Duet e Depl Guide Installation Guide

Duet Enterprise SAP Deployment Guide
June 28st 2011
Copyright
Copyright 2011 SAP AG. All rights reserved. SAP Library document classification: PUBLIC No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
Table of Contents
1. Introduction ................................................................................................................................................... 1 1.1 Before you begin .................................................................................................................................... 1 1.2 Coordination between SAP and Microsoft ................................................................................................... 2 1.3 SCL Overview ........................................................................................................................................ 2 1.4 Planning the System Landscape ...............................................................................................................2 1.5 Hardware and System Requirements for Duet Enterprise ............................................................................. 3 1.5.1 Gathering Information for Installation .............................................................................................. 5 1.6 Performing Installation Using the Duet Enterprise for Microsoft SharePoint and SAP Wizard ............................. 6 Wizard Prerequisites............................................................................................................................... 7 1.6.1 Pre-Wizard Installation Procedures ................................................................................................ 10 1.6.2 Using the Duet Enterprise for Microsoft SharePoint and SAP Wizard ................................................... 11 1.6.2 Post Wizard Installation Procedures ............................................................................................... 11 1.7 Prerequisites ........................................................................................................................................ 12 1.7.1 Important SAP Notes ................................................................................................................... 12 1.7.2 Activating the Services ................................................................................................................. 13 1.7.3 Setting Profile Parameters ............................................................................................................ 14 2. Installing Duet Enterprise .............................................................................................................................. 15 2.1 Installing the SCL Components ............................................................................................................... 15 2.2 Configuring Settings for the SCL ............................................................................................................. 16 2.3 Setting Up User and Authorization Administrator for the SCL ..................................................................... 17 2.3.1 Create and Assign SCL Administrator Role ...................................................................................... 17 2.3.2 Create and Assign SCL User Role ................................................................................................... 19 2.4 Activating BC Sets ................................................................................................................................ 22 2.5 Specifying Configuration Settings of the SharePoint Server ........................................................................ 23 2.5.1 Configuring the SLD ..................................................................................................................... 23 2.5.2 Defining Settings for Idempotent Services ...................................................................................... 24 2.5.3 Creating RFC Destination for Outbound Queues ............................................................................... 24 2.5.4 Registering the bgRFC Destination for Outbound Queue ................................................................... 25 2.5.5 Creating bgRFC Supervisor Destination .......................................................................................... 26 2.5.6 Checking bgRFC Configurations ..................................................................................................... 26 2.5.7 Creating RFC Destination for WSIL Service ..................................................................................... 27
1. Introduction 1.1 Before you Begin
2.6 Establishing Connections to an SAP System and the SharePoint Server ....................................................... 28 2.6.1 Configuring the SCL Host to use SAML Authentication ...................................................................... 29 2.6.2 Mapping User Data in the SAP System and the SharePoint Server ..................................................... 36 2.7 Creating Endpoints for Duet Enterprise Services ....................................................................................... 41 2.7.1 Creating and Activating Endpoints for all Scenarios .......................................................................... 41 2.7.2 Create the Duet Enterprise SAML Profile ......................................................................................... 42 2.7.3 Release Duet Enterprise Services .................................................................................................. 43 2.7.4 Loading and Preparing the BDC Models .......................................................................................... 45 2.7.5 View Archives of Uploaded BDC Files .............................................................................................. 48 2.8 Specifying SCL Configuration Settings to SAP Systems .............................................................................. 49 2.8.1 Defining Trust between the SCL Host and your SAP Systems for Type 3 connections ............................ 49 2.8.2 Creating a Type 3 RFC destination on SCL Host to SAP System ......................................................... 50 2.9 Create Type G RFC Destination to the SCL ............................................................................................... 53 2.10 Configuring Notification Mails ............................................................................................................... 55 2.11 Setting Up Role Synchronization ........................................................................................................... 56 2.12 Activate the SharePoint Server as a Consumer ....................................................................................... 57 2.13 Activating the SCL .............................................................................................................................. 57 3. Configuring Duet Enterprise Specific Content ................................................................................................... 58 3.1 Configuring Workflow ............................................................................................................................ 58 3.1.1 Activate Workflow BC Set ............................................................................................................. 58 3.1.2 Maintain Workflow Context Data .................................................................................................... 59 3.1.3 Retrieve Endpoint Information ...................................................................................................... 60 3.1.4 Create a Logical Port .................................................................................................................... 61 3.1.5 Customizing Duet Workflows Patterns ............................................................................................ 62 3.1.6 Customizing Workflow Patterns ..................................................................................................... 63 3.1.7 Running Scheduled Reports (Jobs) ................................................................................................. 65 3.1.8 Creating Roles and Assigning Authorization Objects in SAP System .................................................... 67 3.1.9 Manage SAP System Aliases for Workflow ....................................................................................... 68 3.1.10 Check Event Handler .................................................................................................................. 70 3.1.11 Check Adapter Class .................................................................................................................. 71 3.1.12 Create Consumer Proxy .............................................................................................................. 71 3.2 Configuring Reporting ........................................................................................................................... 74 3.2.1 Activate Reporting BC Set............................................................................................................. 74 3.2.2 Defining the Number Range Interval for Reporting Objects ............................................................... 76 3.2.3 Managing System Time Points ....................................................................................................... 77
1. Introduction 1.1 Before you Begin 3.2.4 Retrieve URL for Logical Port ......................................................................................................... 78 3.2.5 Create a Logical Port .................................................................................................................... 78 3.2.6 Manage SAP System Aliases for Reporting ...................................................................................... 79 3.2.7 Manage Source Systems, Report Types and Formats on the SCL ....................................................... 80 3.2.8 Configure a Report ...................................................................................................................... 81 3.2.9 Check Event Handler.................................................................................................................... 83 3.2.10 Check Adapter Class .................................................................................................................. 83 3.2.11 Create Consumer Proxy .............................................................................................................. 84 3.3 Configuring Starter Services .................................................................................................................. 86 3.3.1 Activate Starter Services BC Set.................................................................................................... 86 3.3.2 Configure the Service Provider for Starter Services Endpoints ........................................................... 89 3.3.3 Retrieve External Identifier ........................................................................................................... 91 3.3.4 Export the Profile ........................................................................................................................ 91 3.3.5 Manage Web Services .................................................................................................................. 91 3.3.6 Create a System Connection ......................................................................................................... 92 3.3.7 Create the Account Maintenance User ............................................................................................ 93 3.3.8 Create a Business Scenario Configuration ....................................................................................... 93 3.3.9 Manage SAP System Aliases ......................................................................................................... 94 3.3.10 Add the System Alias and Roles to all Starter Services Relevant Object Groups ................................. 95 3.4 Configure Code Lists ............................................................................................................................. 97 3.5 Caching Code Lists ............................................................................................................................... 98 3.6 Configure Document Upload Option ........................................................................................................ 99 3.7 Configuring User Profile Synchronization ............................................................................................... 100 3.8 Retrieving the URL for the "View Inquiry in SAP System" Link .................................................................. 100 Appendix 1 Service Consumption Layer Overview ............................................................................................. 101 Cross-Phase Documentation ...................................................................................................................... 101 Overview of the Service Consumption Layer ................................................................................................ 102 Architecture of the Service Consumption Layer ...................................................................................... 102 How Service Consumption Layer Works ................................................................................................ 104 Appendix 2 - Duet Enterprise Deployment Worksheet ......................................................................................... 106 Deployment Worksheet ............................................................................................................................. 106
1. Introduction
1. Introduction
Duet Enterprise enables customers and partners a way to consume and extend SAP applications through Microsoft SharePoint and Microsoft Office 2010 The product brings together the two different worlds of process (SAP Applications) and collaboration (Microsoft SharePoint), by providing an Interoperability layer (the service consumption layer (SAL) that ensures all the basic plumbing between the two systems is addressed so that customers and partners can focus on innovation. Besides the ability to create Duet Enterprise Composite solutions, Ready to Use Capabilities ensure quick time to value, for example, ability to Collaborate on the fly around data from SAP applications or enable SAP workflow items to surface in Microsoft SharePoint or Outlook with additional contextual information from SAP and can be collaborated around This guide provides the steps for installation and configuration of Duet Enterprise on the service consumption layer (SCL). The SCL is a framework that connects Duet Enterprise business users to SAP systems. This guide does not contain the installation and configuration procedures for Duet Enterprise on the SharePoint server. The SharePoint related procedures are included in the Duet Enterprise Deployment Guide for SharePoint Administrators. This section contains:
Before you begin Coordination between SAP and Microsoft SCL Overview Planning the System Landscape Hardware and software requirements for Duet Enterprise Prerequisites
1.1 Before you Begin

Duet Enterprise is a joint product of SAP and Microsoft. It must be deployed on both the SCL and on servers running SharePoint Server 2010 by the SharePoint administrator. Before you start the deployment, make sure you have read the Duet Enterprise SAP Master Guide where you can learn about the product in general, its landscape and prerequisites, and about the different types of documents available to help you perform the deployment. You can find the Duet Enterprise SAP Master Guide at SAP Service Marketplace at: http://service.sap.com/instguides SAP Business Suite Applications Duet Enterprise Duet Enterprise 1.0.
1. Introduction 1.2 Coordination between SAP and Microsoft
1.2 Coordination between SAP and Microsoft

Deploying Duet Enterprise is a coordinated effort between Microsoft and SAP. To complete certain procedures, information must be shared between the administrators deploying the product. For this purpose, the Duet Enterprise Deployment Worksheet has been created which contains all the information that will be shared between the SAP and the Microsoft administrator. Even if one person is deploying Duet Enterprise in both the SharePoint and SAP environments, the deployment worksheet makes it easier to keep track of the information that will be needed in a later procedure. Note also, that some information provided by the SharePoint administrator will be used by the SharePoint administrator in a later procedure. Procedures where information must be gathered to/from the worksheet are marked with the
icon.
1.3 SCL Overview

The SCL as a framework is provided as an SAP NetWeaver ABAP Add-On, which you install on top of your existing SAP Business Suite or Application Platform. When installed, it provides the following: A runtime environment for SAP solutions that integrate desktop programs with SAP systems. Runtime features including user interface, secure data access, database connectivity, and network communications for managing applications running on top of the framework. An infrastructure and tools for developing applications to run on the framework or enhance SAP solutions which integrate desktop programs with SAP systems. Connection to multiple SAP systems regardless of their versions. It is required that you have the SCL installed and running in your system before you can install Duet Enterprise. For more information regarding the SCL, refer to the SCL Overview section.
1.4 Planning the System Landscape

A landscape is the logical representation of systems consisting of multiple, and distributed components. You implement SCL components in your existing SAP systems landscape. Consider the following when planning the system landscape: Understanding SCL requirements. Assessing your existing network infrastructure to help you to determine how to meet the requirements of the SCL components. Determining how the supported authentication and security mechanisms in SCL fit into your existing security policy. Determining the schedule for making the implementation available to a large number of users.
1. Introduction 1.5 Hardware and System Requirements for Duet Enterprise
The following is an illustration of the SCL system landscape:

SAP system
`
Service Consumption Layer Components

`
SharePoint Server
SAP system
Integrated Desktop Programs
You implement SCL components such that the SharePoint server components are in a host separate from the host of SCL components interfacing with your SAP systems. Install, and configure Duet Enterprise in the testing landscape, after you complete all configurations and testing, you can make Duet Enterprise available in your production landscape for use by a large audience. To build your own Enterprise Service based application on top of Duet Enterprise, you require an Enterprise Service Repository (ESR). For more information, refer to System Landscape on the SAP Help Portal.
1.5 Hardware and System Requirements for Duet Enterprise

The following are the minimum hardware requirements for Duet Enterprise: Requirements Processor Random access memory (RAM) Hard disk capacity Specification Dual Core (2 logical CPUs) or higher, 2 GHz or higher 8 GB or higher 80 GB primary, or higher
The following are the minimum software requirements for Duet Enterprise: Requirements NetWeaver stack .NET framework Microsoft SharePoint Microsoft Office Client Client -Browser Database/s (Server MS) SAP system Kernel Part II (for Basis 7.02) WEBCUIF Specification NW 7.0 Eph 2 SP05 .NET 3.0/3.5 SharePoint Enterprise 2010 ( 64- bit) OS Windows 2008 ( 64- bit) Office 2010 Pro Plus* IE 7.0 or higher, Firefox 3.x, Safari 4.x - SQL 2008 or SQL 2005 (Enterprise, Standard) Server 64 bit only R/3 4.6c or higher Kernel Patch Level 35
WEBCUIF 7.00 WEBCUIF 7.1. SP02
The following are the minimum requirements for the SAP systems: Requirements Software Specification SAP Business Suite Application Platform SAP NetWeaver Application Server 7.0 (NW 04s) SP 15, or SAP NetWeaver Application Server 6.40 (NW04) SP22 for Workflow ERP 2004, Release SAP_BASIS 640 (SP level 0022), or ERP 6.0 (2005), Release SAP_BASIS 700 (SP Level 15) for Reports. NW BI 3.5: Release SAP_BW 350 (SP Level 0022), or NW BI 7.0: Release SAP_BW 700 (SP Level 17) for Reports. Starter Services require ERP 2004 and higher. ERP 2004: SA_BASIS 640 (SP level 0022) or higher ECC-SE 604 SP06 In addition, make sure that you read and implement the most current SAP notes that apply to the required software listed above. You can find these notes at service.sap.com/notes.
Relevant SAP notes that apply to SAP NetWeaver ABAP 7.02 SP3 for deploying Duet Enterprise. Note Number 1465067 Description Corrections and Enhancement note for the SCL SP1 Property EnableEncryption is unknown for profile-based EPs Explanation This note describes all corrections and enhancements done for the Service Consumption Layer SP01. This note is used to correct the program error in the SOAMANAGER when displaying selected Binding WSDL URLs for profile-based endpoints. Sample Services uses Enterprise Service Oriented Architecture (eSOA) services for various business flows. End points for these services have to be configured with an SAP Assertion Logon method as a security mechanism in the SAP ERP system so that these services can be consumed from Service Consumption Layer (SCL) system. This note describes the procedure for doing this.
1451537
1480794
Business Scenario XML file
1.5.1 Gathering Information for Installation

