Fiori – BOBJ integration with SSO.
Considering Fiori Launchpad as global point of entry for SAP applications, Users always want to see analytical content in the same place. To avoid users launching Business Objects documents via portal or BI Launchpad separately, this document outlines the process of integrating Fiori with Business Objects
SAP Business Objects enterprise – BOBJ 4.1 SP4
Design studio – 1.6 SP02
SAP Gateway, Fiori
Configuration – (Assuming, the sapgateway protocol is https (which is most likely to be))
Configuring BOBJ Platform
Enable https on BOBJ web application server, no backend https is required. I am using Tomcat in this example
- Use Keytool in tomcat java home bin directory to create a self-signed keystore
keytool -genkey -alias tomcat -keyalg RSA –keystore keystore.jks.
This command will create a self-signed keystore named keystore.jks under keytool home directoty
- Please export self-signed certificate in .crt format.
keytool -export -alias tomcat -keystore keystore.jks –file https.crt
This command will create https.crt in same directory.
- Generate SSO certificates and keystore files using PCKS12 tool
Windows location : \SAP BusinessObjects Enterprise XI4.0\java\lib
Windows Command : “\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin\java” -jar PKCS12Tool.jar -alias bobj -storepass password -dname CN=BOS
The above command generates keystore and cert.der files .
Stop the tomcat, navigate to /conf/server.xml . Edit the server.xmlfile as below
Uncomment the https entries and add below parameters.
Restart the tomcat , https links should work .
Configuring Fiori server
Install the https.crt ( certificate generated from keystore.jks ) into fiori abap stack using the below command at OS level
sapgenpse.exe maintain_pk -p -a https.crt
Configure SAP gateway to forward the requests to BOBJ platform.
wdisp/system_ = SID=BOE, EXTSRV=https://bod:8443 SRCSRV=*:8000 SRCURL=/BOE/
On the ABAP front end server using T code Strustss002 , please import the SSO certifictes generated by BOBJ Platform.
Setting up single sign on on BOBJ Platform
1) Add the ABAP front end as the entitlement system in CMC
2) Import the required Roles and keystore in CMC
3) Setup SAP ABAP stack to send SAP Logon Tokens
Now create a Tile in Fiori Launchpad, redirecting to BOBJ Design studio Opendocument link. The navigation should work seamlessly
Shiva Prasad Aluri