How-To Guide SAP Cloud for Customer Document Version: How to Configure SAP HCI Basic Authentication for SAP Cloud for Customer

Similar documents
How-To Guide SAP Cloud for Customer Document Version: How to Configure SAP HCI basic authentication for SAP Cloud for Customer

How-To Guide SAP NetWeaver Document Version: How To Guide - Configure SSL in ABAP System

How-To Guide SAP Cloud for Customer Document Version: How to replicate marketing attributes from SAP CRM to SAP Cloud for Customer

How to Configure an Example SAP Cloud Applications Studio (PDI) Solution for SAP Cloud for Customer

How to Extend SAP Cloud for Customer - SAP On- Premise Pre-Packaged Integration Content (PI/HCI)

How to Configure Integration between SAP Cloud for Customer and SAP hybris Marketing

How-To Guide SAP Cloud for Customer Document Version: How to Perform Initial Load of data from SAP ERP to SAP Cloud for Customer

How to Implement Mash Up to Show ECC Screen in SAP Cloud for Customer

SEPA in SAP CRM. Application Innovation, CRM & Service Industries. Customer

How-to-Guide: SAP Web Dispatcher for Fiori Applications

R49 Using SAP Payment Engine for payment transactions. Process Diagram

SAP HANA Cloud Integration CUSTOMER

Installation Guide: Agentry Device Clients SAP Mobile Platform 2.3

SFSF EC to 3 rd party payroll Integration Software and Delivery Requirements

Getting Started with the License Administration Workbench 2.0 (LAW 2.0)

Data Integration using Integration Gateway. SAP Mobile Platform 3.0 SP02

SAP Sales and Operations Planning

Upgrade: SAP Mobile Platform Server for Windows SAP Mobile Platform 3.0 SP02

Complementary Demo Guide

PUBLIC Connecting a Customer System to SAP HCI

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

Mobile Secure Cloud Edition Document Version: ios Application Signing

Software and Delivery Requirements

Setting up Visual Enterprise Integration (WM6)

Landscape Design and Integration. SAP Mobile Platform 3.0 SP02

Integration capabilities of SAP S/4HANA to SAP Cloud Solutions

SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

Ariba Procure-to-Pay Integration rapiddeployment

CUSTOMER Mobile Place Branding Guide

SAP Operational Process Intelligence Security Guide

SAP Cloud for Customer integration with SAP ERP: Software and Delivery Requirements

Installing and Configuring the HANA Cloud Connector for On-premise OData Access

Phone Manager Application Support OCTOBER 2014 DOCUMENT RELEASE 4.1 SAGE CRM

Extend the SAP FIORI app HCM Timesheet Approval

Create and run apps on HANA Cloud in SAP Web IDE

Multi Channel Sales Order Management: Mail Order. SAP Best Practices for Retail

SAP Landscape Transformation (SLT) Replication Server User Guide

R/3 and J2EE Setup for Digital Signature on Form 16 in HR Systems

FA7 - Time Management: Attendances/Absences/Overtime/Hajj Leave. Process Diagram

Remote Connectivity Infrastructure

SAP BusinessObjects Business Intelligence Suite Document Version: 4.1 Support Package Patch 3.x Update Guide

Integration Capabilities of SAP S/4HANA to SAP Cloud Solutions

GR5 Access Request. Process Diagram

Building the SAP Business One Cloud Landscape Part of the SAP Business One Cloud Landscape Workshop

K75 SAP Payment Engine for Credit transfer (SWIFT & SEPA) Process Diagram

SAP Fiori Infrastructure rapid-deployment solution: Software and Delivery Requirements

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

Citrix Receiver. Configuration and User Guide. For Macintosh Users

Software and Delivery Requirements

CUSTOMER Access Control Guide

Understanding Security and Rights in SAP BusinessObjects Business Intelligence 4.1

How To Use the ESR Eclipse Tool with the Enterprise Service Repository

SAP MII for Manufacturing rapid-deployment solution: Software Requirements

Price and Revenue Management - Manual Price Changes. SAP Best Practices for Retail

CUSTOMER SAP Afaria Windows Phone and Windows 8.1 Enrollment

Configuring Java IDoc Adapter (IDoc_AAE) in Process Integration. : SAP Labs India Pvt.Ltd

How-To Guide for SAP Advanced Planning and Optimization, Demand Planning Add-In for Microsoft Excel

Software and Delivery Requirements

SAP BusinessObjects Design Studio Document Version: What's New Guide: SAP BusinessObjects Design Studio