You need to collect information about the SCL host for configuration purposes. Note: The SAP and the Microsoft components deployed must belong to the same service pack version. The following table provides a list of some of the information you need to collect. Required Information Fully qualified domain name (FQDN) Name of the SAP NetWeaver Application Server ABAP system or the load balancing device. Administrator credentials Login information of the administrator of the SAP NetWeaver Application Server ABAP to install and maintain the system. HTTP/HTTPS Ports HTTP and HTTPs port numbers of the central instance of the SAP NetWeaver Application Server ABAP. 8000 for http, and 8001 for https SCL administrator Example duet.domain.com
1. Introduction 1.6 Performing Installation Using the Duet Enterprise for Microsoft SharePoint and SAP Wizard
SAP system For each SAP system to which you want to connect, the SCL server you need the following information: System ID, System number Server name HTTP / HTTPs port Administrator credentials Consumer-specific information For several steps you will require information from the SharePoint administrator. Some of the information will only be available once SAP specific data has been handed over to the SharePoint administrator, other data can be provided right away. For example: HTTPS URL: https://ilvms025.tlv.sap.corp:10001 ADS Information for Usermapping Sync AD Server: dev24dc1 Port: 389 User: devwdf24\d044410 Password: xxx User Base DN: CN=Users,DC=dev24,DC=devwdf,DC=sap,DC=corp
Server Name = duet System ID = DUE System Number = 00 HTTP = 80 HTTPS = 8001
1.6 Performing Installation Using the Duet Enterprise for Microsoft SharePoint and SAP Wizard
Note: Before you open the wizard, make sure you have implemented all notes appearing under Composite Note 1539888. The Duet Enterprise for Microsoft SharePoint and SAP Wizard, together with the pre- and post- wizard installation procedures covers all the steps necessary to deploy Duet Enterprise in your system. If the wizard runs smoothly, there is no need to continue with the rest of the tasks that are outlined in this document. To start the wizard, you require some basic information from the SharePoint administrator. You will be able to obtain this information using the Duet Deployment Worksheet located at http://go.microsoft.com/fwlink/?LinkId=207604. Information that has to be handed over to the SharePoint administrator is clearly mentioned throughout the wizard. In the wizard, you can skip as many steps as you want if they should not be automated due to security / traceability reasons (for example, when you only want to run the wizard in your Sandbox / Test environment, but only part of it in your productive environment). Also, if you encounter an error for a certain step, skip this step, perform it manually, and continue using the wizard.
The wizard does not only perform configuration steps on the SCL server, but also some required steps on the SAP system (like establishing trusts or creating logical ports). The Wizard assumes the following starting point: NetWeaver 7.02 SP5+ is installed End-users and groups are created (at least one user and group; used for activating BC sets) Profile settings are set for SSO [1.6.2 Setting Profile Parameters] and SSL [http://help.sap.com/saphelp_nw70ehp2/helpdata/en/49/23501ebf5a1902e10000000a4218 9c/frameset.htm]
Wizard Prerequisites
Authorizations
To execute the Wizard, several authorizations are required on the SCL and SAP system. On the SCL, the authorization template /IWTNG/LCMWIZARD can be used which contains all required permissions. You can create a role out of the template following the instructions outlined in section 2.3.1 Create and Assign SCL Administrator Role > To create the administrator role and assign it to users using the template /IWTNG/LCMWIZARD instead of the template /IWFND/RT_ADMIN instructed there On the SAP System the following permissions are required to create RFC destinations, exchange certificate and create logical ports: Authorization Template S_ADMI_FCD S_CTS_ADMI S_DATASET Permissions S_ADMI_FCD=NADM CTS_ADMFCT=TABL PROGRAM=SAPLRSPOR ACTVT=06,33,34,; FILENAME=* S_GUI S_RFC ACTVT=61 RFC_TYPE=FUGR RFC_NAME=RSPOR, SAIO, SBDC, SBUF, SCCA, SCUST_RFC_GENERATE, SICM, SSFP ACTVT=16 S_RFC_ADM ACTVT=01 RFCTYPE= RFCDEST=* [<RFC to SCL Server>, <RFC to SCL-Server HTTP>] ICF_VALUE=
S_RFCACL S_RZL_ADM S_SRT_LPR
RFC_SYSID=* [SID of SCL Server] ACTVT=01 TCODE=LPCONFIG; PROXY=/OSP/CO_REP_ADAPTER_WSVI_DOCUM; /OSP/CO_RMWRAPPER_VI_DOCUMENT; CO_OSPWACTION_ITEM_VI_DOCUMENT; LP_NAME=LP_PORT_REPORTING [Name of Logical Port]
S_TCODE S_TRANSPRT
TCD=LPCONFIG, STRUSTSSO2 TTYPE= ; ACTVT=03;
Customizing Tables
There is a possibility that when starting the Wizard via /IWTNG/LCM, the required customizing entries from tables /IWTNG/LCMCONFIG, /IWTNG/LCMSTCONF and /IWTNG/LCMSTEPS are not transported from client 000 to the productive client you are currently working on. In this case, the following error message is displayed: In View cluster :BC-RFC3-RFCDESCR :BC-RFCH-RFCDESCR :BC-RFCH-PATH required customization entries missing :BC-RFC3-RFCDESCR :BC-RFCH-RFCDESCR :BC-RFCH-PATH. To solve this: 1. Go to Note 1544169 which contains a BC set with the required customizing. Implement the correction instructions in the note 2. Open transaction SCPR20. 3. From the BC SET menu, select Upload. The Business Configuration Sets: Activation page is displayed. 4. In the Short Text field, press F4 and select the BC set file attached to the note. 5. Click Activate. The required customizing tables are populated and the Wizard should work.
Information Required from the Microsoft Administrator

To complete the wizard, you will require some input from the Microsoft Administrator. The information should be available in the Duet Enterprise Worksheet at http://go.microsoft.com/fwlink/?LinkId=207604 The following table shows the relevant information required for the wizard. Table 1 Information provided by the SharePoint administrator
Field URL of Web application for report publishing
Example https:// contoso.corp.com:443 Note:

This information is only needed by the SharePoint administrator to perform a procedure during deployment.
SSL certificate file name and location STS certificate file name and location AD DS Server name
\\contoso\UpdatedModels\DuetSSLCert.cer
\\contoso\UpdatedModels\DuetSTSCert.cer
contosoDC Tip: This must be the NetBIOS name of the computer running the Active Directory Domain Services (AD DS) where the user accounts that are used by SharePoint are stored. Note: If the usernames in the AD DS and the SAP System are the same, you do not need to connect the SCL to the AD DS. Instead, follow the instructions in the Mapping User Data when the User IDs in SharePoint and the SCL Host are the Same section.
Port number of AD DS AD DS account and password Attribute in AD DS where SAP user name is maintained
389
This name is an attribute in AD DS. For example, sAMAccountName.
Field User Base Domain Name URL to OBAFileReciever for reporting
Example
https://contoso:445/sites/Reports/_VTI_bin/OBAFileReciever.asmx?WSDL Tip: The SAP administrator must have a SharePoint user account that is granted a minimum of Read access to this file.
URL to OBAWorkflowService for Workflow
Table 3 - Accounts needed for SharePoint
Account name Report publisher account SAP workflows service account
Description
1.6.1 Pre-Wizard Installation Procedures

If you execute the Wizard, installation will be complete by the end of it. Nevertheless, following steps must be created manually before you run the wizard.
Create Users on the SCL System. See 2.3 Setting Up User and Authorization Administrator for the SCL) Set Profile Parameters for SSO (login/accept_sso2_ticket & login/create_sso2_ticket) and SSL. See 1.7.2 Setting Profile Parameters.for the SSO parameters and http://help.sap.com/saphelp_nw70ehp1/helpdata/en/85/46453c3ff4110ee10000000a11405 a/frameset.htm for the SSL parameters. Make sure the SAP Cryptolib is on the right level (You need SSFLIB Version 1.555.28 or higher, using an updated SAPCrypto Lib.) To check the Cryptolib level: a. Open transaction STRUST The Trust Manager page is displayed. b. From the Menu bar, select Environment > Display SSF Version. An Information message is displayed. The SSFLIB version is displayed on the first line of the message.
10
If Reporting, Workflow or Starter Services should be configured, the corresponding roles have to be configured. See 2.3.2 Create and Assign SCL User Role.
1.6.2 Using the Duet Enterprise for Microsoft SharePoint and SAP Wizard
To use the wizard: 1. Open transaction /n/IWTNG/LCM. 2. Click Next at the top and provide the required information. Additional help and explanations is available for each step by clicking the icon.
1.6.2 Post Wizard Installation Procedures

After installation, the following procedures need to be performed:
1. Activate the SCL. See 2.13 Activating the SCL. a. On the SCL, open the Service Consumption Layer Administration IMG. b. Click the d. Click the Display icon. Execute icon. c. Select General Settings > Activate or Deactivate SCL. A message is displayed. e. Click Activate. A message about the status is displayed. 2. Verify that the Groups mentioned below are deactivated. a. On the SCL, open transaction SIMGH. b. Select the Service Consumption Layer Administration IMG. c. Click the e. Click the f. Display icon. Execute icon. d. Select General Settings > Manage Business Object Groups. The Display View Manage Business Object Groups: Overview page is displayed. Clear the Active checkbox for the following groups: IWCOD IWDOC IWEMP IWF_SAMPLE_USR IWF_TEST_APP IWF_TEST_APP_2 IWREPT IWRPMD IW_BOM IW_MAT IW_WF
11
1. Introduction 1.7 Prerequisites
3. For configuring Reporting, activate the local reports. a. Open transaction SE38. The ABAP Editor: Initial Screen is displayed. b. In the Program field, enter /IWCNT/DEMO_REP_LP_CONFIG. c. Click Execute. This program will configure the required RFC destinations and logical ports. d. To restart ICM (and reset the buffer), form the SCL, open transaction SMICM > [Menu] Administration > ICM > Exit Soft > Global. 4. For configuring Workflow, perform the procedures described in the following sections in this document: 3.1.5 Customizing Duet Workflows Patterns 3.1.6 Customizing Workflow Patterns 3.1.7 Running Scheduled Reports (Jobs) 3.1.8 Creating Roles and Assigning Authorization Objects in SAP System 5. For configuring Starter Services, perform the procedures described in the following sections in this document: 3.5 Caching Code Lists 3.6 Configure Document Upload Option 3.7 Retrieving the URL for the "View Inquiry in SAP System" Link 6. Configure the user profile synchronization, as described in section 3.7 Configuring User Profile Synchrnonization. At this stage, Duet Enterprise should be completely deployed in your machine.
1.7 Prerequisites
During the installation, several basic configuration steps have to be performed and will be outlined. However, the following steps can be performed before you begin, independently of any Duet Enterprise specific configuration.
1.7.1 Important SAP Notes

Make sure you read and implement the following SAP Notes. You can find these SAP Notes on SAP Service Marketplace at: http://service.sap.com/notes.
SAP Note Number 1465330
Title
Comment
Duet Enterprise 1.0: Release Information Note
Contains essential information about the implementation of Duet Enterprise 1.0.
12
1.7.2 Activating the Services

When performing a new installation, the following NetWeaver services are installed but must be manually activated. To activate the services on the SCL: 1. On the SCL, open transaction SICF. The Maintain Services page is displayed. 2. In the Hierarchy Type field, enter SICFSERVICE. 3. Click the Execute icon. 4. Expand the default_host until you reach /sap/bc/srt/xip/sap. 5. Right-click on sap and select Activate Service. You are prompted to confirm you want to activate the service. 6. Click /sap/bc/srt/wsil /sap/bc/srt/xip/sap /sap/bc/srt/wsdl /sap/bc/webdynpro/sap/saml2 /sap/bc/srt/rfc /sap/public/bc /sap/public/bc/ur /sap/public/myssocnt /sap/bc/webdynpro/sap/appl_soap_management To activate the services on the SAP system: Note: Not all the services listed below exist in all SAP system releases. 1. On the SAP system, open transaction SICF. The Maintain Services page is displayed. 2. In the Hierarchy Type field, enter SICFSERCIVE. 3. Click the Execute icon. 4. Expand the default_host until you reach /sap/bc/srt/xip/sap. 5. Right-click on sap and select Activate Service. You are prompted to confirm you want to activate the service. 6. Click /sap/bc/srt/wsil /sap/bc/srt/xip/sap /sap/bc/srt/wsdl /sap/bc/webdynpro/sap/saml2 . .
7. Repeat the procedure for the following services:
7. Repeat the procedure for the following services:
13
/sap/bc/srt/rfc /sap/public/bc /sap/public/bc/ur /sap/public/mysssocnt /sap/bc/webdynpro/sap/appl_soap_management /sap/bc/srt/pm
1.7.3 Setting Profile Parameters

1. From the SAP system, use transaction RZ10 to set the login/accept_sso2_ticket parameter value to 1 and the login/create_sso2_ticket parameter to 2. 2. Repeat procedure for the SCL system. See http://help.sap.com/saphelp_nw70ehp2/helpdata/en/c4/3a6247505211d189550000e829fbb d/frameset.htm for details
14
2. Installing Duet Enterprise 2.1 Installing the SCL Components
2. Installing Duet Enterprise

This section provides the step-by-step instructions for installing and configuring Duet Enterprise. You must perform the steps in the order listed. This section includes: Installing the SCL components Configuring Settings for the SCL Setting Up User and Authorization Administrator for the SCL Activating BC Sets Establishing Connections to an SAP System and the SharePoint Server Specifying Configuration Settings of the SharePoint Server Creating Endpoints for Duet Enterprise Services Specifying SCL Configuration Settings to SAP Systems Creating a Type G RFC Destination to the SCL Setting up Role Synchronization Activating the SharePoint Server Activating the SCL
2.1 Installing the SCL Components

You install the SCL components using the SAP Add-On Installation Tool (SAINT), which lets you import the SCL installation packages from your DVD into your SAP system landscape. Note: Make sure you import the latest installation package for both the SAP and the Microsoft components. For more information about the SAINT, see Add-On Installation Tool, on the SAP Help Portal. The following are the SCL installation packages: IW_FND.sar: Installs the framework components that support the running and developing of applications and SAP solutions that integrate end user programs with SAP systems. IW_CNT.sar: Installs content that exposes services based on the capabilities of your existing SAP system. The content is provided in predefined groups. Examples of such content are: customer, account, and leave request grouped under CRM. System integrators, other vendors, and other SAP development teams can also provide similar content. IW_TNG.sar: Installs the Duet Enterprise specific content. These installation packages have a compressed format, so first you unpack them into your local file system. Later, you import them using the installation tool. For detailed information about unpacking the installation packages, see Loading Installation Packages from the Application Server, on the SAP Help Portal.
15
2. Installing Duet Enterprise 2.2 Configuring Settings for the SCL
To install the SCL components: 1. Download all versions of the .SAR files located at: service.sap.com/swdc > Installations and Upgrades > Installation and Upgrades Entry by Application Group > SAP Application Components > Duet Enterprise > Duet Enterprise 1.0 > Installation. Download DVD1 (containing the IW_FND and WI_CNT .SAR files) and DVD2 (containing the IW_TNG .SAR file) at that location. 2. Download the .SAR files of the latest Service Pack from the following location: service.sap.com/patches> Support Packages and Patches A - Z Index > D > DUET ENTERPRISE > DUET ENTERPRISE 1.0 > Comprised Software Component Versions. Download the SAP IW CNT 100, the SAP IW CNT 100, and the SAP IW FND 100 files. 3. Extract all >SAR files to \\<server>\sapmnt\trans\eps\in 4. Log on to the SAP system in which you want to install the SCL components, and enter the transaction SAINT. For detailed information about importing the installation packages, see Installing and Upgrading Add-ons, on the SAP Help Portal. 5. Download the Microsoft latest Service Pack from the following location: service.sap.com/patches> Support Packages and Patches A - Z Index > D > DUET ENTERPRISE > DUET ENTERPRISE 1.0 > Comprised Software Component Versions > DUET ENTERPRISE CONTENT 1.0 > Windows Server on x64 64bit. Download the Duet Enterprise 1.0 SP 02 file. 6. Deploy the Duet Enterprise 1.0 SP 02 file to the SharePoint server. For more information, refer to http://technet.microsoft.com/en-us/library/ff972427.aspx.
2.2 Configuring Settings for the SCL

