Fiori – BOBJ integration with SSO

Fiori – BOBJ integration with SSO.

Requirement

Considering Fiori Launchpad as global point of entry for SAP applications, Users always want to see analytical content in the same place. To avoid users launching Business Objects documents via portal or BI Launchpad separately, this document outlines the process of integrating Fiori with Business Objects

Tools used

SAP Business Objects enterprise – BOBJ 4.1 SP4

Design studio – 1.6 SP02

SAP Gateway, Fiori

 Architecture

 

Configuration – (Assuming, the sapgateway protocol is https (which is most likely to be))

Configuring BOBJ Platform

Enable https on BOBJ web application server, no backend https is required.  I am using Tomcat in this example

  • Use Keytool in tomcat java home bin directory to create a self-signed keystore

 

keytool -genkey -alias tomcat -keyalg RSA –keystore keystore.jks.

This command will create a self-signed keystore named keystore.jks under keytool home   directoty

  • Please export self-signed certificate in .crt format.

keytool -export -alias tomcat -keystore keystore.jks –file https.crt

This command will create https.crt in same directory.

  • Generate SSO certificates and keystore files using PCKS12 tool

Windows location : \SAP BusinessObjects Enterprise XI4.0\java\lib

Windows Command :  “\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin\java” -jar PKCS12Tool.jar -alias bobj -storepass password -dname CN=BOS

The above command generates keystore and cert.der files .

Stop the tomcat, navigate to /conf/server.xml . Edit the server.xmlfile as below

Uncomment the https entries and add below parameters.

keystoreFile=”keystore.jks” keystorePass=”password”

 

Restart the tomcat , https links should work .

Configuring Fiori server

Install the https.crt ( certificate generated from keystore.jks )  into fiori abap stack using the below command at OS level

sapgenpse.exe maintain_pk -p -a https.crt

Configure SAP gateway to forward the requests to BOBJ platform.

wdisp/system_ = SID=BOE, EXTSRV=https://bod:8443 SRCSRV=*:8000 SRCURL=/BOE/

On the ABAP front end server using T code Strustss002 , please import the SSO certifictes generated by BOBJ Platform.

Setting up single sign on on BOBJ Platform

1) Add the ABAP front end as the entitlement system in CMC

2) Import the required Roles and keystore in CMC

3) Setup SAP ABAP stack to send SAP Logon Tokens

Now create a Tile in Fiori Launchpad, redirecting to BOBJ Design studio Opendocument link.  The navigation should work seamlessly



 

Shiva Prasad Aluri