Manual to Access SAP Training Systems Technical Description for Customer On-Site Training

Creating a Fiori Starter Application for sales order tracking

Work Ticket Integration Between SAP Cloud for Customer and SAP ERP Quick Start Guide

Configuring Secure Network Communications for SAP

How to Schedule Report Execution and Mailing

Provisional Master Data in Integrated Business Planning for SAP Simple Finance An Example-Based How-To Guide

SAP BusinessObjects Business Intelligence 4 Innovation and Implementation

Mobile app for Android Version 1.2.x, December 2015

Developing Applications for Integration between PI and SAP ERP in Different Network Domains or Landscapes

SAP Project Portfolio Monitoring Rapid- Deployment Solution: Software Requirements

Rapid database migration of SAP Business Suite to SAP HANA (V4.10): Software and Delivery Requirements. SAP HANA November 2014 English

SAP ERP E-Commerce and SAP CRM Web Channel Enablement versions available on the market

Single Sign-On between SAP Portal and SuccessFactors

SAP Business One mobile app for Android Version 1.0.x November 2013

Mobile app for Android Version 1.0.x, January 2014

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Streamline Processes and Gain Business Insights in the Cloud

SuccessFactors HCM Suite August 2014 Release Document Version: August 22, SuccessFactors Learning Programs Administration Guide

SAP Payroll Processing control center rapiddeployment

Power Smart Business Operations with Real-Time Process Intelligence

SAP HANA Big Data Intelligence rapiddeployment

How-to guide: Monitoring of standalone Hosts. This guide explains how you can enable monitoring for standalone hosts in SAP Solution Manager

ADFS Integration Guidelines

SuccessFactors HCM Suite November 2014 Release Version: December 5, SuccessFactors Learning Programs Administration Guide

ABAP SQL Monitor Implementation Guide and Best Practices

Set Up Hortonworks Hadoop with SQL Anywhere

Phone Manager Application Support JANUARY 2015 DOCUMENT RELEASE 4.2 APPLICATION SUPPORT

How To Make Your Software More Secure

Transform HR into a Best-Run Business Best People and Talent: Gain a Trusted Partner in the Business Transformation Services Group

SM250 IT Service Management Configuration

SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features

Partner Certification to Operate SAP Solutions and SAP Software Environments

MultiSite Manager. Setup Guide

InfiniteInsight 6.5 sp4

Two UX Solutions Now Included with SAP Software

Transcription:

How-To Guide SAP Cloud for Customer Document Version: 2.0-2014-04-23 How to Configure SAP HCI Basic Authentication for SAP Cloud for Customer

Document History Document Version Description 1.0 First official release of this guide How to Configure SAP Web Dispatcher as Reverse Proxy for SAP CRM or ECC Systems Using SAP HCI Document History 2014 SAP AG or an SAP affiliate company. All rights reserved. 2

Table of Contents 1 Business Scenario... 4 2 Prerequisites... 4 3 Concept... 4 4 Step-by-Step Procedure... 6 4.1 Configure Basic Authentication for an Integration Flow where SAP ERP is the Sender and SAP Cloud for Customer is the Receiver.... 6 SAP Cloud for Customer Configuration: Enable Basic Authentication in Inbound Communication Arrangement... 6 SAP On-Premise Configuration: Enable Basic Authentication in HTTP Destinations for External System... 7 SAP HCI Configuration: Configure the Sender Application to use Basic Authentication... 8 SAP HCI Configuration: Deploy Cloud Credential Artifacts... 9 SAP HCI Configuration: Configure the Receiver Application to Use Basic Authentication... 12 SAP HCI Configuration: Deploy project from Eclipse to SAP Hana Cloud Integration... 14 SAP HCI Configuration: Check if the projects got deployed from the Deployed Artifacts... 15 4.2 Configure Basic Authentication for an Integration Flow where SAP Cloud for Customer is the Sender and SAP ERP is the Receiver... 17 SAP HCI Configuration: Configure the Sender Application to use Basic Authentication... 17 SAP HCI: Deploy ERP Credential Artifacts... 18 SAP HCI Configuration: Configure the Receiver Application to Use Basic Authentication... 19 SAP HCI and SAP ERP: Establish trust... 19 How to Configure SAP Web Dispatcher as Reverse Proxy for SAP CRM or ECC Systems Using SAP HCI Table of Contents 2014 SAP AG or an SAP affiliate company. All rights reserved. 3