Once you have installed the SCL components, you must configure your system to allow the consumer servers applications to retrieve the data requested by users. The following is an overview of the sequence of the configuration tasks: 1. Set up users and authorizations. You create an administrator role and profile for SCL components, and assign a user to this role. Later, you create users roles and profiles for SCL content, and assign them to the users. 2. Establish connections to your SAP system from SCL, including the following: Optionally, define connections to the system landscape. Define a Remote Function Call (RFC) destination to enable communication with the SAP Systems. Register the RFC destination. Create RFC supervisor destination. Create RFC destination for Web service Internet Language (WSIL) service. 3. Specify configuration settings to connect to the consumer server. 4. Configure the default content for use in consumer server applications.
16
2. Installing Duet Enterprise 2.3 Setting Up User and Authorization Administrator for the SCL
2.3 Setting Up User and Authorization Administrator for the SCL

The first configuration task after installation is to set up an administrator role for SCL components and assign users to it. SCL provides predefined roles as templates. These templates are in the format /IWCNT/RT_ADMIN, and /IWCNT/RT_USER_<application name>. Use the templates to create user roles for SCL components. Note: After installation, there are no end-users on the SCL. Since all SAP system end-users have to be available on the SCL as well, it is recommended to connect the SCL to a Central User Administration or SAP Identity Management and synchronize the user. If that is not possible, you have to create the users manually.
2.3.1 Create and Assign SCL Administrator Role

You create a role for an administrator user with permissions and privileges for several tasks including the following: Analyze logs and identify potential issues with the SCL landscape. Install, configure, and maintain SCL components and applications that run on top of SCL. Configure and maintain users data including, roles, and user mapping. For more information about SAP user administrator types, see Setting up User and Authorization Administrators in the SAP Help Portal. Note: For all steps in the IMG there is always consumer independent documentation available. If you want to get more information, click the Display icon before executing each step. To create the administrator role and assign it to users: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the 4. Click the Display icon. Execute icon. 3. Select User Settings > Define Role for SCL Administrator.
The Role Maintenance page is displayed. 5. In the Role field, enter any of the basis roles, for example: SAP_BC_BASIS_ADMIN SAP_BC_CTS_ADMIN SAP_BC_BASIS_MONITORING SAP_BC_BATCH_ADMIN SAP_BC_BDC_ADMIN SAP_BC_WEBSERVICE You can choose any of the listed standard administrator roles, or enter an existing one. 6. Click Copy Role to create a copy of the standard role.
7. In the Query dialog box, enter a name for the new role in to role, for example, Z_SAP_BC_BASIS_ADMIN . Click Copy all. The Change Roles dialog box is displayed and the role is created.
17
8. In the Role Maintenance page, click the 9. Select the Authorizations tab.
Edit icon.
10. Click Change Authorization Data under the Maintain Authorization Data and Generate Profiles section. 11. Select Edit > Insert Authorization(s) > From template. The Choose Template page is displayed. 12. Select /IWFND/RT_ADMIN from the list. 13. Click the 14. Click checkmark. Generate.
The Generate profile dialog box is displayed. 15. Select the Generate option. 16. In the Assign Profile name for Generated Authorization Profile dialog, maintain the profile name according to your requirements. For example T-SCL550. 17. Click the checkmark. The Change role: Authorizations page is displayed. The status of the profile is displayed as Generated. 18. Go back to the Change Roles page, and select the Users tab in the User Assignment section. 19. Enter the names of the users you want to assign to this role. 20. Click Save. 21. Click User comparison. The Complete Role Master Record page is displayed. 22. Click Complete comparison. 23. Click Save.
24. Check that the role was properly created and assigned. Checkpoint: Log on to the SCL system using the user you just assigned. You should be able to access transaction SIMGH and search for the entry Service Consumption Layer Administration You can logon to the SCL host with the administrator user you have created to configure the SCL components and content, and install consumer applications.
18
Creating a Service User to Access WSDL from SharePoint

WSDL is essentially an XML format for describing Web services interfaces. Using WSDL, a service provider can describe the functionality, quality of service requirements, and other features of a Web service, so that a potential requestor can understand how to correctly interact with the service. Note: For more information regarding the WSDL, refer to the SDN at http://www.sdn.sap.com/irj/sdn?rid=/webcontent/uuid/d99b2014-0b01-0010-a8a0aa830dbdf5e8
In this procedure, you will provide information to the SharePoint administrator. Open the Duet Enterprise Worksheet located at http://go.microsoft.com/fwlink/?LinkId=207604. You must access the WSDL from SharePoint using a specific user created for that purpose. To create the user: 1. On the SCL, open transaction SU01. 2. Enter a user name. For example, SP_Access. 3. Click Create. 4. Maintain all required data including password. 5. Do not assign any roles. 6. Click Save.
7. Enter this user name and password in the Duet Enterprise Worksheet, in the User name for WSDL access and Password for WSDL access rows. Checkpoint: Log on to the SCL system using the user you just created. Providing the password you just maintained, you should see the SAP Easy Access page.
2.3.2 Create and Assign SCL User Role

You create a role for a user with permissions and privileges for several tasks including the following: Analyze logs and identify potential issues with the SCL landscape. Install, configure, and maintain SCL components and applications that run on top of SCL. Configure and maintain users data including, roles, and user mapping. Use the following templates from the template list to create user roles for default SCL content: /IWCNT/RT_USER_REP: for a Reporting user /IWCNT/RT_USER_WF: for a Workflow user /IWCNT/RT_USER_SS: for a Starter Services user Note: You must be an SCL administrator or have an SAP user administrator to create the roles. For more information, see Changing roles on the SAP Help Portal.
19
To create users roles and assign them to users: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the 4. Click the Display icon. Execute icon to configure roles in the Role Maintenance. Copy Role.
3. Select User Settings > Define Role for SCL User.
5. In the Role field, enter SAP_BC_ENDUSER, and then click The Query page is displayed.
6. In the to role field, enter a name for the new role, for example, Z_WORKFLOW. 7. Click Copy all. The Role Maintenance page is displayed showing the role you just created. 8. Click Edit to change the role. 9. Select the Authorizations tab. 10. Click Change Authorization Data under the Maintain Authorization Data and Generate Profiles section. 11. Select Edit Insert Authorization(s) From template. The Choose Template page is displayed. 12. Select the /IWCNT/RT_USER_WF template from the list. 13. Click Generate.
The Generate profile dialog box is displayed. 14. Select the Generate option. 15. In the Assign Profile name for Generated Authorization Profile dialog, maintain the profile name according to your requirements. For example T- SCLWF550003. 16. Click the checkmark. The Change role: Authorizations page is displayed. The status of the profile is displayed as Generated. 17. Go back to the Change Roles page, and select the Users tab in the User Assignment section. 18. Enter the names of all users that have the Workflow, Reporting or Starter Services role assigned to it. 19. Click Save. 20. Click User comparison. The Complete Role Master Record page is displayed. 21. Click Complete comparison. 22. Click Save.
Once you have assigned the users to the relevant roles, you can log on with this user and work with it.
20
Note: Repeat these steps for all roles that you need. For example, Z_REPORTS for users that should get Reporting and Z_SAMPLESERVICES for users that should get Starter Services. Note: For the users performing the Grant user access to SAP workflow tasks procedure in SharePoint ONLY, make sure you assign the authorization object S_Service to the role. To assign the SAP_BC_WEBSERVICE_CONSUMER role to all end users: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the 4. Click the Display icon. Execute icon to configure roles in the Role Maintenance. Edit.
3. Select User Settings > Define Role for SCL User.
5. In the Role field, enter SAP_BC_WEBSERVICE_CONSUMER and click 6. Select the Users tab in the Role section. 7. Enter the names of the users you want to assign to this role. 8. Click Save. 9. Click User comparison. The Complete Role Master Record page is displayed. 10. Click Complete comparison. 11. Click Save.
Checkpoint: Take some of the users assigned to the different roles (for example, Z_REPORTS and SAP_BC_WEBSERVICE_CONSUMER), and make sure that you can log on successfully. To allow certain users to fetch roles from the SAP system: 1. Create a user as described in the To create users roles and assign them to users procedure above. 2. In step 12, instead of selecting the /IWCNT/RT_USER_WF template, select the S_USER_AGR the authorization object. 3. Continue with the procedure.
21
2. Installing Duet Enterprise 2.4 Activating BC Sets
2.4 Activating BC Sets

A Business Configuration Set (BC Set) is a management tool that allows users to record, save, and share customized settings. By creating a BC Set, the user is provided with a snapshot of the customized settings of a system that can be used later on as a template. Duet Enterprise provides four BC sets to make the content specific configuration easier by automating several of the procedures. It is recommended that you use and activate these four BC sets: /IWTNG/BC_GENERAL_CUSTOMIZING /IWTNG/BC_WORFKLOW /IWTNG/BC_SAMPLE_SERVICES /IWTNG/BC_REPORTING Note: You do not need to activate the BC sets to perform configuration. You can perform all configurations manually. This section describes how to activate the /IWTNG/BC_GENERAL_CUSTOMIZING BC set. For activating the other BC Sets, refer to the Configuring Duet Enterprise Specific Content section. After activating the BC Set, you can continue with the regular deployment flow. Procedures that have been automated by the BC set contain a note asking you to skip them. To activate the /IWTNG/BC_GENERAL_CUSTOMIZING BC set: 1. On the SCL, open transaction SCPR20. The Business Configuration Sets: Activation page is displayed. 2. In the BC Set field, press F4. 3. Select the /IWTNG/BC_GENERAL_CUSTOMIZING BC set. 4. Click the Activate icon. The Prompt for Customizing Request page is displayed. checkmark.
5. In the Request field, press F4. 6. Select a customizing request and click the The Activation Options page is displayed. 7. In the Select Activation Mode section, select the Expert Mode radio button. 8. Click the checkmark.
The /IWTNG/BC_GENERAL_CUSTOMIZING BC set is activated. Checkpoint: Refer to chapter Defining Consumer Issuer Certificate to check if customizing entries were done like outlined in each chapter.
22
2. Installing Duet Enterprise 2.5 Specifying Configuration Settings of the SharePoint Server
2.5 Specifying Configuration Settings of the SharePoint Server

You configure settings for SCL components and define how these settings interface with the SharePoint server. Requirements: Make sure that you installed the SCL components. The following is an overview of the configuration tasks: Configure the SLD Define settings for idempotent services (This means that the service call will be executed exactly once.) Define consumer issuer certificate Create RFC destination for outbound queues Register RFC destination Create bgRFC supervisor destination Check bgRFC configurations Create RFC destination for WSIL service Configure Web Service message-based authentication Prepare the models for consumer server
2.5.1 Configuring the SLD

System Landscape Directory (SLD) contains component information, a landscape description, and a name reservation, based on the standard Common Information Model (CIM), which is independent of your implementation. SLD communicates with a client application using HTTP. Optionally, you can configure SCL to connect to the SLD and to send data periodically about the system landscape. Note: Connecting the SCL to an SLD is optional. You can connect an SCL to an SLD only if there is an SLD in your system landscape. To establish connection to the SLD from the SCL: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the Display icon. Execute icon to configure the connection. 3. Select Connection Settings > Connect SCL to SLD. 4. Click the
For more information regarding the SLD, refer to the following link on the SAP Help Portal: Architecture Overview of Data Supplier. For more information on how to register an ABAP-based SAP system and its clients in the landscape description of the SLD, refer to the following link on the SAP Help Portal: Registering ABAP-Based SAP Systems.
23
2.5.2 Defining Settings for Idempotent Services

You configure idempotent services by scheduling a background job that ensures that request messages in SCL occur once. Idempotency guarantees delivery of synchronous messages exactly once. To define settings for idempotent services: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the Display icon.
3. Select Connection Settings > SCL to Consumer > Define Settings for Idempotent Services. 4. Click the Execute icon.
The Program SRT_WS_IDP_CUSTOMIZE page is displayed. 5. Enter the default values: for Period Hours in Document, the value is 6, and for Document ID, the value is 12. 6. Click the 7. Click the Execute icon. checkmark. A message confirming that the job has been scheduled is displayed.
Checkpoint: a. Open transaction SM37. The Simple Job Selection page is displayed. b. In the Job name field, enter SAP_BC_IDP_WS_SWITCH* . c. In the User name field, enter *. d. In the Job status section, select the Sched. checkbox. e. Click on Execute You should see some entries for the two jobs SAP_BC_IDP_WS_SWITCH_BD and SAP_BC_IDP_WS_SWITCH_BDID.
2.5.3 Creating RFC Destination for Outbound Queues

You must create a background remote function call (bgRFC) destination for communications in an outbound queue or an inbound queue respectively. To create bgRFC destination for Outbound Queue: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the Display icon.
3. Select Connection Settings > SCL to Consumer > Create RFC Destination for Outbound Queues. 4. Click the Execute icon.
The Configuration of RFC Connections page is displayed.
24
5. Click the
Create icon. The RFC Destination page is displayed. 6. In the RFC Destination field, enter IWFND_BGRFC_DEST.
7. In the Connection Type field, enter 3.

8. In the Description 1 field, enter RFC Destination for Outbound Queues. 9. Press Enter, and select the Special Options tab. 10. In the Select Transfer Protocol section, select Classic with bgRFC from the list. 11. Click Save. A warning message is displayed. 12. Click Yes, and select Connection test. Information about the connection type is displayed.
2.5.4 Registering the bgRFC Destination for Outbound Queue

You register the bgRFC destination to efficiently handle communications. To register the RFC Destination for Outbound Queue: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the Display icon.
4. Select Connection Settings > SCL to Consumer > Register RFC Destination for Outbound Queues. 5. Click the Execute icon. The bgRFC Configuration page is displayed. 6. Select the Define Inbound Dest. tab. 7. Click Create. The Configure Inbound Destination page is displayed. 8. In the Inb. Dest. Name field, enter IWFND_BGRFC_DEST. 9. Press Enter and then click Save. 10. In the New Prefix field, enter IWFND_CNP and click Create, repeat the step using IWCNT_WF. 11. Click 13. Click Save. Create. 12. Select the Scheduler Destination tab. A message asking if you want an outbound or inbound destination is displayed. 14. Click Inbound. The Create Scheduler Settings for Inbound Destination page is displayed. 15. In the Destination field, enter IWFND_BGRFC_DEST. 16. Click Save. 17. In the bgRFC destination page, click Save.
25
2.5.5 Creating bgRFC Supervisor Destination

The supervisor destination for bgRFC that you create receives the configuration settings for the bgRFC scheduler. In addition, it starts or stops the schedulers as required. Note: The bgRFC supervisor user you specify must have authorizations from authorization object S_RFC. These are defined in role SAP_BC_BGRFC_SUPERVISOR. To create the bgRFC Supervisor Destination: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the Display icon. 3. Select Connection Settings > SCL to Consumer > Create bgRFC Supervisor Destination. 4. Click the Execute icon. The bgRFC Configuration page is displayed. 5. Select the Define Supervisor Dest. tab. 6. Click Create. The Create bgRFC Destination for Supervisor page is displayed. 7. In the Destination Name field, enter BGRFC_SUPERVISOR. 8. In the User Name field, enter a user name, for example, BgRFC_user. 9. Select the Create User checkbox. 10. Press Enter. 11. Select the Generate Password checkbox. 12. Click Save. Save.
13. In the bgRFC destination page, click
2.5.6 Checking bgRFC Configurations

