cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL configuration for the ECC system

Go to solution
Former Member

on ‎04-05-2011 10:23 AM

0 Kudos

Hi Experts,

As suggested in the Duet Enterprise landscape, we have one SCL system where NW 7.2 is installed and one ECC system which acts as a backend system.

I have installed Duet Enterprise using "Installation Wizard" and the installation is successful. But i have few doubts regarding the communication between SCL and ECC system.

1. The HTTP RFC destination created in ECC system to connect to SCL system (say NW1CLNT001-HTTP) -

---> What should be the logon procedure for this one? Should it be "No Logon" or "Basic Authentication" ??

---> Should it have "Send SAP Logon Ticket" checkbox checked? -- By default it is unchecked.

---> Whether SSL should be "Active" or "Inactive"? -- By Default it is Inactive.

Also is it mandatory to have HTTPS configured in the ECC system i.e. backend system or not ? In my system, it seems SSL is not configured in the backend system. And during installation as well, i have specified "not secure" communication between SCL and backend system.

Thanks,

Ramanath.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-05-2011 10:48 AM
0 Kudos

Hi Ramanath,

to answer your questions:

1. The HTTP RFC destination created in ECC system to connect to SCL system (say NW1CLNT001-HTTP) - 
---> What should be the logon procedure for this one? Should it be "No Logon" or "Basic Authentication" ??

It does not really matter. The Wizard creates the RFC destination with "Basic Authentication"

---> Should it have "Send SAP Logon Ticket" checkbox checked? -- By default it is unchecked.

That is strange. The Wizard should have checked this setting (and why the first setting does not really matter). Send SAP Logon Ticket should be checked!

---> Whether SSL should be "Active" or "Inactive"? -- By Default it is Inactive.

This depends on the way how you have configured the SCL. If your company security settings do not require it, I would recommend to have SSL as "Inactive" (this is a setting in the second configuration screen "Security Configuration" -> Enable SSL Communication from backend). 

Also is it mandatory to have HTTPS configured in the ECC system i.e. backend system or not ? In my system, it seems SSL is not configured in the backend system. And during installation as well, i have specified "not secure" communication between SCL and backend system

No, SSL is not required in the backend system. Only on the SCL -- where SSL is a requirement for the SAML configuration to SharePoint -- do you have to use it.

Regards,

Holger.

Show replies
Show replies
Former Member
‎04-05-2011 12:00 PM
0 Kudos

Hi Holger,

Thank you very much for the detailed explanation.

I am able to test the HTTP destination now.

~ Ramanath.

Former Member
‎04-28-2011 9:52 AM
0 Kudos

Hello Ramanath

What should be the respons from the test? Because when I do a test, I am getting following result:

Status HTTP Respons - 404

Status Text - Not Found

In respons body, I have following info:

Service cannot be reached

What has happened?

URL http://MMMMMMMMM.NNNNN.XXXXXXXX.COM:8011/ call was terminated because the corresponding service is not available

Note

The termination occurred in system DUE with error code 404 and for the reason Not found.

The selected virtual host was 0 .

What can I do?

Please select a valid URL.

If it is a valid URL, check whether service / is active in transaction SICF.

If you do not yet have a user ID, contact your system administrator.

Error Code: ICF-NF-http-iMMMMMMMMM_DUE_11-v0-d20110428-t094704-s404-rNot found-X:8489DBF0CF771ED09CAE82E23D4E3862_8489DBF0CF771ED09CAE82E2386C3862_1-x:177471E0EA11F17698628489DBF0CF77

HTTP 404 - Not found

Your SAP Internet Communication Framework Team

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

I checked the services on SCL and each service is started in SICF

any suggestions?

Regards

Tariq

Former Member
‎04-28-2011 11:48 AM
0 Kudos

Hi Tariq,

which RFC destination are you currently testing? Depending on the RFC destination you might have to provide a Path Prefix just for testing purposes.

Regards,

Holger.

