You can configure Access Manager and SAP NetWeaver Enterprise Portal 7.0.x to work together.
This section contains the following tasks:
Install SAP NetWeaver Enterprise Portal before completing the steps in this section.
Install the Apache HTTP Server by following the installation steps provided by apache.org.
Install and configure a WebGate on each Apache HTTP Server instance that supports the proxy connection to the SAP Enterprise Portal instance. See Installing Webgates for Oracle Access Manager for details.
Install Access Manager before completing the steps in Configuring Access Manager for SAP Enterprise Portal. See the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management for details.
Synchronize the time on all servers where SAP NetWeaver Enterprise Portal and Access Manager components are installed.
Ensure that the users exist in the Access Manager LDAP directory as well as on the SAP R3 system database.
The user ID in Access Manager and the SAP database must be the same or be mapped to each other. Any attribute in a user's profile can be configured as the SAP ID and passed directly to SAP. Alternatively, SAP can be configured to map the SAP ID to any user attribute that it receives from Access Manager.
Verify that the Web browser is configured to allow cookies.
Note:
Oracle suggests reviewing the following topics prior to integrating Access Manager with SAP NetWeaver Enterprise Portal.
Managing Data Sources to understand how to add and configure data sources in Access Manager.
Managing Authentication and Shared Policy Components to understand how to configure Form and Basic mode authentication in Access Manager.
Configuring Cert Mode Communication for Access Manager to understand how to configure Cert mode for Access Manager.
You can configure a proxy (Apache HTTP Server 2.0.x) to access SAP NetWeaver Enterprise Portal.
To configure Apache HTTP Server 2.0.x
You can enable external authentication in SAP Enterprise Portal using the OB_USER
header variable.
For more information about configuring authentication schemes for SAP Enterprise Portal, see the SAP documentation.
To configure the header variable
Stop the SAP J2EE dispatcher and server.
Browse to the following directory:
SAP_J2EE_engine_install_dir\ume
Back up the file authschemes.xml.bak
to another directory.
Rename authschemes.xml.bak
to authschemes.xml
.
Open authschemes.xml
in an editor and change the reference of the default authentication scheme to the authentication scheme header as follows:
<authscheme-refs> <authscheme-ref name="default"> <authscheme>header</authscheme> <authscheme>uidpwdlogon</authscheme> </authscheme-ref> </authscheme-refs>
In the authentication scheme header of authschemes.xml
, specify the name of the HTTP header variable where the Access System provides the user ID.
As described in "Configuring Access Manager for SAP Enterprise Portal", this is the OB_USER
header variable. You configure this header variable as follows:
<authscheme name="header"> <loginmodule> <loginModuleName> com.sap.security.core.logon.imp.HeaderVariableLoginModule </loginModuleName> <controlFlag>REQUISITE</controlFlag> <options>Header=OB_USER</options> </loginmodule> <priority>5</priority> <frontEndType>2</frontEndType> <frontEndTarget>com.sap.portal.runtime.logon.header</frontEndTarget> </authscheme>
The control flag value REQUISITE
means the login module must succeed. If login succeeds, authentication continues through the list of login modules. If it fails, control immediately returns to the application and authentication does not continue through the list of login modules.
Restart the portal server and J2EE engine.
The modified authschemes.xml
file will be loaded into the Portal Content Directory (PCD). SAP Enterprise Portal will rename it as authschemes.xml.bak
.
To Configure Logout
Add the HeaderVariableLoginModule
to the appropriate login module stack or template and configure the options.
Table 62-1 Login Module Stacks for using Header Variables
Login Modules | Flag | Options |
---|---|---|
EvaluateTicketLoginModule |
SUFFICIENT |
{ume.configuration.active=true |
HeaderVariableLoginModule |
OPTIONAL |
{ume.configuration.active=true, Header=<header_name>} |
CreateTicketLoginModule |
SUFFICIENT |
{ume.configuration.active=true} |
BasicPasswordLoginModule |
REQUISITE |
{} |
CreateTicketLoginModule |
OPTIONAL |
{ume.configuration.active=true} |
To adjust the Login Module Stacks for using Header Variables