You must check the settings specified to ensure the efficiency the bgRFC. To check the bgRFC settings: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the Display icon. 3. Select Connection Settings > SCL to Consumer > Check BgRFC Configurations. 4. Click the Execute icon. The BgRFC Configuration Check Results page is displayed. 5. Click the checkmark.
26
2.5.7 Creating RFC Destination for WSIL Service

You create an RFC destination for the Web Service Inspection Language (WSIL) service on the SCL server. To create an RFC destination for WSIL services: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the Display icon.
3. Select Connection Settings > SCL to Consumer > Create RFC Destination for WSIL Service. 4. Click the 5. Click Execute icon. The Configuration of RFC Connections page is displayed. Create. The RFC Destination page is displayed. 6. In the RFC Destination field, enter IWFND_WSIL_LOCAL_DEST. 7. In the Connection Type field, enter H and then click the 9. Press Enter. 10. In the Target Host field, enter the SCL Host. 11. In the Service No. field, enter the HTTP Port. 12. In the Path Prefix field, enter the path of the local WSIL Service. For example, /sap/bc/srt/wsil. Note: The SAP/BC/SRT/WSIL service must be activated via SICF. To obtain the WSIL URL: a. Log on to the SCL system you specified as a provider, and enter transaction SICF. b. In the Type Hierarchy field, enter SERVICE. c. Enter WSIL for the service name. d. Click Execute. The WSIL service should now be listed. The default value for the URL is: http://<host_name:port>/sap/bc/srt/wsil Note: The WSIL service lists the configuration of all Web services exposed by the system. Note: You can double-click on the service to obtain the URL. 13. Click Connection Test. 14. Click Save. Checkpoint: Click Connection test. The result in the Test Result tab should contain the Status HTTP Response 200. checkmark.
8. In the Description field, enter RFC Destination for WSIL Service.
27
2. Installing Duet Enterprise 2.6 Establishing Connections to an SAP System and the SharePoint Server
2.6 Establishing Connections to an SAP System and the SharePoint Server

Note: For Duet Enterprise, the Consumer is SharePoint. The IMG refers to Consumer because it is a generic tool. You must define and configure settings for connecting the SCL to both your SAP system and to the SharePoint server. There are different ways in which these two systems can communicate between themselves: SharePoint to SCL connection SharePoint communicates with the SCL via HTTPS Web service calls. For this to be possible, Services and end-points need to be created and released on the SCL server (refer to Release Duet Enterprise Services). You also need to configure SAML (refer to Configuring the SCL Host to use SAML Authentication) SCL to SharePoint connection The SCL sends data to SharePoint via HTTPS logical ports which are scenario specific. For this, an SSL trust has to be established (refer to Create Consumer Proxy for Reporting and Create Consumer Proxy for Workflow). SCL to SAP system connection The SCL can communicate with the SAP systems in two ways: via HTTP/Web service calls (Type G RFC destinations) and classic ABAP RFC calls (Type 3 RFC destinations). a. Type G RFC calls are used for Starter Services (refer to Create Type G RFC Destination to the SCL). For this, the SCL system has to trust the certificates of the SAP system (refer to the Duet Enterprise Security Guide at SAP Service Marketplace at: http://service.sap.com/instguides SAP Business Suite Applications Duet Enterprise Duet Enterprise 1.0.) b. Type 3 RFC destinations are used by Reporting, Workflow and Starter Services. (Refer to Create a Type 3 RFC destination on SCL Host to SAP System). For this the SCL has to be configured as a trusted system in the SAP system. (Refer to Defining Trust between the SCL Host and your SAP Systems for Type 3 connections) SAP system to SCL connection The SAP system uses HTTPS / Web service calls to communicate to the SCL. This is used by Workflow (refer to Create a Logical Port) and Reporting (refer to Create a Logical Port). For this a SSL trust has to be established (refer to the Duet Enterprise Security Guide at SAP Service Marketplace at: http://service.sap.com/instguides SAP Business Suite Applications Duet Enterprise Duet Enterprise 1.0) and the SCL has to accept certificates from the SAP system (see Configuring the SCL Host to Accept Assertion Tickets from SAP Systems)
28
2.6.1 Configuring the SCL Host to use SAML Authentication

You configure the SCL host to enable authentication for users from the SharePoint server using SAML tokens. Requirements Make sure that you have configured the following: User mapping records. A Security Token Service to issue SAML tokens. The use of SSL between the SCL host and the consumer server. The use of SSL between the SCL host and the Security Token Provider system. The use of SAML authentication in the consumer server and clients. The following is an overview of the sequence of tasks for configuring the use of SAML in the SCL host: 1. Enable message-based Web service authentication. 2. Specify the Security Token Provider system as a trusted system. For more information about configuring the Security Token Provider system as a trusted system in the SCL landscape, refer to the Service Consumption Layer: SAP Security Guide at SAP Service Marketplace at: http://service.sap.com/instguides SAP Business Suite Applications Duet Enterprise Duet Enterprise 1.0.
Enable Message-Based Authentication

Message-based Web services go to the Internet Communication Framework (ICF) to perform the logon using a technical user DELAY_L_<SID> stored in the ICF. As the ICF cannot access SOAP data, it cannot logon directly using the authentication data in the SOAP document. You must create the DELAY_L_<SID> user without any authorizations in a secure storage. The user DELAY_L_<SID> gains access, and the SCL host evaluates the sent token. If the user name and password match, the SCL host performs a user exchange and logs on the user specified in the token. To enable message-based authentication: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the Display icon.
3. Select Connection Settings > SCL to Consumer > Configure Web Service MessageBased Authentication. 4. Click the Execute icon The Configuration of WSS_SETUP page is displayed. 5. Select ICF Node Update. Note: If this is the first time you run this activity, the ICF Node Update checkbox is not available. Skip this step, and after the procedure is complete, go back to Connection Settings > SCL to Consumer > Configure Web Service Message-Based Authentication and click the Execute icon again.
29
This option specifies and repairs the user, DELAY_L_<SID> in all ICF nodes. This may be necessary if the user DELAY_L_<SID> has been locked or changed, or if its password has been changed. 6. Select Provider Configuration in the Secure Token Service (Service Conversation) section. This is a dedicated service required to obtain the SecureContentToken. 7. Specify the following in the WS Security Options section: Algorithm Suite: Select TripleDesSha256RSA15 for the algorithm suite. Note: Make sure that TripleDesSha256RSA15 is listed. If it is not listed, check the SSFLIB Version using transaction STRUST, then go to Environment Display SSF Version. You need SSFLIB Version 1.555.28 or higher, using an updated SAPCrypto Lib. Clock Skew: Specify the value 120, this is the tolerance to compensate for time difference between the consumer server and the SCL host. Select Detect message replays to detect and prevent Web service messages that are being called repeatedly. SAML 1.1 Trust: Choose Use SAML Trust. 8. In the Test Run section, unselect Test Run, and click multiple times. Execute. You can run this report
The result displays many details, including, the list of services activated and the message: Configuration for WS Security logon successfully checked. Note: On the first run there might be an error due to missing users. It is recommended to run it a second time to ensure that no errors are displayed. Note: If the provider configuration cannot be created, open transaction SICF and activate node /sap/bc/srt/xip/sap. Checkpoint: a. Run the WSS_SETUP again by executing steps 1 to 4. b. Leave all settings as default and click on Algorithm Suite:TripleDesSha256Rsa15 Clock Skew(sec):120 Detect message replays SAML 1.1 Trust:SAML2 execute. The following lines should be displayed in the WS Security Options section:
Specify the Security Token Provider System as a Trusted System

To complete this procedure, you will require input from the SharePoint administrator. Open the Duet Enterprise Worksheet located at http://go.microsoft.com/fwlink/?LinkId=207604. From the SCL host you define the STS host as a trusted system by importing its signed certificate as proof of the identity of the STS system.
30
For information about configuring the STS host as a trusted system, see the Service Consumption Layer: SAP Security Guide at SAP Service Marketplace at: http://service.sap.com/instguides SAP Business Suite Applications Duet Enterprise Enterprise 1.0. Requirements: Make sure that you have:
Duet
Activated HTTP security session using transaction SICF_SESSIONS. A list of all of the clients that exist in the system appears. Select the relevant client and choose Activate. Information about the STS issuer name, and STS public-key certificate, as you need to provide details of the STS system in the SCL host. This information has to be provided by the SharePoint administrator. You use the SAML 2.0 wizard, a browser application, to do the following: Specify the local provider information. Configure HTTP security in the SCL host. Specify the Web service policy To specify the local provider details: Note: If you have SAML 2.0 support enabled, you can skip steps 6-9 in this procedure. 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the Display icon.
3. Select Connection Settings > SCL to Consumer > Configure Consumer STS. 4. Click the Execute icon.
The SAML 2.0 Local Provider Configuration wizard is displayed using the URL: https:/<SCL_hostname:port>/sap/bc/webdynpro/sap/saml2 Note: You need the user and password to logon. 5. Click Enable SAML 2.0 Support. The SAML 2.0 Local Provider Configuration is displayed. 6. Enter the following in Initial Settings and click Next: Provider Name: Enter the provider name, making sure there are no spaces in the name. For example, SCL_Provider. Operation Mode: Do not change the specified value, Service Provider. 7. In General Settings, enter 120 in Clock Skew Tolerance and click Next. 8. In Service Provider Settings, specify the following (default settings): In the Selection Mode field under Identity Provider Discovery, select Manual. In the Affiliation Name field under, do not make any change. In the Supported Bindings field under Assertion Consumer Service, select HTTP POST, HTTP Artifact, and PAOS. In the Supported Bindings under Single Logout Service, select HTTP Redirect, HTTP POST, HTTP Artifact, and SOAP. Under Artifact Resolution Service, select Enabled in Mode, and specify 60 in Artifact Validity Period.
31
9. Click Finish. A summary of the local provider details in the SAML 2.0 Configuration wizard of ABAP System:<system_name>/<client_number> is displayed.
To configure HTTP security in the SCL host: 1. Select the Trusted Providers tab and do the following: In Show under List of Trusted Providers, choose Secure Token Services, click Add, and then select Manually. The New Trusted Secure Token Services Provider wizard is displayed. In the Name field, enter SharePoint and click Next. This a unique name identified by the SAML Issuer attribute in a SAML assertion. Click Browse and then Upload File and specify the location of file for the signed certificate from the STS system, and then click OK. Upload the STS file from SharePoint. Open the Duet Enterprise Worksheet and copy the file information from the SSL certificate file name and location row. 2. Click Next in Signature and Encryption. Information about the signing certificate is displayed. 3. Click Next. The Endpoint page is displayed. 4. Click Add; the following details about the STS system display: In the Provide Location URL field, enter the URL of the STS system. For example, http://<WebApp URL in the farm>/_vti_bin/sts/spsecuritytokenservice.svc/windows In the MEX URL field, enter the MEX URL for the STS system: For example, , http://<WebApp URL in the farm>/_vti_bin/sts/spsecuritytokenservice.svc?wsdl Note: The name of the <WebApp URL in the farm> has to be handed over from the SharePoint administrator in the Duet Enterprise Worksheet, in row URL to Web application for report router site. 5. Click Finish. 6. From the Trusted Provider tab, select the STS system, and then click Edit. The Details of Security Token Provider <Name_of_Provider> page is displayed. 7. For Supported SAML Versions, select SAML 1.1, and make sure that SAML 2.0 is not selected. 8. Set the Assertion-Validity (Holder-of-Key) to the value defined in SharePoint, by default 600. 9. Select the Identity Federation tab, and then click Add. 10. Select Unspecified from the list in Supported NameID Formats and click OK. 11. In Source under Details of NameID Formats <Unspecified>, select Mapping in USREXTID Table from the list. 12. Click Save and then click Enable.
32
To specify the Web service policy: 1. From the Policies tab, select Web Service Policies from the list. The list contains STS entries from the table WSS_STS_URL_TAB. 2. Click Add. The SAML 2.0 Configuration window is displayed. 3. In the Policy name field, enter SharePoint. 4. Select the name of the STS provider from the list in Security Token Service Provider. 5. Select the placeholder URL of the STS system from the list in STS Location URL. The MEX URL is automatically added. 6. In SAML Type, select Asymmetric consumer key, STS as a tester, and in SAML Version select SAML 1.1, and then click OK. Note: Write down the Policy name as you will need it when importing the SAML profile in SOAMANAGER.
Defining Consumer Issuer Certificate

