. 9. Save the iview. 8

Single Sign-on Outlook Web Access supports Windows integrated authentication as the main SSO method. However this can only be used in intranet scenarios since Kerberos does not work well across the Internet due to client side firewall configuration and because Windows integrated authentication requires that client and server reside in trusted domains. To overcome this limitation Microsoft has enhanced its implementation of the Kerberos protocol. Using constrained delegation a service may request a (constrained) Kerberos ticket on behalf of a user for specified services only. Using protocol transition it is possible that the client may be authenticated using other methods than Kerberos. Based on this technology SAP has developed an ISAPI Filter called SSO22KerbMap Module. Outlook Web Access using SSO22KerbMap Module Exchange Frontend Server passthrough authentication Check SAP Logon Ticket 1 Exchange Backend Server(s) 3 SSO22KerbMap Module Impersonation Kerberos ticket SSO22KerbMap Module 2 Active Directory Check if server is trusted for delegation SAP AG 2004, MS ADS & SSO, Andre Fischer / Michael Sambeth / 48 Figure 5 SAP Logon Ticket Kerberos Ticket Bridging The ISAPI Filter allows the authentication using SAP Logon Tickets (protocol transition). Based on this authentication the filter can acquire a Kerberos Ticket on behalf of the user that is authenticated by the SAP Logon Ticket (constrained delegation). The ISAPI Filter must be installed on each exchange back-end server. Thus configuration changes have to be applied to all backend server(s). This is because windows integrated authentication cannot be used for Exchange front-end servers. A detailed description of the SSO22KerbMap Module can be found in the Collaboration Brief Using SAP Logon Tickets for Single Sign on to Microsoft based web applications 9

Spelling checker By default, the spelling checker is available to OWA users as soon as you install Exchange 2003 on the server. If the spelling checker is used then the virtual directory /Exchweb is accessed by users via the URL http://<server_hostname>:<port>/exweb in addition to the virtual directory /Exchange. If SSO using Windows integrated authentication should be used one has to make sure that the security settings of the virtual directory /Exchweb is configured the same way for windows integrated authentication as it is done for the virtual directory /Exchange. If like in the following example the virtual directory /Exchweb is not configured for windows integrated authentication one gets the following error message. This has to be considered especially if the SSO22KerbMap Module is used. Figure 6 Spelling checker in Outlook Web Access 2003 Authentication error 10

Conclusion Outlook Web Access can be seamless integrated into SAP Enterprise portal. No additional software has to be installed on the front ends to enable this integration. For the visual integration into the portal UI the application integrator iview template can be used. The new SSO capabilities that are available with the SAP SSO22KerbMap Module allow SSO from the SAP Enterprise Portal to Microsoft Outlook Web Access now also in extranet scenarios. References Integrating MS Exchange Using Outlook Web Access http://help.sap.com/saphelp_nw04/helpdata/en/bd/48043196af764b96933827123493 6a/frameset.htm Step-by-Step Guide: SSO22KerbMap ISAPI Module Collaboration Brief Using SAP Logon Tickets for Single Sign on to Microsoft based web applications How to Change the Outlook Web Access Logon Page http://support.microsoft.com/?kbid=321832 Customizing Microsoft Outlook Web Access http://www.microsoft.com/downloads/details.aspx?familyid=6532e454-073e-4974- A800-1490A7CB358F&displaylang=en Exchange Server 2003 Technical Documentation Library - What's New in Exchange Server 2003 http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/default.mspx Exchange 2003: Outlook Web Access Web Administration http://www.microsoft.com/downloads/details.aspx?familyid=4bbe7065-a04e-43ca- 8220-859212411E10 Dealing with Localization of Outlook Folders http://www.msexchange.org/tutorials/localization_outlook_folders.html Overview of the spelling checker in Outlook Web Access for Exchange Server 2003 http://support.microsoft.com/default.aspx?scid=kb;en-us;825430 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information