Thanks Saurabh for the suggestion. i would agree with your approach.

Concern :

Your suggestion works perfectly if there is requirement for only one tile scenario. But if i have to implement the same for 5 tiles, is it advisable to create 5 separate custom tiles ? Instead can this be handled from backend approach through SICF settings ???. it would be a one time setting in the backend(make changes to sicf services of corresponding applications) and we could able to get it ??

Analysis :

STEP-1 :  i called the PAYSTUBS Fiori Launchpad and came to a conclusion that the ODATA                          Service HCM_MY_PAYSTUBS_SRV is getting called. 

STEP-2: i went to sicf transaction and checked this odata service path as /default_host/sap/opu/odata/sap/HCM_MY_PAYSTUBS_SRV.

STEP-3 i could able to see a handler class /IWFND/CL_SODATA_HTTP_HANDLER(this handler class is called couple of times)

STEP-4 i went to error pages tab ---> system Logon -----> selected System logon check box ----> Configuration(clicked)

STEP-5 i maintained global settings as it is(This would ensure that a logon is required before accessing the OData Service)

STEP-6 i tested the odata service. (Right click on service and Test Service)

STEP-7 before service gets called i can able to get the logon screen which i maintained in step 5 and once i authenticate, it is working fine in the backend.

Problem :

1) Now i want the same login page(which i could see in step 7) to be displayed After i click on MyPaystubs tile and before displaying the data of the My Paystubs App. Unfortunately it is directly displaying the data without asking for the login credentials as specified in the Backend.

2) In the backend it is asking for password and in the front end it is not asking for the password. Iam getting confused with these settings..

Do i need to maintain any additional settings. am i missing any thing.... ?

Please give some suggestions. Thanks.

Regards,

Siddarth Kabde

When you right click on the service's SICF node and do Test Service it will open up in the browser and as expected display the logon page for you to authenticate to the server. But when you open the tile from the launchpad (from the front end server) the request to the OData from the back end server does not ask for additional authentication due to the trusted RFC setup between the front end and back end servers using a RFC destination that is setup on the front end system.

Hi Siddarth,

How about just creating additional system alias which does not use the trusted RFC?

Regards,

Masa / SAP Technology RIG

Hi Mayasuki,

thanks for the advice.

I have tried creating an additional alias for the system.

---> to this alias, i have also created another RFC connection pointing HCM system which was not trusted(i.e SMT1 settings if iam not wrong). It gave to "Trusted RFC Error".

---> to this alias, i have added existing RFC Connection which was trusted, it again takes me to the data.

Idea here is after i click on tile it should prompt for a popup or a new page which asks for an additional password.

i have to capture this password and validate(LDAP) it through some custom code(and not standard sap validation)

once i validate then only it should navigate to the My Paystubs App.

My Inferences :

1) this is an odata service. so it is in the path defaulthost/sap/opu/odata/hcm_my_paystubs_srv. this     sicf service has single handler class i.e "/IWFND/CL_SODATA_HTTP_HANDLER". this class           triggers every time for every round trip.

   i added another handler class with interface IF_HTTP_EXTENSION to this sicf node but it never          gets called.

2) i tried changing various logon procedures. for saml, rfc, kind of procedures, it prompted                     unauthorized. when i used basic, Http, procedures, i could not able to find a solution.

3) i tried changing System logon settings as well in the logon errors sub-tab of Error pages main          tab.

My Questions :

1) is it possible to achieve my requirement with the approach(sicf) iam following because i have been told that it is possible but not how

Your views, ideas and advices will be helpful in achieving this if it is possible. Thanks

Regards,

Siddarth Kabde.

Hi Siddarth,

Please upload a screenshot of the RFC destination.

Regards,

Masa / SAP Technology RIG

Hello Mayasuki.

Scenario 1 : (New system Alias, new RFC, Testing)

    ---> Created new RFC Connection in gateway server pointing to backend.

   ----> created another SAP System Alias  H03_ALIAS1

   ----> Gateway Settings H03_DE1.

---> there is no entry for this RFC in SMT1 Settings.

---> changed the Alias for the odata service in the maintenance.

---> testing. Got below error.

Approach 2 :

testing with the new alias and RFC destination which was in SMT1 Settings.

it is displaying the data.

but how can i link this new alias and RFC connection to the scenario with iam developing. please let me know if any things else is needed. Thanks

Regards,

Siddarth Kabde.

Hi Siddarth,

Please share a screenshot from SM59. I think H03FIORITEST has incorrect setting.

Regards,

Masa / SAP Technology RIG

Hello Masa,

i checked the settings, i have checked the current user check box and checked the Trust Relation radio button.

Now i am not getting any error while opening my paystubs app in the fiori launchpad and i can able to display the data.

Please check the settings.

what else do i need to do to add some custom functionality(a screen with two input fields) for password validation before the app opens. please let me know. Thanks

Regards,

Siddarth Kabde.

Hi Siddarth,

Set the Trust Relationship = No

Uncheck the Current User

Use and Password should be blank.

Test the remote logon, system will ask user and password.

Regards,

Masa / SAP Technology RIG