Note: If you activated the BC_GENERAL BC set, these settings should already be available. There is no need to perform this procedure. You must configure the SCL host to identify the SAML token issuer for the users in a specific consumer server. By doing so, you enable the SCL host to map users correctly between the specific consumer and SCL. To define consumer issuer certificate: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the Display icon.
3. Select Connection Settings > SCL to Consumer > Define Consumer Issuer Certificate. 4. Click the Execute icon.
The Define Consumer Details page is displayed. 5. Click New Entries. 6. In the Consumer Type field, press F4, and select SHAREPOINT_INT. 7. In the Issuer Name field, enter SharePoint. Note: this entry is case sensitive. 8. In the Issuer Certificate field, enter CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US 9. Click Save. The SCL maps users in a specific consumer server to SCL users based on the SAML token issued by an STS.
33
Configuring the Use of SSL between the SCL Host and SharePoint
To complete this procedure, you will require input from the SharePoint administrator. Open the Duet Enterprise Worksheet located at http://go.microsoft.com/fwlink/?LinkId=207604
You configure the SCL host, SAP NetWeaver AS ABAP, to use SSL for communications with SharePoint. For more information about SSL settings in the SCL landscape, see the Service Consumption Layer: SAP Security Guide at SAP Service Marketplace at: http://service.sap.com/instguides SAP Business Suite Applications Duet Enterprise Duet Enterprise 1.0. Requirements Make sure that you have: Information about the SSL public-key certificate, you need to provide details of the SSL system in the SCL host. To implement SSL for use between the SCL host and the consumer server, you must configure SSL in the two systems. Configure the SharePoint server to use SSL. To configure SSL for use in the SharePoint server, see the specific SharePoint server documentation. Configure the SCL host to use SSL. If you have already configured the SCL host to use SSL, you can skip the following procedures. To configure the use of SSL in the SCL host: 1. On the SCL, open the Service Consumption Layer Administration IMG, and select Connection Settings > SCL to Consumer > Manage Security Trust. 2. Click the Execute icon.
The Trust Manager page is displayed. 3. Generate key pairs for SSL. a. Right-click on SSL server Standard. b. Click Create. c. Maintain the correct data for Name, Org, Comp, Country, CA, Algorithm and Key Length checkmark. and click the d. If needed adjust the Distinguished Name for the displayed hosts and click the checkmark. Note: A self signed certificate is created. If required, you can sign this certificate by a Certificate Authority.
34
Note: Make sure that an HTTPS port is set in the profile parameters as shown in the Configuring the AS ABAP for Supporting SSL help topic found at: http://help.sap.com/saphelp_nw70ehp2/helpdata/en/49/23501ebf5a1902e10000000a42 189c/frameset.htm. To verify that the HTTPS port is active: i. Open transaction SMICM. The ICM Monitor page is displayed. ii. From the menu bar, select Goto > Services. The ICM Monitor Service Display page is displayed. iii. In the Active Services table, check that the HTTPS entry is Active. 4. Export the SSL server certificate. a. Under SSL server (Standard), double-click the certificate displayed. The Own certificate is displayed. b. Double click on the certificate. The certificate is displayed in the Certificate area. c. Click Export Certificate. d. In the File path field, enter a file name, for example, C:\SCL-SSL.cer. e. In the File format section, select the Binary radio button. f. Click the checkmark to export the certificate to the file system. g. Add the certificate name and location to the Duet Enterprise Worksheet, in the SSL Certificate location and file name row. 5. Import the certificate. a. Right-click SSL client SSL Client (Anonymous) and select Create. b. Click the d. Click checkmark. Import Certificate. c. Double-click the certificate displayed. The Import Certificate page is displayed. e. Enter the SharePoint SSL server certificate. To find the certificate, see the Duet Enterprise Worksheet, SSL certificate file name and location row. Note: The imported certificate must be in .CER format. f. Click the checkmark. Save. g. Click Add to Certificate List. h. Click i. Repeat this procedure steps for all the certificates you received from the SharePoint administrator. Checkpoint: To verify that the SharePoint SSL certificate was successfully created, create an RFC type G destination to the SharePoint server (for further information, refer to the Create Type G RFC Destination to the SCL section). Perform a connection test, and make sure that you do not get any ICM_HTTPS_SSL certificate error.
35
2.6.2 Mapping User Data in the SAP System and the SharePoint Server
User mapping maps a user ID in the SharePoint server to the user ID in the SAP system for the same user. User mapping is required if users have different user IDs in the SCL host and in the SharePoint server; passwords are not mapped. If the user ID on the SharePoint is domain\username and in the SAP system it is only username this is still considered as being different user IDs. The user's ID in the SharePoint server and the users ID in the SCL host are stored in the user's logon ticket for single sign-on. When the user tries to access an SAP system, the system extracts the user ID from the logon ticket.
Mapping User Data when the User IDs in SharePoint and the SCL Host are the Same
If the usernames on SharePoint are the same as on the SCL server, you do not have to connect the SCL to the Active Directory Domain Service to perform mapping. Instead, you can use the BAdI included in Note 1542681 and perform the steps below. To map the SAP user names to SharePoint: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click 5. Click Display. Execute.
4. Select Consumer Settings > Map SAP User Names to Consumer. The Enter Correct SNC Names in Table View VUSREXTID page is displayed. 6. In the External ID Type field, select SA. 7. In the Prefix of External Name field, enter SharePoint:: domain, where DOMAIN is the domain in which the users are located, for example, SharePoint::devwdf24 8. In the Suffix of External Name field, delete any existing data. 9. In the Optional: Name of Issuer field, enter CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US (This is the Issuer name of the SharePoint Security Token Service certificate that you previously imported when running the SAML2 Wizard.) Note: You cannot use the F4 help here. 10. Select the BAdI Implementation radio button. 11. In the BAdI Implementation field, press F4 and select Simple bulk user mapping. 12. Under Further Options, deselect the Test Mode checkbox. 13. Click Execute. The Enter Correct SNC Names in Table View VURSEXTID page is displayed. 14. Check that the Number of External Names Added is greater than 0. Checkpoint: a. Open transaction SM30. b. In the Table/View field, enter VUSREXTID.
36
c. Click
Display.
The Determine Work Area: Entry page is displayed. d. In the External ID Type field, enter SA. e. Click the checkmark. The Assignment of External ID to Users table is displayed. It should include a list of all the users that were mapped.
Mapping User Data when the User IDs in SharePoint and the SCL Host are Different
To create an RFC destination for the LDAP connection: 1. On the SCL, open transaction SM59 The Configuration of RFC Connections page is displayed. 2. Click Create. The RFC Destination page is displayed. 3. In the RFC Destination field, enter a name for the RFC destination, for example, RFCDEV24DC1. 4. In the Connection Type field, enter T. 5. In the Description field, enter a description, for example, Connection to DEVWDF24 for LDAP Sync. 6. Click Edit.
7. Select the Technical Settings tab. 8. Under the Activation Type section, select the Registered Server Program radio button. 9. In the Program ID field, enter a program ID, for example, PROG-DEVWDF24. 10. In the Gateway Options section, enter the following information: Gateway Host: <host of the SCL server>, for example, vmw2065.wdf.sap.corp Gateway service: <port of the SCL server>, for example, sapgw<Sys NR> 11. Click Connection Test. The test will fail at first with a Logon Connection Error message. To create a user for the LDAP connection: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click 5. Click Display. Execute.
4. -Select Consumer Settings -> Configure LDAP Server for Mapping Users. The Directory Service Connection page is displayed. 6. Click System Users.
37
The Display View LDAP System User: Details page is displayed. 7. Click Edit.
8. Click New Entries. The New Entries: Details of Added Entries page is displayed. 9. In the User ID field, enter the name of a system user, for example, SCL-DEV24. 10. In the Distinguished Name field, enter the service user used to connect to the ADS and read user entries, for example, devwdf24\d044410. 11. In the Credentials checkbox, click Edit. The System User dialog box is displayed. 12. In the Password field, enter the password for the user name previously entered. 13. In the Repeat Password field, enter the password for the user name previously entered again. 14. Click the checkmark.
To configure the LDAP server the LDAP connection: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click 5. Click Display. Execute.
4. Select Consumer Settings -> Configure LDAP Server for Mapping Users. The Directory Service Connection page is displayed. 6. Click LDAP Servers. The Display View Server Names: Details page is displayed. 7. Click Edit.
8. Click New Entries. The New Entries: Details of Added Entries page is displayed. 9. In the Server Name field, enter a name for the server, for example, SRV-DEV24DC1. 10. In the Host Name field, enter the name of the ADS server, for example, dev24dc1.wdf.sap.corp. 11. In the Port Number field, enter the port number of the ADS server, for example, 389. 12. From the Product Name drop-down list, select Microsoft Windows 2003 Active Directory (Domain Mode) (even if you have ADS 2008, see Note 983808). 13. From the Product Version drop-down list, select LDAP Version 3. 14. From the LDAP Application drop-down list, select User. 15. Select the Default checkbox. 16. In the Base entry field, enter: the base entry on which the users are stored in the ADS, for example, CN=Users,DC=dev24,DC=dev-wdf,DC=sap,DC=corp. 17. In the System logon field, press F4 and select the previously created user (SCL-DEV24).
38
18. Click
Save.
To activate the LDAP connection: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click 5. Click Display. Execute.
4. Select Consumer Settings -> Configure LDAP Server for Mapping Users. The Directory Service Connection page is displayed. 6. Click LDAP Connectors. The Display View LDAP Connector (Maintenance View): Details page is displayed. 7. Click 8. Click the Edit. checkmark.
A message is displayed warning you that the table is cross-client. 9. Click New Entries. The New Entries: Details of Added Entries page is displayed. 10. In the Connector Name field, press F4 and select the previously created RFC destination, for example, RFC-DEV24DC1. 11. In the Application Server field, press F4 and select the active instance, for example, vmw2065_DUE_00. 12. From the Status drop-down list, select Connector is active. 13. From the Trace Level drop-down list, select Trace Off. 14. Leave the Max. Retention Period and the Code Page fields blank. 15. In the Page Size field, enter a page size (entries per page) if your ADS has more than 1000 entries, for example, 200. 16. Click 17. Click Save. Start Connector.
The Current Status icon should change to yellow. 18. Click Save.
The Current Status icon should change to green To configure the user mapping types: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click Display.
4. Select Consumer Settings > Select User Mapping Type.
39
5. Click
Execute.
A message informing that individual entries cannot be put into the change request is displayed. 6. Click the checkmark. The Change View Configuration table for Bulk User Mapping: Overview page is displayed. 7. Click New Entries. The New Entries: Overview of Added Entries page is displayed. 8. In the LDAP/FILE based user mapping column, open the drop-down list and select LDAP based user mapping. 9. In the Config Index column, check the currently existing entries, and enter the next highest number. If this is the first entry, enter 1. 10. In the LDAP server: symbolic name column, enter the value specified in the To configure the LDAP server the LDAP connection section above, for example, SRV-DEV24DC1. 11. In the LDAP Attribute for BE Name column, enter the ADS field in which the SAP usernames are stored. If the user name used in the ADS and in the SAP System is the same, enter SAMACCOUNTNAME. 12. Select the Active/Inactive checkbox. 13. Click Save.
Checkpoint: Verify that the RFC destination is now working. a. Open transaction SM59. b. The Configuration of RFC Connections page is displayed. c. Open the TCI/IP Connections module. d. Select the RFC destination previously created, RFC-DEV24DC1. e. Click Connection Test. The Connection Test should now work fine. To map the SAP user names to SharePoint: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click Display. Execute.
4. Select Consumer Settings > Map SAP User Names to Consumer. 5. Click The Enter Correct SNC Names in Table View VUSREXTID page is displayed. 6. In the External ID Type field, select SA. 7. In the Prefix of External Name field, enter SharePoint:: 8. In the Suffix of External Name field, delete any existing data. 9. In the Optional: Name of Issuer field, enter CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US (This is the Issuer name of the SharePoint Security Token Service certificate that you previously imported when running the SAML2 Wizard.)
40
2. Installing Duet Enterprise 2.7 Creating Endpoints for Duet Enterprise Services
Note: You cannot use the F4 help here. 10. Select the BAdI Implementation radio button. 11. In the BAdI Implementation field, press F4 and select SharePoint Integration bulk user mapping. 12. Under Further Options, deselect the Test Mode checkbox. 13. Click Execute. The Enter Correct SNC Names in Table View VURSEXTID page is displayed. 14. Check that the Number of External Names Added is greater than 0. Checkpoint: a. Open transaction SM30. b. In the Table/View field, enter VUSREXTID. c. Click Display. The Determine Work Area: Entry page is displayed. d. In the External ID Type field, enter SA. e. Click the checkmark. The Assignment of External ID to Users table is displayed. It should include a list of all the users that were mapped.
2.7 Creating Endpoints for Duet Enterprise Services

You must create endpoints for the Web services used by SharePoint to access the SAML token profiles. This configuration defines the link between SharePoint and the service consumption layer.
Prerequisites
An RFC destination for WSIL must be created. For information about creating an RFC destination, refer to the Creating RFC Destination for WSIL Service section.
2.7.1 Creating and Activating Endpoints for all Scenarios

1. On the SCL, open the Service Consumption Layer Administration IMG. Display icon. Execute icon. 2. Click the 4. Click the 3. Select Connection Settings > SCL to Consumer > Configure Service Endpoint. The SOA Management page is displayed. 5. Click Profile Management. The SOA Management page is displayed. 6. Click Import. 7. Find the profile_DUET_ENTERPRISE_ASSERTION.XML file on the DVD and click Import.
41
The import wizard is displayed. 8. Enter the profile name and click Next. 9. Make sure the WS-A Message ID radio button is selected and click Next. 10. Check the default transport settings and click Next. 11. Make sure the Single Sign-On using SAP Assertion Ticket and the Secure Communication Only checkboxes are selected and click Finish. An SOA Management dialog box is displayed prompting you to activate the profile. 12. Click Yes.
2.7.2 Create the Duet Enterprise SAML Profile

Security Assertion Markup Language (SAML) is a standard that defines a language to exchange security information between partners. You create a SAML profile to enable authentication for users from the SharePoint server using SAML tokens. 1. On the SCL, open the Configure Service Endpoint activity as explained in the procedure above. The SOA management page is displayed. 2. Click Profile Management. The SOA management page is displayed. 3. Click Import. 4. Enter the path to the profile_DUET_ENTERPRISE_SAML.XML file and click Import. The import wizard is displayed. 5. Enter the Duet Enterprise SAML profile name click Next. 6. Make sure the WS-A Message ID radio button is selected and click Next. 7. Check the default transport settings and click Next. 8. Select the Single Sign-On using SAML checkbox. 9. In the SAML Issuer field, press F4 and select the SAML Issuer created by the SAML2 wizard A restrictions page is displayed. 10. In the STS Identifier field, enter the STS Identifier and click OK. 11. Select the Secure Communication Only checkbox and click Finish. An SOA Management dialog box is displayed prompting you to activate the profile. 12. Click Yes. NOTE: Make sure that the SAML Issuer in the Security tab is the SAML issuer created by the SAML2 wizard and not the default issuer that comes by default with the profile_DUET_ENTERPRISE_SAML.XML.
42
2.7.3 Release Duet Enterprise Services

1. Open Note 1526334 and save the scenario_DUET_ENTERPRISE_ALL file to your machine. 2. On the SCL, open transaction SIMGH. 3. Select the Service Consumption Layer Administration IMG. 4. Click the 6. Click the Display icon. Execute icon.
5. Select Connection Settings > SCL to Consumer > Configure Service Endpoint. The SOA Management page is displayed. 7. Click Profile Management. 8. Check that both the DUET_ENTERPRISE_SAML and the DUET_ENTERPRISE_ASSERTION profiles appear in the Profile Management page. 9. On the SOA Manager main page, select the Service Administration tab. 10. Click the Business Scenario Configuration link. The Business Scenario Configuration page is displayed. 11. Click Import. 12. In the Enter File Path field displayed, enter the path to the scenario_DUET_ENTERPRISE_ALL file you saved in step 1. 13. Click Import. The Business Scenario wizard is displayed. 14. Click Next to move to the Provider side step. 15. Make sure the following services appear in the list displayed: a. Configured as SAML Reporting:
IWXManageReports_In_V1
Workflow:
IWXUserSubscriptionService IWXWorkFlowConsumerService Starter Services: IWXManageCustomerIn IWXManageCustomerInquiryIn IWXManageCustomerQuotationIn IWXManageEmployeeIn IWXManageProductIn

General
IWXRead_UserRoles_in IWXRoleSearch_In
43
b. Configured as SAP Assertion:
ActionItemVi_Document RepAdapterWSVi_Document RMWrapperVi_Document

16. Click Next to move to the Consumer side step. 17. Click Finish. A dialog box is displayed asking if you want to activate the profile immediately. 18. Click Yes. 19. Click Start request queue processing to start the queue processing and release all endpoints. 20. If you get errors for the three SAP Assertion services (ActionItemVi_Document, RepAdapterWSVi_Document, RMWrapperVi_Document), check the SSL configuration on the SCL server described in section To configure the use of SSL in the SCL host, in the Configuring the Use of SSL between the SCL Host and SharePoint section. After fixing the SSL configuration, click Deactivate and then Activate for the DUET_ENTERPRISE_ALL Business Scenario configuration. Checkpoint: a. On the SCL, open transaction SIMGH. b. Select the Service Consumption Layer Administration IMG. c. Click the e. Click the f. Display icon. Execute icon. d. Select Connection Settings > SCL to Consumer > Configure Service Endpoint. In the SOAMANAGER, select the Service Administration tab and click the Single Service Configuration link. The Web Service Administration page is displayed. g. In the Search Pattern field, enter any of the services listed above (for example, IWXManageReports_In_V1). h. Click Go. i. j. Select this service from the Search Results table and click Apply Selection. In the Details of Service Definition section, select the Configurations tab. A table should be displayed with at least one Endpoint with Creation type Created based on profile and Endpoint Binding_T_HTTPS_A_WSSE. k. Select the Overview tab. l. From the Select Binding drop-down list, select xxx::Binding_T_HTTPS_A_WSSE m. Click the Open WSDL document for selected binding or service link.
44
n. Make sure that the following lines are displayed in the WSDL document: <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesSha256Rsa15 /> </wsp:Policy> </sp:AlgorithmSuite> <sp:RequestSecurityTokenTemplate> <wst:KeyType>http://docs.oasis-open.org/ws-sx/wstrust/200512/PublicKey</wst:KeyType> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile1.1#SAMLV1.1</wst:TokenType> </sp:RequestSecurityTokenTemplate Note:If you encounter a problem with this: i. Disable the DUET_ENTERPRISE_ALL profile as mentioned in step 20. ii. Check the SAML configuration once more. iii. Clean the ICM cache by executing transaction SE37 > ICFBUFFER_INIT iv. Activate the DUET_ENTERPRISE_ALL scenario again. v. Perform the checks mentioned above again.
2.7.4 Loading and Preparing the BDC Models

