Before configuring an SAP native repository, ensure that you have met the prerequisites described in “Single Sign-on with SAP Enterprise Portal” in the Oracle Hyperion Enterprise Performance Management System Security Administration Guide.
By default, EPM System sets a SAP keystore timeout of 10 seconds. After configuring an SAP provider, you can change the timeout by editing the security options. See Setting Security Options.
To configure an SAP native repository:
Launch Shared Services Console. See Launching Shared Services Console.
On the Directory Type screen, select SAP, and then select Next.
On the SAP Connection Information screen, enter configuration parameters.
Table 4. SAP Connection Information Screen
Label Description[1] Name A unique configuration name for the SAP provider. You use this name to identify the SAP provider in situations in which multiple SAP providers are defined in Shared Services. Example: MY_SAP_DIRECTORY
SAP Server Name The DNS name of the computer where the SAP Server is running, or the SAP router address. Example: myserver
Client Number The client number of the SAP system to which you want to connect. Example: 001
System Number The system number of the SAP System to which you want to connect. Example: 00
User ID The user name that Shared Services should use to access SAP. This user must have access permissions to use Remote Function Calls (RFC) to connect to SAP and to access user, activity groups, and their relationship data. Example: my_sap_user
Password The password of the user identified in the User ID box. Example: my_sap_password
Max Entries The maximum entries that a query to the SAP provider can return. If you are configuring Shared Services in Delegated Administration mode, set this value to 0. Example: 100
Pool Size The JCo connection pool size. Default: 20
Pool Name A unique name for the connection pool that should be used to establish a link between Shared Services and SAP. Default: HYPERION_SAP_POOL
Language Language for messages, for example error messages, from SAP. By default, this value is read from the system locale of the server hosting Shared Services. Example: EN
Location of SAP Digital Certificate The SAP X.509 certificate to use. EPM System products use this certificate to parse the SAP login ticket and to extract the user ID needed to support SSO. Required only if EPM System products are plugged into SAP Enterprise Portal. Example: C:/Oracle/Middleware/EPMSystem11R1/common/SAP/bin/SAP_cert_name.
SSL Enabled Check box that enables you to use Secure Socket Layer (SSL) to communicate between Shared Services and the SAP provider. Trusted Check box that enables you to specify that this provider is a trusted SSO source. SSO tokens from trusted sources do not contain the user's password. Show Advanced Options The check box to display custom authentication setting. Authentication Module Select this check box to enable the use of a custom authentication module to authenticate users defined in this user directory. You must also enter the fully qualified Java class name of the authentication module in the Security Options screen. See Setting Security Options. See “Using a Custom Authentication Module” in the Oracle Hyperion Enterprise Performance Management System Security Administration Guide.
Shared Services saves the configuration and returns to the Defined User Directories screen, which now lists the SAP provider that you configured.
Test the SAP native repository configuration. See Testing User Directory Connections.
If needed, change the search order assignment. See Managing the User Directory Search Order for details.
If needed, specify security options. See Setting Security Options for details.