How to enable ESS for employees from home

Former Member · ‎09-22-2011

Hi,

I am new to this forum ... I tried to search for my question, but didn't see anything related yet.

We would like to make our ESS Portal available to employees from home over their home wireless.

Ideally, employees would not need to be VPN-connected to login with their SAP userid/password.

Also, we may have to select only specific portions of the portal to make available.

We have been having issues with certificates and SSL configuration for this, in addition to limitations with inactivity timeouts for the Portal.

Has anyone done this?

What resources did you use or did you have to engage consulting services?

If so - would be willing to share lessons learned about this and how it's working for you?

Thanks,

Anita Bateman

Former Member · ‎09-22-2011

for "Also, we may have to select only specific portions of the portal to make available.", you need to assign roles(PCD or UME), as required, so as to make specific portions available.

for SSL , EP consultant needs to be reached out. make sure parameter is as below:

login/accept_sso2_ticket = 1.

login/create_sso2_ticket = 0

Former Member · ‎09-23-2011

login/accept_sso2_ticket = 1.

So, you want to configure an ABAP SAPLogon Ticket to be sent from the user's home network to the company ESS (Java) Portal?

Besides the technical challenges you will face with this, which system is going to issue this logon ticket at home? (not all users have their own data centers at home..

Cheers,

Julius

Former Member · ‎09-23-2011

Many companies do this and there is plenty of documentation, but the big question is: who is going to issue the SSL client certificate and do you want mutual authentication (SSO) or only SSL with password to the portal?

Where is the timeout happening? (you will need to provide more information about webdispatcher or error messages).

Cheers,

Julius

tim_alsop · ‎09-23-2011

Hi,

If you do not want to use a VPN, then you need to allow access to the portal over Internet, so portal would be installed in DMZ. You would use a server side SSL cert to give you SSL and then all browser communication with the portal will be encrypted. For user authentication, you can use any method supported by the portal, e.g. using SAP passwords. If you want a stronger method of authentication, or if you want to use Active Directory accounts for users to login to portal so the users can logon using the domain account they are used to using from the office network, then you might need to look at using a third-party product to help with this.

If you want users to login to ABAP stack using browser then you can also make this work using portal authentication by using redirection.

Thanks,

Tim

Former Member · ‎09-23-2011

Thank you Plaban, Julius and Tim! You have given me a few items for me to start with.

Julius - if there specific documentation that you would recommend, please advise.

My Basis team has not been successful in getting this configured yet and has been challenged with the SSL setup for ESS.

Tim -- by Portal in the DMZ ... have you seen this done with the Portal server on the inside and a web proxy in the DMZ?

Thanks,

Anita

Former Member · ‎09-23-2011

You will need to first tell us where the problem is.

"SSL does not work" is not a problem..

Documentation: help.sap.com

Cheers,

Julius

tim_alsop · ‎09-23-2011

Anita,

Setting up SSL with SAP NetWeaver is well documented in help.sap.com and easy to setup.

Yes, i have seen many customers using portal in DMZ with a web proxy.

Tim

Former Member · ‎09-23-2011

Thanks! Let me try to get some more details and come back... appreciate it.

-Anita