Former Member
‎04-28-2011 12:55 PM
0 Kudos

Hi Holger

The RFCs I am testing are these:

-

RFC Destination: E60F4E31BF101EE099EC17F2C5292769

Connection Type: G HTTP Connection to External Serv

Description: Automatic Web Service Configuration

Target System Settings:

Target Host: <SHAREPOINT-SERVER> -

Port: 20001

Path Prefix: /_vti_bin/OBAWorkflowService.asmx

Logon Procedure:

Logon with User:

Basic Authentication

....... User: <DOMAIN\USER>

PW Status: SAVED

Logon with Ticket:

Do Not Send Logon Ticket - is selected

-

RFC Destination: E60F4E31BF101EE099EC17F2C52AE769

Connection Type: G HTTP Connection to External Serv

Description: Automatic Web Service Configuration

Target System Settings:

Target Host: <SHAREPOINT-SERVER> -

Port: 20001

Path Prefix: /_vti_bin/OBAFileReceiver.asmx

Logon Procedure:

Logon with User:

Basic Authentication

....... User: <DOMAIN\USER>

PW Status: SAVED

Logon with Ticket:

Do Not Send Logon Ticket - is selected

-

Regards

Tariq

Former Member
‎04-29-2011 9:31 PM
0 Kudos

Hi,

so you are testing the services that point to the SharePoint server. I assume you have used the Wizard to create these entries.

Are these URLs already configured in SharePoint? Can you open these URLs in a browser? What is the result (you migh thave to add the ?WSDL after the .asmx).

Regards,

Holger.

former_member855349
Explorer
‎10-04-2011 10:08 AM
0 Kudos

Hi Holger,

I am in the middle of the configuration of Duet Enterprise 1.0.

I am confused how will i sync SAP backend system users to SCL(N.w 7.02) & Sharepoint server.

In our scenario users in SAP and Active Dircetory are different.

Please suggest.

Thanks & regards,

Piyush Sethi

adam_smith7
Participant
‎10-04-2011 11:29 AM
0 Kudos

HI Piyush Sethi

See 2.6.2 on pg35 of the configuration guide.

You can maintain the users in the table VUSREXTID with work area SA. for example:

SharePoint::demo\demosp2010 SAPUSER x

SharePoint::demo\usersp2010 SAPUSER2 x

Regards

Adam

former_member855349
Explorer
‎10-04-2011 12:09 PM
0 Kudos

Adam,

Thanks for the reply.

But as per my understanding:

1. if users in sharepoint and SCL server is same. i do not need to connect the SCL

to the Active directory domain service to perform mapping. Instead i can use BADI for that.

In my scenario users in sharepoint and SCL servers are not same, so i believe i need to perform "active directory service mapping" .

But how i will link SAP(backend) systems user to Sharepoint and SCL server.

I am using wizard for the configuration and i am confused at this step.

Please clear my doubt, it will be very helpful for me.

Regards,

Piyush Sethi

brian_finnerty
Explorer
‎10-04-2011 1:10 PM
0 Kudos

Hello Piyush,

If the users in SAP and Active Directory are different also, then usually the SAP names are stored in an attribute in the AD user settings. In order to connect to map this attribute you must configure a connection to AD which is described in the Install Guide.

First setup an RFC connection in SM59... then in the SIMGH go to "Configure LDAP Server for Mapping Users".

Once the connection is maintained, you can define which field contains the SAP user in the AD. The config step is "Select User Mapping Type". Once this is done, you can go to the 3rd step which is "Map User names to Consumer".

This is the only configuration you need to do with backend users and Sharepoint.

There is no step where mapping of SCL users to backend users is performed.

I hope this is clear to you.

Kind regards

Brian Finnerty

former_member855349
Explorer
‎10-07-2011 8:57 AM
0 Kudos

Hi Adams,

Thanks for the update.

Its cleared to me now,But i am not able to see sap users entry can you please tell me the path also. It would be greatful.

Regards,

Piyush

binson
Advisor
Advisor
‎10-14-2011 9:29 AM
0 Kudos

Hi Piyush,

I hope that your last question is regarding how to find SAP user name in Active Directory user settings.

For this you can either your tools like [LDAP Browser|http://www.ldapbrowser.com/download.htm] or you can login to the active directory and use u201Cadsiedit.mscu201D to see the user properties. For eg. if the sap user name is maintained under samAccountName attribute then navigate to u201CUsersu201D node in LDAP browser or in ADSIEDIT.msc and then open user account property window. There you will be able to find out the value.

Regards,

Binson

Answers (0)

Ask a Question