1 Business Scenario You can now use of the basic authentication connectivity option in SAP HANA Cloud Integration, in addition to the existing certificate based connectivity option, for communicating between your SAP on-premise and SAP Cloud for Customer application. 2 Prerequisites 1. SAP SCN User id/password using http://scn.sap.com. 2. Assign role to enable Basic Authentication(Raise a CSS ticket in component LOD- HCI to assign role esbmessaging.send) 3. Installation of SAP HANA Cloud Integration Eclipse tooling. 4. End points for services are maintained (described in integration configuration guides and other C4C HCI guides). 3 Concept To establish basic authentication it is necessary to consider two aspects, a. SSL trust between servers b. Basic Authentication setting for client authentication Business Scenario 2014 SAP AG or an SAP affiliate company. All rights reserved. 4

Basic authentication for HTTPS-based inbound calls works the following way: 1. The (sender) participant sends a message to SAP HCI. The HTTP header of the message contains user name and password. 2. SAP HCI authenticates itself against the participant when the connection is being set up (SSL handshake). In this case, SAP HCI acts as server (BigIP load balancer) and the SSL handshake is based on certificates. 3. Authentication of the participant: The identity of the participant is checked by SAP HCI evaluating the credentials against the user stored in the SCN data base. 4. Authorization check: The permissions of the sender participant are checked in a subsequent step according to roles assigned to the user. Basic authentication for HTTPS-based outbound calls works the following way: 1. The (sender) participant sends a message from SAP HCI. The HTTP header of the message contains user name and password from the deployed artifact. 2. SAP Cloud for Customer authenticates itself against the participant when the connection is being set up (SSL handshake). In this case, SAP Cloud for Customer acts as server and the SSL handshake is based on certificates. 3. Authentication of the participant: The identity of the participant is checked by SAP Cloud for Customer by evaluating the credentials against the user stored in the Cloud Application certificate store. Concept 2014 SAP AG or an SAP affiliate company. All rights reserved. 5

4. Authorization check: The permissions of the sender participant are checked in a subsequent step according to roles assigned to the user. The following diagram is a brief summary on what users are used when and the major steps this guide covers. 4 Step-by-Step Procedure This step-by-step procedure describes steps required when the integration flow is from on-premise to cloud, and step-by-step required when the communication is from cloud to on-premise. The example used is SAP ERP to SAP Cloud for Customer and SAP Cloud for Customer to SAP ERP. The steps are the same when using SAP CRM. 4.1 Configure Basic Authentication for an Integration Flow where SAP ERP is the Sender and SAP Cloud for Customer is the Receiver. The following steps describe what must be done for an integration flow that uses basic authentication from SAP ERP to HCI and from HCI to SAP Cloud for Customer. SAP Cloud for Customer Configuration: Enable Basic Authentication in Inbound Communication Arrangement 1. Go to the Communication Arrangements under the Administrator Work center and for the Inbound Request, maintain the password for the generated user. Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 6

SAP On-Premise Configuration: Enable Basic Authentication in HTTP Destinations for External System 2. In transaction code SM59 of your on-premise application (RFC Destinations), go to the Logon and Security tab for each of the HTTP destinations. Set the user ID to be the SCN user ID created as described in the prerequisites. 3. Repeat the same steps in by entering the SCN user ID in the user field for all outbound destinations from SAP ERP. Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 7

SAP HCI Configuration: Configure the Sender Application to use Basic Authentication 4. Basic authentication requires Eclipse for the configuration. Open the integration flow. In this example we will use the integration flow for SAP ERP to SAP Cloud for Customer material replication. 5. Select the sender system 6. Select the check box Basic Authentication Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 8

7. Save the iflow. Note that the SCN user ID is not used in the iflow, it is only configured in SAP ERP in the HTTP RFC destination. SAP HCI Configuration: Deploy Cloud Credential Artifacts In order to use basic authentication in HCI for integration flows that are from SAP ERP to SAP Cloud for Customer, the SCN user ID is used for ERP to HCI. For HCI to the cloud the cloud user ID is used. The credentials for SAP Cloud for Customer need to be deployed to HCI. 8. In Eclipse, go to the Integration Operations perspective and select double-click on the runtime node. 9. Click in the Deployed Artifacts tab Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 9

10. Click in the Deploy button 11. Select Basic Authentication and click Next Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 10

12. Select the Type Default, Enter a Name, Description, the User and Password for the user used to connect to SAP Cloud for Customer. 13. Click OK when it finishes the deployment of the artifact 14. Now this artifact will be showed in the deployed artifacts tab Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 11