To retrieve data from the SAP system and display them in Microsoft SharePoint, SAP delivers BDC (Business Data Catalog) models and resources. These BDC models are in the form of XML files that contain links to the SAP system, and which can be consumed by the SharePoint environment. You can also generate your own models to retrieve various kinds of data from the SAP system. These models must be entered into the database and generated into a format so that they can be consumed in the SharePoint environment.
To complete this procedure, you will require the Duet Enterprise Worksheet located at http://go.microsoft.com/fwlink/?LinkId=207604
Note: Before uploading the new BDC models it is recommended to delete all previously existing models or resources (for example, due to an older system copy).
45
To delete previously existing models: 1. On the SCL system, open transaction SIMGH. 2. Select the Microsoft SharePoint Integration Activities IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select BDC Publisher > Create Models. The Display View View for customizing BDC Model: Overview page is displayed. 6. Click Select All.
All the entries in the View for customizing BDC Model table are selected. 7. Click Delete (or press <Shift> + F2). 8. Click Save.
9. Return to the IMG and select BDC Publisher > Create Mapping Between Services and BDC Models. The Display View View for mapping BDC/Resource with services: Overview page is displayed. 10. Click Select All.
All the entries in the View for mapping BDC/Resource with services table are selected. 11. Click Delete (or press <Shift> + F2). 12. Click Save.
To upload the new BDC models: 1. On the SCL system, open the Microsoft SharePoint Integration Activities IMG. 2. Click the Display icon.
3. Select BDC Publisher > Load BDC and Resources to Database. 4. Click the Execute icon. Execute icon.
The Load Models and Resources to Database page is displayed. 5. Browse for the ZIP file containing the BDC models and click the
The ZIP file is created after running the setup.exe file and is saved at the following location on the SharePoint server by the SharePoint administrator: \Program Files\Duet Enterprise\1.0\SAP Service Models > SAP Service Models.zip.
The following models are provided: Account.xml AccountDocumentStorageCategory.xml AccountDocumentTypeStatus.xml AccountDocuments.xml AccountTitle.xml
46
BOM.xml Contact.xml ContactTitle.xml CountryCode.xml CustomerInquiry.xml CustomerInquiryItem.xml CustomerInquiryPartner.xml CustomerQuotation.xml CustomerQuotationItem.xml CustomerQuotationPartner.xml Employee.xml InquiryItemDocument.xml InquiryItemDocumentStorageCategory.xml InquiryItemDocumentTypeStatus.xml JobFunction.xml Product.xml ProductDocument.xml ProductDocumentStorageCategory.xml ProductDocumentTypeStatus.xml QuotationItemDocument.xml QuotationItemDocumentStorageCategory.xml QuotationItemDocumentTypeStatus.xml ReportTemplate.xml Role.xml UserRoles.xml UserSubscription.xml Workitem.xml 6. Check that all the models are properly uploaded. 7. In the IMG, select BDC Publisher > Create or Update Properties of BDC Models. 8. Click the Execute icon. Save.
9. In the Change View View for maintaining BDC Property: Overview page, enter an SSL-enabled URL to SharePoint for PropertyID SharePointResourceUrl and click
Note: You can find this URL on the URL to Web application for report router site row of the Duet Enterprise Worksheet. 10. In the IMG, select BDC Publisher > Generate BDC and Resource Files. 11. Click the Execute icon.
12. Enter your criteria for generating the BDC models. a. Select the Generate Models Automatically radio button to specify a namespace and generate the BDC models automatically for the scenarios you specify.
47
If you used the profile and business scenario configured delivered on the DVD, then all the endpoints are created with the namespace Binding_T_HTTPS_A_WSSE. b. Select the checkboxes of the scenarios for which the BDC models must be generated. 13. Click the Execute icon to generate the model and resource files. Save. 14. In the pop-up displayed, browse to the folder in your local system where you want the files to be saved and click
15. Copy this location to the Duet Enterprise Worksheet, in the BDC models ZIP file location row. The Generate BDC and Resource Models page is displayed, showing a list of all models that were created. 16. Compare the list displayed to the list above. Checkpoint: a. Open the previously created BDC.ZIP file. b. Check that the models.xml file is located in the file. c. View a non Resource file, for example, UserRoles.xml. d. Check that the following properties have been updated: WcfMexDocumentUrl (under LobSystems -> LobSystem) The URL should point to your SCL server (for example https://vmw3425.wdf.sap.corp:8001/sap/bc/srt/wsdl/bndg_0050569D4D991DDF9C9B8F D94997BE44/soap12/wsdl11/allinone/ws_policy/document?sap-client=001). WcfEndpointAddress (under LobSystems -> LobSystemInstances) This URL should also point to your SCL server (for example https://vmw3425.wdf.sap.corp:8001/sap/bc/srt/pm/iwtng/iwxread_userroles_in/001/due t_enterprise_saml/1/binding_t_https_a_wsse__-iwtng_iwxread_userroles_in_duet_enterprise_saml)
2.7.5 View Archives of Uploaded BDC Files

Note: This section is only relevant if you have modified the BDC model or the resource file and the uploaded it again. Whenever a BDC model or resource file is modified, you have to upload it again using the Customization activity BDC Publisher > Load BDC and Resources to Database. All uploaded files are maintained in the /IWTNG/BDC_HIST table. You can view this table to see the archive of all BDC files that have been uploaded. Note: This table is populated only the second time the models are uploaded. 1. Log on to the SAP system where SharePoint Customizations are maintained. 2. Go to transaction SE16. 3. In the Table Name field enter /IWTNG/BDC_HIST and click Table Contents. 4. Click the Execute icon. The list shows all BDC model and resource files that have been uploaded to the system. You can sort the columns to see the list by the last changed date. Double-click on an XML file to see its details.
48
2. Installing Duet Enterprise 2.8 Specifying SCL Configuration Settings to SAP Systems
2.8 Specifying SCL Configuration Settings to SAP Systems

You configure settings for SCL components and define how these settings interface with your existing SAP system.
2.8.1 Defining Trust between the SCL Host and your SAP Systems for Type 3 connections
You define trust relationship between your SAP system and the SCL host by configuring the SAP system to be the trusting system, and the SCL host to be the trusted system. For detailed information about configuring trust relationship in the SCL landscape, see Service Consumption Layer: SAP Security Guide at SAP Service Marketplace at: http://service.sap.com/instguides SAP Business Suite Applications Duet Enterprise Duet Enterprise 1.0. Note: This is just a technical RFC destination used to establish the trust. It will not be used during runtime. To configure trust: 1. On the SAP system, open transaction SM59. The Configuration of RFC Connections page is displayed. 2. Click Create.
3. Enter the following:
Field RFC Destination Connection type Description

4. Click Save.
Value to enter Enter an RFC destination name in the following format: <SystemID>CLNT<Client>. For example,SCLCNT100. 3 Enter a description. For example, RFC Destination to SCL Server.
5. Select the Technical Settings tab and enter the following:
Field Load Balancing Target Host System Number

6. Click Save.
Explanation Select the relevant radio button according to your systems settings. Enter the (message) server name of the SCL system. For example, vmw3425.wdf.sap.corp. Enter the SCL system number. For example, 00.
The RFC destination is saved. 7. Open transaction SMT1. The Display and Maintain Trusted Systems page is displayed. 8. Click Create.
49
9. In the Destination field, enter the RFC destination you created, e.g. SCLCNT100. An RFC logon to the SCL host occurs, and the necessary information is exchanged between the systems. 10. Logon to the SCL host using your administrator user and password. The trusted entry for the SCL host is displayed. 11. Click Save. Note: For end-users to use a trusted connection, they must have authorization object S_RFCACL assigned to them (for more details, refer to http://help.sap.com/saphelp_nw70ehp2/helpdata/en/d3/5b5c8ac5a93941b9f4e 2f09b50beb4/frameset.htm)
2.8.2 Creating a Type 3 RFC destination on SCL Host to SAP System

Note: A type 3 connection from SCL Host to SAP System is required for all scenarios of Duet Enterprise: Workflow, Reporting, and Starter Services. 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the 4. Click the 5. Click Display icon. Execute icon.
3. Select Connection Settings > SCL to SAP System > Manage RFC Destinations. The Configuration of RFC Connections page is displayed. Create. 6. Enter the following:

7. Click Save.
Value to enter Enter an RFC destination name in the following format: <SystemID>CLNT<Client>. For example, BKDCNT200. 3 Enter a description. For example, RFC Destination to SAP Server.
Field Load Balancing Target Host System Number

9. Select the Logon & Security tab.
Explanation Select the relevant radio button according to your systems settings. Enter the (message) server name of the SAP system. For example, vmw4000.wdf.sap.corp. Enter the SAP system number. For example, 00.
10. Enter the SAP systems client number. 11. Select the Current User checkbox.
50
12. Select the Trust Relationship Yes radio button. Note: Make sure that you have created the trusted relationship before as outlined in the Defining Trust between the SCL Host and your SAP Systems for Type 3 connections section. 13. Click Save.
Checkpoint: Click Connection Test. The connect test should pass. If the user ID with which you are logged on to SCL and your user ID for the SAP system is the same, and they have the object S_RFCAC assigned to it on the SAP system, click Remote Logon. You should not get any error messages in the status. (If any problem persists, check Note 128447 Trusted/trusting systems for troubleshooting tips.)
Configuring SAP System to Accept Assertion Tickets from the SCL

You must configure your SAP system to accept SAP assertion tickets from the SCL host for message-based Web service communication. For detailed information about configuring the use of SAP assertions tickets in the SCL landscape, see Service Consumption Layer: SAP Security Guide at SAP Service Marketplace at: http://service.sap.com/instguides SAP Business Suite Applications Duet Enterprise Duet Enterprise 1.0. To accept SAP assertion tickets: 1. From the SAP system, open transaction RZ10. The Edit Profiles page is displayed. 2. In the Profile field, press F4. 3. Select DEFAULT and press the checkmark. 4. In the Edit Profile section, select the Extended Maintenance radio button. 5. Click Display.
The Display Profile Default Version 000XXX page is displayed. 6. Check that the value of the login/accept_sso2_ticket parameter is 1 and the value of the login/create_sso2_ticket parameter is 2. If these are not the values displayed in the table, edit them. To change the value of the parameters: a. Click Edit. b. Find the desired parameter. c. In the Parameter value column, change the value. 7. Go back to the Edit Profiles page and click Save.
8. Open transaction SSO2 to run the SSO2 administration wizard. The Logon Ticket Administration for Single Sign-On(SSO) page is displayed.
51
Note: If SSO2 does not work use STRUSTSSO2 to import the certificates from SCL server, you must import them manually. For further details, refer to http://help.sap.com/saphelp_nw70ehp2/helpdata/en/78/f1a8490e7011d6999500508b6b8a9 3/frameset.htm. 9. Enter the type 3 RFC destination created above or the <host name> and <system number> for the SCL system in the appropriate fields. For example, SCLCNT100. 10. Click Execute. The Logon page is displayed. 11. Enter your password. The SSO2 administration report for the designated SAP system is displayed. 12. Select Edit > Activate to configure the SAP system. Note: This trust is required for connections used by Starter Services. Note: If SSO2 does not work use STRUSTSSO2 to import the certificates from SCL server, you must import them manually. For further details, refer to http://help.sap.com/saphelp_nw70ehp2/helpdata/en/78/f1a8490e7011d6999500508b6b8a9 3/frameset.htm. Checkpoint: Repeat steps #2 to #5 and make sure that the first three traffic lights under the Profile Parameters login/create_sso_ticket =2 section are green.
Configuring the SCL Host to Accept Assertion Tickets from SAP Systems
You must configure your SCL host to accept SAP assertion tickets from the SAP system for message-based Web service communication. To configure the SCL host to accept SAP assertion tickets: 1. From the SCL, open transaction RZ10. The Edit Profiles page is displayed. 2. In the Profile field, press F4. 3. Select DEFAULT and press the checkmark. 4. In the Edit Profile section, select the Extended Maintenance radio button. 5. Click Display.
The Display Profile Default Version 000XXX page is displayed. 6. Check that the value of the login/accept_sso2_ticket parameter is 1 and the value of the login/create_sso2_ticket parameter is 2. If these are not the values displayed in the table, edit them. To change the value of the parameters: a. Click Edit. b. Find the desired parameter. c. In the Parameter value column, change the value. 7. Go back to the Edit Profiles page and click Save.
8. On the SCL, open transaction SSO2 and to the SSO2 administration wizard.
52
2. Installing Duet Enterprise 2.9 Create Type G RFC Destination to the SCL
The Logon Ticket Administration for Single Sign-On(SSO) appears. Note: If SSO2 does not work use STRUSTSSO2 to import the certificates from SAP System manually. 9. Enter the type 3 RFC destination or the <host name> and <system number> for the SCL host in the appropriate fields. For example, BKDCNT200. 10. Click Execute. Note: You might be asked to provide a user name and password. The SSO administration report for the designated SAP system is displayed. 11. Select Edit > Activate to configure the SAP system. Note: If SSO2 does not work use STRUSTSSO2 to import the certificates from SCL server, you must import them manually. For further details, refer to http://help.sap.com/saphelp_nw70ehp2/helpdata/en/78/f1a8490e7011d6999500508b6b8a9 3/frameset.htm. Note: To import the certificate from the SAP System to the SCL, you need to export the PSE certificate from SAP System first. Checkpoint: Repeat steps #2 to #5 and make sure that the first three traffic lights under the Profile Parameters login/create_sso_ticket =2 section are green.
2.9 Create Type G RFC Destination to the SCL

Note: If you want to use SSL, make sure that you have imported the SCL SSL Server certificate in the SAP System STRUST SSL Client Certificate store. To import the SSL certificate from the SCL in the SAP system: 1. On the SAP System, open transaction STRUST. 2. Right-click SSL client SSL Client (Anonymous) and select Create. Note: If SSL client SSL Client (Anonymous) already exists in your system, you can skip this step. 3. Click the checkmark. 4. Double-click the certificate displayed. Import Certificate.
5. Click
The Import Certificate page is displayed. 6. Enter the SCL SSL server certificate that you created in the Configuring the Use of SSL between the SCL Host and SharePoint section. Note: The imported certificate must be in .CER format. 7. Click the 9. Click checkmark. Save. 8. Click Add to Certificate List. Note: This destination will be used by logical ports in Workflow and Reporting to connect to the SCL.
53
2. Installing Duet Enterprise 2.9 Create Type G RFC Destination to the SCL
1. On the SAP system, open transaction SM59. The Configuration of RFC Connections page is displayed. 2. Click Create. 3. Enter the following:

4. Click Save.
Value to enter Enter an RFC destination name in the following format: <SystemID>CLNT<Client>-HTTP. For example, SCLCNT100-HTTP. G Enter a description. For example, HTTP Destination to SCL Server.
Field Target Host Service No.

