Integrating Web Center into NetWeaver

This appendix provides information how to integrate Web Center into NetWeaver 7.0.

Prerequisites

Single sign-on between NetWeaver and Web Center is based on SAP logon tickets and works only if both applications lie in the same domain.For example, if the NetWeaver URL is http://abc.internal.my-company.com:…​, the Web Center URL should be like http://xyz.internal.my-company.com:…​. This requirement can be relaxed to some extent; search for ume.logon.security.relax_domain.level on the SAP community network sites for details.

Web Center Components

This section provides information about components necessary to integrate Web Center into NetWeaver.They are delivered with DirX Identity.

NetWeaver Portal Packages

Web Center delivers the Business Package for DirX Identity to be imported into SAP NetWeaver Portal.

The package contains the portal objects required to access Web Center from within the portal:

  • Two system objects to configure the connection to the Tomcat server hosting the Web Center web applications for administration and self service, respectively.

  • Two roles to be assigned to NetWeaver users giving them access to the Web Center administration and self service, respectively.

  • The worksets and iViews for the Web Center applications.

Web Applications

The web applications sapWebCenter and sapSelfService are customized versions of the standard Web Center applications.The pages they display include only menu, content and footer, but no header.

Integrating Web Center into NetWeaver 7.0

The following figure provides an overview about the steps that must be performed to integrate Web Center into NetWeaver 7.0.

Integrating Web Center into NetWeaver
Figure 1. Integrating Web Center into NetWeaver

As shown in the figure above, integrating Web Center into NetWeaver includes the following steps:

  • Importing the business package into NetWeaver.

  • Configuring the imported objects.

  • Downloading the SAP system certificate to Tomcat.

  • Downloading the SAP SSO native libraries from the SAP Marketplace to the Tomcat server.

  • Configuring Web Center for SAP NetWeaver in the DirX Identity configurator.

  • Copying Web Center Java libraries to Tomcat.

  • Copying web application context descriptor files to Tomcat.

Note that the three products may reside on different hosts, but that the following instructions (as well as the DirX Identity configurator) assume that DirX Identity and Tomcat run on the same host.

The following description of the integration steps is based on a SAP NetWeaver 7.0 (2004s) installation.

Importing the Web Center Package

Before you import the package, remove any previously imported release as described in the section "Removing the Web Center Package from NetWeaver".

Perform the following steps to import the Web Center package into NetWeaver:

  • Log in to the NetWeaver Portal as administrator.

  • Perform the following steps to import the Web Center business package DirX Identity.epa:

    • Go to System Administration -→ Transport -→ Transport Packages -→ Import.

    • Select Client as Source for Package Files.

    • Browse for the file install_path/web/webManagerForSAP-identity_domain/NetWeaver/DirX Identity.epa

    • Click Upload.

    • Click Import.

Configuring Web Center Objects

Perform the following steps to configure the Web Center objects:

  • Log in to NetWeaver Portal as administrator.

  • Configure Tomcat systems:

    • Go to System Administration -→ System Configuration -→ System Landscape.

    • Browse to Portal Content -→ Content Provided by Other Vendors -→ End User Content -→ Siemens: DirX Identity -→ Systems.

    • Open the object DirX Identity Administration.

      • Select the property category System Definition.

      • As name of the server, enter the fully qualified host name of the Tomcat server.

      • Enter the port number of the Tomcat server.

      • Select the appropriate protocol.

      • Save the modifications.

      • Select the display System Aliases.

      • As the alias name, enter Siemens_DirXIdentity_Administration.

      • Click Add.

      • Save the modifications.

      • Select the display Permissions.

      • Search for dirx_* in Roles.

      • Select the role dirx_identity_admin_showcase.

      • Click Add.

      • Set the access rights for the role to Read.

      • Check the End User check box for the role.

      • Save the modifications.

      • Close the object.

    • Open the object DirX Identity Self Service.

      • Select the property category System Definition.

      • As the name of the server, enter the fully-qualified host name of the Tomcat server.

      • Enter the port number of the Tomcat server.

      • Select the appropriate protocol.

      • Save the modifications.

      • Select the display System Aliases.

      • As the alias name, enter Siemens_DirXIdentity_SelfService.

      • Click Add.

      • Save the modifications.

      • Select the display Permissions.

      • Search for dirx_* in Roles.

      • Select the role dirx_identity_user_showcase.

      • Click Add.

      • Set the access rights for the role to Read.

      • Check the End User check box for the role.

      • Save the modifications.

      • Close the object.