SAP HCI Configuration: Configure the Receiver Application to Use Basic Authentication 15. So far you have configured the sender (ERP) to use basic authentication and you have deployed the user credential for SAP Cloud for Customer to HCI. In order to use the artifact to login to SAP Cloud for Customer, open the integration flow. 16. Select the connection to the receiver system and double click on it 17. Select the Adapter Specific tab Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 12

18. Select the checkbox option for Connect using Basic Authentication 19. Enter the name of the Basic Authentication artifact that was previously deployed. Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 13

20. Save and close the iflow. SAP HCI Configuration: Deploy project from Eclipse to SAP Hana Cloud Integration 21. Now that both the sender and the receiver are configured to use basic authentication, you can deploy the iflow. 22. Click in the option of Deploy Integration Content Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 14

23. Enter the name of the HCI tenant and click OK 24. Click OK SAP HCI Configuration: Check if the projects got deployed from the Deployed Artifacts 25. Using the Integration Operations perspective, use the Deployed Artifact tab sort the artifact using the Deployed On column to see the latest deployed artifact. Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 15

26. From there you will see all the deployed artifacts and validate that the artifact was deployed. Congratulations! You have now configured and deployed an iflow that uses basic authentication when sending a message from SAP ERP to SAP Cloud for Customer! Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 16

4.2 Configure Basic Authentication for an Integration Flow where SAP Cloud for Customer is the Sender and SAP ERP is the Receiver The following steps describe the required configuration to use basic authentication for integration flows where SAP Cloud for Customer is the sender and SAP ERP is the receiver. SAP HCI Configuration: Configure the Sender Application to use Basic Authentication 1. In this example for cloud to on-premise, we will use the customer master replicate from SAP Cloud for Customer to SAP ERP. The steps for the configuration of the sender application are the same. You select the basic authentication option for the sender application and save the iflow. Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 17

SAP HCI: Deploy ERP Credential Artifacts 2. Deploying the ERP credentials is the same as described in the previous section SAP HCI Configuration: Deploy Cloud Credentials. You can use the steps described previously, the difference will be the information you provide is for the ERP system, using the technical user (for example, CODINTG). Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 18

SAP HCI Configuration: Configure the Receiver Application to Use Basic Authentication 3. The next step is to configure the receiver application for basic authentication. Here the steps are also the same for both directions. The only difference is that you provide the deployed artifact for the ERP system. 4. Once this is completed you can save and deploy your iflow. SAP HCI and SAP ERP: Establish trust For HCI to communicate with on-premise, trust needs to be established, even when basic authentication is used. This requires exporting the server certificate from HCI and importing it into STRUST. This will most likely need to be performed by a BASIS administrator. 5. To establish trust between SAP HCI and SAP ERP or SAP CRM, Open a web explorer and enter the URL of the worker node that was provided in the onboarding email adding the path /cxl at the end, by example https://<host>:<port>/cxf Note: We recommend you do this in Google Chrome. Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 19

HINT: You can get the URL of your worker node from the Integration Operations perspective. Double-click on the IFLMAP node and copy the Dispatcher URL. 6. Once you enter the URL(recommended to do this in Google Chromse), click on the lock icon at the left of the URL and then click in certificate information. 7. From the Certification Path select first root certificate Baltimore CyberTrust Root and click View Certificate Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 20

8. Click in the menu Details and the click the button Copy to file 9. Click Next 10. Select Base-64 encoded x.509 (.CER) and click Next. 11. Select the location of the file and click Next. Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 21

12. Click Finish. 13. Follow the above steps for the second root certificate, Cybertrust Public SureServer SV CA. 14. Login to SAP ERP and go to transaction code STRUST. Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 22

15. Open the SSL Client SSL client Standard PSE 16. In the Certificate area, click in the Import Certificate button. 17. Depending of the format of the certificate, select either Binary or Base64 and find the root certificate used to sign the HCI SSL server certificate (Import the two certificates that were saved in the previous step). Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 23

18. Add the imported certificate into the certificate list clicking in the Add to Certificate List button. 19. Repeat the previous two steps for the second root certificate, and save the changes. Congratulations! You have now configured SAP HANA Cloud Integration basic authentication for use with SAP Cloud for Customer! Step-by-Step Procedure 2014 SAP AG or an SAP affiliate company. All rights reserved. 24

www.sap.com/contactsap www.sdn.sap.com/irj/sdn/howtoguides 2014 SAP AG or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/ index.epx for additional trademark information and notices.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information