6. Select the Logon & Security tab.
Explanation Enter the (message) server name of the SCL. For example, vmw3425.wdf.sap.corp. Enter the SCL HTTP(s) Port number. For example, 8000. Note: For HTTPS, enter the SSL port.
7. In the Logon Procedure section, select the Basic Authentication radio button. A dialog box asking if you want to change the HTTP logon procedure is displayed. 8. Click Yes. 9. Select the Send SAP Logon Ticket checkbox. a. In the Status of Secure Protocol section, select the SSL Active radio button. b. From the SSL Client Certificate drop-down list, select the entry to which you imported the SSL certificates. For example, ANONYM SSL Client (Anonymous). Checkpoint: Perform a connection test. The test without the Path Prefix should result in Return code 404. Note: If you want to perform a connection test, enter a Path prefix (for example, /sap/public/info) and perform the test. The result should be 200. After the test make sure to remove the prefix again. Note: If you get an ICM SSL error, make sure that you have imported the SCL SSL certificate in the correct Cert List and have restarted the ICM via transaction SMICM: Administration > ICM > Exit Soft > Global.
54
2. Installing Duet Enterprise 2.10 Configuring Notification Mails
2.10 Configuring Notification Mails

This activity allows you to configure settings for e-mails that are sent from the SCL to SharePoint. To configure the notification mails: 1. On the SCL, open transaction SIMGH. 2. Open the Service Consumption Layer Administration IMG. 3. Click the 5. Click the Display icon. Execute icon. Create. checkmark.
4. Select Connection Settings > SCL to Consumer > Configure Notification Mails . The SAPconnect: Administration (system status) page is displayed. 6. Click the INT node and then click The SAPconnect: Select Node Type page is displayed. 7. Select the SMTP radio button and click the 8. A wizard for creating nodes is displayed. 9. In the Node field, enter the desired nodes name. 10. In the Description field, enter the nodes description. 11. Click Continue. 12. In the Mail-Host field, enter the address of the server containing the e-mail addresses of the SharePoint users. 13. In the Mail-Port field, enter the SMTP port to connect to this server and click Continue. 14. Select the Internet radio button and click Continue. 15. In the Address area text box, enter the domain of the users' e-mail addresses. Enter "*" for the user names (for example, *@sap.com). Click Continue. 16. Accept the default options and click Continue until the wizard is completed. When the wizard is completed the SAPconnect: Administration (system status) page is displayed. 17. Click Job.
The SAP connect: Active and Scheduled Send Jobs page is displayed. 18. Click Create and select the Schedule for INT option. 19. Click Continue. The Send Job: Select Variant page is displayed. 20. Click Continue to precede with the default options. 21. Specify the interval that defines how often queued notification mails must be sent from the SCL to the consumer. 22. Click Save.
55
2. Installing Duet Enterprise 2.11 Setting Up Role Synchronization
2.11 Setting Up Role Synchronization

Note: If you activated any of the content-specific BC sets (/IWTNG/BC_REPORTING , /IWTNG/BC_SAMPLE_SERVICES, /IWTNG/BC_WORFKLOW), the roles should already be available. There is no need to perform this procedure. You perform role synchronization in the SCL host to enable the system to update its information about role assignments and permissions you have assigned to users.
To complete this step, you will require input from the SharePoint administrator. Open the Duet Enterprise Worksheet located at http://go.microsoft.com/fwlink/?LinkId=207604 Requirements Make sure that you have installed and configured the consumer server applications. To setup role synchronization: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the 4. Click the Display icon. Execute icon.
3. Select Consumer Settings > Assign Roles to Consumers.
5. In the Role field, click New Entries and enter the name of the desired role. 6. In the Consumer Type field, enter SHAREPOINT_INT. For example, specify the role, Z_STARTERSERVICES and the name of the consumer server in which it is used. 7. Repeat steps 5 and 6 for all the roles you need to synchronize to SharePoint. 8. Click Save. 9. Open the Service Consumption Layer Administration IMG. 10. Click the Display icon.
11. Select Consumer Settings > Synchronize Roles to Consumers. The Synchronize Roles to Consumer Job page is displayed. 12. In the Consumer Type field, press F4 and select SHAREPOINT_INT. 13. Press F4 to select the role to synchronize, and click Execute and Save. Important: Also, configure role synchronization in the consumer server.
56
2. Installing Duet Enterprise 2.12 Activate the SharePoint Server as a Consumer
2.12 Activate the SharePoint Server as a Consumer

Requirements Make sure that you have installed and configured the SharePoint server to connect to the SCL. To activate the SharePoint server on SCL: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the 4. Click the Display icon. Execute icon.
3. Select General Settings > Activate or Deactivate Consumers. The Change View Consumer Activation Overview page is displayed. 5. Click New Entries. 6. In the Identifier field, enter SHAREPOINT_INT. 7. Select the Active checkbox. 8. Click Save.
2.13 Activating the SCL

Note: You can activate and deactivate the SCL. When you deactivate the SCL, all the consumer servers that connect to it cannot communicate with it, because all SCL services stop running, and an error message is be sent to any system that calls for the services. Important: When you complete the installation and post installation configurations, you must activate the SCL to activate all the SCL services. Requirements Make sure that you have installed and configured the consumer server to connect to the SCL. To activate the SCL: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the 4. Click the Display icon. Execute icon.
3. Select General Settings > Activate or Deactivate SCL. A message is displayed. 5. Click Activate. A message about the status is displayed.
57
3. Configuring Duet Enterprise Specific Content 3.1 Configuring Workflow
3. Configuring Duet Enterprise Specific Content

This section provides the step-by-step instructions for installing and configuring Workflow, Reporting and Starter Services scenarios for Duet Enterprise. This section includes: Configuring Workflow Configuring Reporting Configuring Starter Services
3.1 Configuring Workflow

Note: Make sure a Type G RFC Destination to the SCL Host is created on the SAP System, as explained in the Create Type G RFC Destination to the SCL section. Note: Make sure that a Type 3 RFC Destination to the SAP System is created on the SCL Host, as explained in the Create a Type 3 RFC destination on SCL Host to SAP System section.
3.1.1 Activate Workflow BC Set

To activate the /IWTNG/BC_WORKFLOW BC set: 1. On the SCL, open transaction SCPR20. The Business Configuration Sets: Activation screen is displayed. 2. In the BC Set field, press F4. 3. Select the /IWTNG/BC_WORKFLOW set. 4. Click the Execute icon.
The Prompt for Customizing Request page is displayed. 5. In the Request field, press F4. 6. Select a customizing request and click the checkmark.
The Enter Variable Field Values table is displayed. 7. Fill in the fields in the table according to the following:
Field Alias for Workflow <SID>_<CLIENT>
Description This is the system alias to your SAP system for all the Workflow . The naming convention for this is <SID>_<CLIENT> In this Business Object Group, the Business Objects for Reporting are grouped. You can specify any name.
Example BKD_200
Object Group for Workflow
SPI_WORKFLOW
58
RFC to backend system
This is the RFC destination to the SAP system on which the Workflow will be executed. Select the RFC destination to your SAP system using the F4 help. This role specifies which roles should be synchronized with the SharePoint server.
BKD_200
Synced Role to consumer (1)
SPI_WORKFLOW
8. Click Copy Values. The Activation Options page is displayed. 9. In the Select Activation Mode section, select the Expert Mode radio button. 10. Click the checkmark.
The /IWTNG/BC_WORKFLOW BC set is activated. Note: A Warning message might be displayed concerning tables without data. This message can be ignored. Once the BC Set is successfully activated, you must do the following: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select General Settings > Manage Business Object Groups. The Display View Manage Business Object Groups: Overview page is displayed. 6. Clear the Active checkbox for the IW_WF Business Group. 7. Click Save
3.1.2 Maintain Workflow Context Data

Note: If you have not added any information to the Workflow configuration manually, you can skip this step. The Context Data Registration table contains additional information entered manually to the Workflow. This information must be synchronized both in the SCL and in SharePoint (while building the sites). 1. On the SCL, open transaction SIMGH. 2. Select the Microsoft SharePoint Integration Activities IMG. 3. Click the Display icon.
4. Select Maintain Workflow Context Data.
59
5. Click the
Execute icon.
The Change View Context Data Registration Table: Overview page is displayed. 6. Assign new context data. a. Click New Entries. b. In the Consumer Type field, press F4 and select SHAREPOINT_INT. c. In the Task Name field, enter the Workflow task name (GPW Bound Item Type) as defined in the in the SAP system. This value is case-sensitive. To obtain the GPW Bound Item Type: i. In the SAP system, open transaction SIMGH. ii. Select the Duet Implementation Guide IMG. iii. Click Display. iv. Select Open Workflow Pattern Customization > Workflow Pattern Customization. Execute.
v. Click i. ii. iii. iv. In In In In
The Change View Applications: Overview page is displayed. the Applications list, select the application where the Workflow was configured. the Dialog Structure, double-click on Workflow-ID. the Workflow ID list, select the relevant Workflow (can be inbound or outbound). Dialog Structure, double click on Tasks.
v. From the Tasks section, write down the GPW Bound Item Type. d. In the Property Name field, enter the property name as defined in the custom Handler SharePoint BizDoc and SAP system workflow customization. This value is case-sensitive. e. In the External Field Name field, enter the relevant number. Enter the next integer value for each new table entry starting with 1. 7. Click Save.
3.1.3 Retrieve Endpoint Information

The information obtained in this procedure is needed for creating a logical port. 1. On the SCL, open transaction SOAMANAGER. The SOA Management page is displayed. 2. Select the Service Administration tab. 3. Click the Single Service Configuration link. The Web Service Administration page is displayed. 4. In the Search Pattern section, enter the service ActionItemVi_Document 5. Click Go. 6. Select the ActionItemVi_Document service and click Apply Selection. 7. Click on the Configurations tab and select the endpoint, e.g. if you used the profiles to automatically create the endpoints, select the Endpoint Binding_T_HTTPS_A_HTTP with creation type Created based on profile 8. Click Display. 9. In the Configuration of Web Service section, select the Transport Settings tab.
60
10. Write down the URL displayed in the Calculated Access URL field. Note: If you used the Create Endpoints for Duet Enterprise Services, then the path should be /sap/bc/srt/pm/iwcnt/actionitemvi_document/001/duet_enterprise_assertion/1/binding_t_ht tps_a_http__-iwcnt_-actionitemvi_document_duet_enterprise_assertion where 001 is the client of the SCL system. 11. Repeat these steps and search for RMWrapperVi_Document in Step #4. The result should look like /sap/bc/srt/pm/iwcnt/rmwrappervi_document/900/duet_enterprise_assertion/1/binding_t_ht tps_a_http__-iwcnt_-rmwrappervi_document_duet_enterprise_assertion
3.1.4 Create a Logical Port

1. On the SAP system, open transaction LPCONFIG. The Display/Create Logical Port page is displayed. 2. In the Proxy Class field, enter CO_OSPWACTION_ITEM_VI_DOCUMENT. 3. In the Logical Port field, enter a name. This can be any alphanumeric string without spaces. 4. Select the Default Port checkbox. 5. Click Create 6. Enter a description for the logical port. For example, Logical Port for Workflow. 7. In the General Settings section, select the Call Parameters tab. 8. In the HTTP Destination field, press F4 to select the RFC destination previously created, e.g. SCLCNT100-HTTP. 9. In the Path Suffix field, enter the URL obtained in the previous procedure: /sap/bc/srt/pm/iwcnt/actionitemvi_document/001/duet_enterprise_assertion/1/binding_t_ht tps_a_http__-iwcnt_-actionitemvi_document_duet_enterprise_assertion where 001 is the client of the SCL system. 10. In the Application Specific settings, select State Management. 11. Click 12. Click the Save. Execute icon.
13. Repeat this procedure to create a logical port for Proxy Class /OSP/CO_RMWRAPPER_VI_DOCUMENT using the end-point retrieved before for RMWrapperVi_Document as the Path Suffix in Step #8
61
3.1.5 Customizing Duet Workflows Patterns

This section explains how to customize workflow patterns for use with Duet Enterprise scenarios on the SAP system. Requirements for the SAP system Verify that there is content in the table SOSP_T_APPL_INFO and that the pre-delivered content is available in your productive client. This table is delivered with the Duet package. If it is not available in your productive client, then copy the contents from the table in client 000. Verify that the standard text SOSP_WF_PAT_ERROR_LINK is available in the productive client. Go to transaction /nSO10 and enter the above standard text name to verify its existence. If it is not available in the Menu, click Utilities and select Copy from Client. Enter the standard text name SOSP_WF_PAT_ERROR_LINK, the source client, and the target name of the standard text as "SOSP_WF_PAT_ERROR_LINK". Click Execute.
Scheduling Duet and Core Workflow Reports

The extended notification framework of Core Workflow is used within the Duet Enterprise workflow pattern. Hence, the following configurations related to Core Workflow are required as prerequisites for workflow patterns. Defining OSP filter Scheduling Reports
Defining OSP Filter

1. On the SAP system, open transaction SIMGH. 2. Select Information Worker Implementation Guide. Display icon. Execute icon for Maintain 3. Click the
4. Select Workflow Pattern Customization, and click the Workflow Filter Settings. 5. Under Dialog Structure, double-click Business Scenario. 6. Select OSP and double-click Filter Basic Data. 7. Select OSP_DELTA and double-click Filter settings. The list of settings for the selected filter type is displayed.
8. For the TASK parameter, enter the workflow task ID to be captured within Duet. To add more entries, click New Entries and enter the parameters. 9. Double-click Filter Basic Data. 10. Select OSP_FULL and double-click Filter settings. 11. For the TASK parameter, enter the workflow task ID to be captured within Duet.
62
3.1.6 Customizing Workflow Patterns

You can define the workflows for Duet Enterprise scenarios. You specify the APIs to be called, and set the sub-workflows and their sequences for various tasks. To define workflows for Duet Enterprise applications: 1. On to the SAP system, open transaction SIMGH. 2. Select the Workflow Pattern Customization IMG. 3. Click the Display icon. Execute icon.
4. Select Workflow Pattern Customization and click the
5. Double-click Roles to see the list of user roles configured for Duet. 6. Double-click Applications and select the business application for which the workflows are defined. 7. Double-click Workflow-ID. The list of configured workflows is displayed. 8. Select the desired Workflow and double-click Custom Handlers. 9. Click New Entries, and enter the following parameters to define a new workflow.
Field
Application ID Workflow ID
Description
Displays the application ID for which the workflows are defined. Specifies the workflow ID. Note: There is a one-to-one mapping between the application ID and the workflow ID.
Custom Handler flag
Select the custom handler flag, whether inbound calls or outbound. Select inbound if you want to define services where data from the Outlook client is updated in the SAP system (for example, creating a leave request in Outlook and updating it in the SAP system). Select outbound if you want to define services where data from the SAP system is sent to the Outlook client (for example, sending a notification mail to the approver about an employees leave request).
Counter Custom Handler API
For more than one APIs called for the workflow, specify the sequence of the API to be called. Enter S_OSP_WF_PAT_DEFAULT_CH_IB for Inbound or S_OSP_WF_PAT_DEFAULT_CH_OB for Outbound.
Note: The pre-delivered default workflow pattern implementations for Custom Handler are: Inbound: S_OSP_WF_PAT_DEFAULT_CH_IB Outbound: S_OSP_WF_PAT_DEFAULT_CH_OB 10. Double-click Tasks. The list of sub-workflows for a workflow is displayed. 11. Click New Entries.
63
12. Enter the following parameters to define a new sub-workflow. Field Application ID Workflow ID Sub-Workflow ID Description Select the application for which the workflow is defined. For example, CRM. Select the workflow from the template for which the task is defined. For example, WS80000002. Enter the name for a nested workflow which is part of a Workflow. (If there are no sub-workflows, enter the main workflow ID.) For example, WS80000002. Enter the step ID from the workflow template. This is called a step or node ID which uniquely identifies the step in a Workflow. For example, 183. Groupware Object Type Recipient Role Type Sub-Workflow Type Select the consumer object (task or mail) to be created for the corresponding task. The consumer object can be sent to people with different roles. This field is a placeholder for storing bound-item details for various roles. For example, Approver. Specifies the type of Sub-workflow associated with a workflow. For example, 0 Standard Workflow.
Workflow Step
Workflow Task ID
Task Agents Role Type
Specify the workflow task ID to be captured in Duet Enterprise.