  • Assign users to roles dirx_identity_admin_showcase and dirx_identity_user_showcase:

    • Go to User Administration -→ Identity Management.

    • Search for roles with filter dirx_*.

    • Edit dirx_identity_admin_showcase and add users or groups (Web Center administrators)

    • Edit dirx_identity_user_showcase and add users or groups (Self Service users)

Any reimport of the Web Center business package resets the Tomcat systems configuration and the user-role assignments.

Download SAP System Certificate

The certificate is required to verify SAP logon tickets on the Tomcat server.

First, export the certificate from NetWeaver:

  • Log in to the NetWeaver Portal as administrator.

  • Export the certificate to file verify.pse

    • Go to System Administration -→ System Configuration -→ Keystore Administration.

    • Select the option SAPLogonTicketKeypair-cert.

    • Select Download verify.pse File and then save the file.

Then, copy the certificate to the Tomcat server:

  • Create directory tomcat_install_path/conf/sap.

  • Unzip the downloaded archive to tomcat_install_path/conf/sap. The archive contains just the file verify.pse.

  • Make sure the file is accessible to the Tomcat process.

Download Native SAP SSO Libraries

  • Login to SAP Marketplace.

  • Download the package SAP SSO EXT lib for SAP logon ticket verification the operating system of the Tomcat host (do an extended search for SAP software with the filter SAPSSOEXT to find the download page.)

  • Extract the native libraries sapssoext and sapseculib from the package to any folder on the Tomcat host that is included in Tomcat’s PATH. On Windows, for example, you may put the libraries in C:\WINDOWS\system32.

  • Make sure the libraries are accessible to the Tomcat process.

Copy Web Center Java Libraries to Tomcat

  • Copy the following files to folder tomcat_install_path//lib:

    • install_path/web/webManagerForSAP-identity_domain/shared/dxmMySap.jar

  • Create folder tomcat_install_path/dxilib if not yet existing.

  • Copy the following files to folder tomcat_install_path/dxilb:

    • install_path/web/webManagerForSAP-identity_domain/endorsed/lib/dxmStorageURL.jar

    • install_path/lib/java/ext/bcprov-jdk14-136.jar

  • Append both jar files to Tomcat’s Java classpath.

Make sure the libraries are accessible to the Tomcat process.

Deploy Web Applications into Tomcat

Copy the following files to the folder tomcat_install_path/conf/Catalina/localhost:

  • install_path/web/webManagerForSAP-identity_domain/ webCenter/WEB-INF/sapWebCenter.xml

  • install_path/web/webManagerForSAP-identity_domain/ selfService/WEB-INF/sapSelfService.xml

If Tomcat does not automatically load the new applications on detection of the new files, load the applications via Tomcat’s Web Application Manager or restart the Tomcat server.

Additional Steps

In addition to the integration steps described here, you must

  • Configure the Web Center SSO module for authentication with SAP logon tickets.

  • Map NetWeaver logins to DirX Identity users, by either

    • Creating a corresponding SAP target system in the DirX Identity store and assigning NetWeaver logins to accounts in that target system, or

    • Assigning NetWeaver user logins directly to DirX Identity users.

  • Set up single sign-on between Web Center and the DirX Identity Java-based server; this is required for access to the request workflow server only.

For details, see the documentation on WebCenter Single Sign-On.

Removing the Web Center Package from NetWeaver

Perform the following steps to remove the Web Center package from NetWeaver:

  • Log in to the NetWeaver Portal as administrator.

  • Browse to Portal Content → Content Provided by Other Vendors → End User Content.

  • Delete the folder Siemens: DirX Identity.

Removing Web Center for SAP Applications from Tomcat

Perform the following steps to remove a Web Center for SAP application from Tomcat:

  • Log in to the Tomcat Web Application Manager (//tomcat_host:_tomcat_port_/manager/html).

  • Undeploy the application.

This will delete the application’s context descriptor file and the application’s working directory under tomcat_install_path/work.

If you no longer need to access Web Center from within SAP, delete the following files manually:

  • tomcat_install_path/lib/dxmMySap.jar

  • tomcat_install_path/conf/sap/verify.pse

  • sapsecu.dll

  • sapssoext.dll

If you don’t run any other Web Center applications in Tomcat, delete also the following files:

  • bcprov-jdk14-136.jar

  • dxmStorageURL.jar

from the folder tomcat_install_path/dxilib.

Upgrading from Earlier Releases

When upgrading from a release prior to 8.3, remove the files

  • jaxb-api.jar

  • jaxws-api.jar

from the folder tomcat_install_path/endorsed.