Specifies the name of the role for the agent assigned to the Workflow dialog task. Every Workflow dialog task has an Agent assigned to it. The role of the agent can be that of an Initiator, Approver, Reviewer, or Administrator. Default role should be APPROVER Enter the client bound item type associated with the workflow task for a given recipient role. For example, CampaignApproval.
GPW Bound Item type
Specify the Actions for Activity Status

You can also define the actions for various user roles when the status of an activity is changed.
To define the user role action when an activity status is changed:

1. On the SAP system, open transaction SIMGH. 2. Select the Workflow Pattern Customization IMG. 3. Click the Display icon. Execute icon.
4. Select Workflow Pattern Customization and click the 5. Double-click Action. The list of actions for the user role is displayed.
64
6. Click New Entries, and enter the following parameters to define a new action: Field In-Status Code New-Status Code Role Type Action Object Typ Object ID Active Description Select the initial status of the item before the workflow action is done. Select the status of the item after the workflow action is done. Select the user role for which the action is defined. Select the action for the object. Select the object for which the Action column is defined. Select whether the object type is bound, a notification or an error. Select Active for all objects of type Task .
7. Save the changes.
3.1.7 Running Scheduled Reports (Jobs)

To synchronize the tasks between the SAP system and SharePoint, the following 2 reports must be scheduled in the SAP system: S_OSP_WF_ITEM_SELECTION RSWNSEL The login user used to schedule the reports should be a valid ADS user. Schedule the reports as per the following sequence. 1. Schedule the NetWeaver report RSWNSEL (or run the report when required). The two variants of the report are: Scenario OSP, filter OSP_DELTA Scenario OSP, filter OSP_FULL We recommend that you run the reports at a frequency of fifteen minutes. This report retrieves the workflow items created in the SAP ERP system which is Duet specific (configured as a filter in SWNCONFIG) and sends it for processing by Duet. Refer to the next section Procedure to Schedule Running of Reports to run the reports. 2. Schedule the Duet workflow pattern report S_OSP_WF_ITEM_SELECTION (or run the report when required). This report should run after the successful execution of the NetWeaver report RSWNSEL. This report processes the workflow items retrieved by the report RSWNSEL and sends the approver mails and tasks. We recommend that you run this report at a frequency of fifteen minutes. Refer to the next section Procedure to Schedule Running of Reports to run the reports.
65
Procedure to Schedule Running of Reports

You can schedule the running of reports using your administrator user. To schedule running of various reports, you will need to know the following parameters: Program field Name of the report you want to run Variant field Name of the variant you want to create Meaning field Description of the variant you want to create Note: Make sure that the user ID with which you schedule running of reports exists in the Active Directory Service. Scheduling running of reports involves: Creating variants Scheduling background job for the variants To create variants: 1. On to the SAP system, open transaction SE38 The ABAP Editor: Initial Screen page is displayed. 2. In the Program field, enter the name of a report. 3. Select the Variants radio button. 4. Click Display.
The ABAP: Variants Initial Screen page is displayed. 5. In the Variant field, enter the name of the variant. For example, DuetE1. 6. Click Create. 7. The Maintain Variant: Report page is displayed. 8. In the Scenario field, enter OSP. 9. In the Filter field, enter OSP_DELTA. 10. Click Attributes. The Variant Attributes page is displayed. 11. In the Description field, enter the variants description. 12. Click Save.
The Maintain Variant: Report page is displayed. 13. Click Save to save the value of the variants.
To schedule background jobs: 1. On to the SAP system, open transaction SM36. The Define Background Job page is displayed. 2. Click Job Wizard to create a new job. 3. In the wizards opening page, click Continue. 4. In the Job Name field enter a name and click Continue. 5. Select the ABAP program step radio button and click Continue. 6. In the ABAP Program Name field enter the report name and click Continue.
66
7. Leave the Add additional steps (optional) checkbox empty, and click Continue. 8. Select the Immediately radio button and click Continue. 9. In the Periodic jobs section, select the Period checkbox and click Continue. 10. Select None of the above and click Other periods. 11. In the Minute(s) field, enter 15. 12. Click Create. 13. Click Continue. 14. Click Complete. To update background jobs: As mentioned above, system timepoints for Duet must be in the format TP_BROADCASTING_<ID>. The transaction for updating a job is /nSM37. For help on updating a job, refer to the topic Background Job Monitoring Monitor on the SAP Library at http://help.sap.com/saphelp_nw70ehp1/helpdata/en/1d/ab3207b610e3408fff44d6b1de15e6/fra meset.htm and to the topic Managing Jobs from the Job Overview on the SAP Library at http://help.sap.com/saphelp_wp/helpdata/en/c4/3a8009505211d189550000e829fbbd/frameset .htm
3.1.8 Creating Roles and Assigning Authorization Objects in SAP System

In SAP systems, access to applications and services are based on an authorization concept that enables an administrator to assign authorizations to users. When a client computers request is sent to an SAP system, the system checks whether the user that initiated the request has the relevant authorizations. The role templates specify the authorizations for content that can be accessed by the users of the specific consumer server application. To create a role and assign authorization objects to that role: 1. On the SAP system, open transaction PFCG. The Role Maintenance page is displayed. 2. In the Role field, enter the role to which you want to assign the authorization object and click Change. 3. In the Description field, enter the description for the role. 4. Select the Authorizations tab and click on Change Authorization Data. 5. The Change role: Authorizations page is displayed. 6. Click .
The Manual selection of authorizations page is displayed. 7. Enter the authorization object in the Authorization Object field and press Enter. The authorization object is inserted. 8. Click on the Authorization object fields.
67
The Field Values page is displayed. 9. Enter the interval and click Save. Save.
10. On the Change roles: Authorizations page, click
3.1.9 Manage SAP System Aliases for Workflow

An SAP system alias maps together: A logical RFC destination pointing to an SAP business system A Web service provider system pointing to the same SAP business system The software version of that SAP business system. The supported versions are shipped by SAP and cannot be changed. Note: If you activated the /IWTNG/BC_WORFKLOW BC set, these settings should already be available. There is no need to perform this procedure. Note: Before performing this procedure, make sure that the RFC type 3 destinations to the SAP Systems have been created and that trust has been defined. For further details, see the Create a Type 3 RFC destination on SCL Host to SAP System section.
Create System Alias for Workflow

1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select Connection Settings > SCL to SAP System > Manage SAP System Aliases.
The Change View: Manage SAP System Aliases Overview page is displayed. 6. Click New Entries. 7. Enter the following details for the system alias: SAP System Alias: Name of the system alias. For Workflow this name must be created using the following format: <SID>_<CLIENT>, for example BKD_200. Description: Descriptive text for the system alias. For example, System alias for Workflow Local SCL: Leave unchecked. RFC Destination: Specify the RFC destination defined for your SAP system. For example, BKDCNT200 Software Version: Specify the version Default, which is required by Workflow. 8. Click Save.
We recommend that you check the system alias configurations using Check SAP System Aliases.
68
Assigning the System Alias Pointing to the SAP System

Note: If you activated the /IWTNG/BC_WORKFLOW BC set, these settings should already be available. There is no need to perform this procedure. Make sure that IW_WF is not activated. 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select General Settings > Manage Business Object Groups. The Change View Manage SCL Business Object Groups:Overview page is displayed. 6. From the Manage SCL Business Object Groups table, select IW_WF. 7. In the Dialog Structure section, double click Assign SAP System Aliases. 8. Click New Entries. 9. In the SAP System Aliases column, press F4. 10. Select the system alias that points to the SAP system on which the Workflow will be executed, for example, BKD_200. 11. In the User Role column, enter a role which contains users who should use Workflow in the system of the SAP System Alias, for example, Z_WORKFLOW. 12. Click Save.
13. Double-click Manage SAP System Aliases and make sure that the Active checkbox is selected for the SCL Business Object group you have created for Workflow.
Checking SAP System Aliases

The Check SAP System Aliases activity verifies the various connections you configured. The verification includes the following: Assigned RFC: Checks if a system alias has an RFC destination assigned to it. Assigned Web service provider system: Checks if a system alias has a Web service provider system assigned to it. RFC test: Checks if the assigned RFC destinations are functional. To check the configuration for aliases for an SAP system: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select Connection Settings > SCL to SAP System > Check SAP System Aliases. A status report of the listed checked items is displayed.
69
3.1.10 Check Event Handler

Note: If you activated the /IWTNG/BC_WORFKLOW BC set, these settings should already be available. There is no need to perform this procedure. 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Development IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select Outbound Flow > Events > Event Handler Registration. The Change View Handler and event type combination: Overview page is displayed. 6. Select the /IWFND/CL_EVT_MESSAGE_U_NOTIF Event Type with the /IWCNT/WF_WI Handler ID. 7. Select the /IWFND/CL_EVT_MESSAGE_C_NOTIF Event Type with the /IWCNT/WF_WI Handler ID. Note: If these configurations do not exist, you must create them manually. To create a configuration manually: a. On the SCL, open transaction SIMGH. b. Select the Service Consumption Layer Development IMG. c. Click the e. Click the f. Display icon. Execute icon. d. Select Outbound Flow > Events > Event Handler Registration. The Change View Handler and event type combination: Overview page is displayed. Click New Entries. g. In the Event Type field, enter the missing Event Type, for example /IWFND/CL_EVT_MESSAGE_C_NOTIF. h. In the Handler ID field, enter the missing Handler ID, for example /IWCNT/WF_WI. i. j. l. Click Save. Select the newly created line in the Handler and event type combination table. Click New Entries. Save.
k. Under Dialog Structure, double-click Assignment to objects. m. In the SCL Business Object table, enter IW_WF_TASK. n. Click
70
3.1.11 Check Adapter Class

Note: If you activated the /IWTNG/BC_WORFKLOW BC set, these settings should already be available. There is no need to perform this procedure. 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Development IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select Outbound Flow > Content Publisher > Consumer Adapter Classes. The Content Publisher Consumer Adapter Class table is displayed. 6. Check that the following configuration appears in the table: Consumer Type: SHAREPOINT_INT Content Publisher Operation Type: /SEH/SEND_WFTASK SCL Business Object: IW_WF_TASK Class Interface: /IWTNG/CL_CP_TANGO_WI_TASK_A Note: If this configuration does not exist, you must create it manually.
3.1.12 Create Consumer Proxy

To complete this step, you will require input from the SharePoint administrator. Open the Duet Enterprise Worksheet located at http://go.microsoft.com/fwlink/?LinkId=207604 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the Display icon.
4. Select Connection Settings > SCL to Consumer > Configure Service Endpoint. 5. Click the Execute icon.
The SOA Management tool is displayed. 6. Select the Service Administration tab. 7. Click the Single Service Configuration link. The Web Service Administration page is displayed. 8. From the Search by drop-down list, select Consumer Proxy. 9. In the Search Pattern field, enter /IWTNG/CO_TASKFLOW_WEB_SERVICE. 10. From the Field drop-down list, select Both Names.
71
11. Click Go. 12. Select the TaskflowWebServiceSoap Web service and click Apply Selection. The Details table is displayed below. 13. Select the Configurations tab. 14. Click Create Logical Port. 15. In the page displayed, fill in the Logical Port settings. a. In the Logical Port Name field, enter LogicalPortForWorkflow. b. Select the Logical Port is Default checkbox. c. Enter the description. d. From the Configuration Type radio buttons, select WSDL Based Configuration. e. From the WSDL Base radio buttons, select Via HTTP Access. f. In the URL for WSDL Access User field, enter the WSDL URL found in the Duet Enterprise Worksheet, on the URL to OBAWorkflowService for Workflow row (for example, https://<hostname>:<portnumber>/_vti_bin/OBAWorkflowService.asmx?wsdl).
g. In the WSDL Access User field, enter the SAP workflows service account username found in table 3 of the Worksheet. h. In the WSDL Access Password field, enter the SAP workflows service account password found in table 3 of the Worksheet. i. j. Click Apply Settings to save the logical port. The list of configuration subjects is displayed. Click Apply Settings. 16. Click Save. The Logical Port is created. To update the RFC destination with the login details: 1. In the details view of the proxy, go to the Configurations tab. 2. Select the logical port you have created and click The details of the logical port are displayed. 3. Go to the Additional Information tab. and note down the value displayed in the HTTP Destination field. This is the name of the RFC destination. 4. Open transaction sm59. 5. Search for the HTTP destination obtained before in the Additional Information tab and click Go. 6. Go to the Logon and Security tab and select the Basic Authentication radio button. 7. Enter the SharePoint user in charge of sending data from the SCL to SharePoint. The user name appears in the Duet Enterprise Worksheet, table 3, SAP workflows service account and password row . 8. Save and perform a connection test. Display.
72
To perform Routing - Maintain Logical ports for Proxy: 1. On the SCL, open transaction SIMGH. 2. Select the Microsoft SharePoint Integration Activities IMG. 3. Click the Display icon.
4. Select Routing - Maintain Logical Ports for Proxy. 5. Click the Execute icon.
The Display View Customizing table for Logical ports routing: Overview page is displayed. 6. For each Logical port that was created in the Create Consumer Proxy section above, insert: Proxy Class name - /IWTNG/CO_TASKFLOW_WEB_SERVICE Logical Port Name - the logical port name from the SOAMANAGER transaction (defined in the Create Consumer Proxy section above, step 15a, for example, LogicalPortForWorkflow). Routing URL the URL directing to the sites logical address within SharePoint.
73
3. Configuring Duet Enterprise Specific Content 3.2 Configuring Reporting
3.2 Configuring Reporting 3.2.1 Activate Reporting BC Set

To activate the /IWTNG/BC_REPORTING BC set: 1. On the SCL, open transaction SCPR20. The Business Configuration Sets: Activation page is displayed. 2. In the BC Set field, press F4. 3. Select the /IWTNG/BC_REPORTING set. 4. Click the Activate icon. The Enter Variable Field Values table is displayed. 5. Fill in the fields in the table according to the following: Field Alias for BW reports Description This BC set will configure several BW reports. If you have a BW system connected you should specify a System Alias for it. This BC set will configure two reports that run locally on the SCL server. Specify a name for the local system alias. Reporting configuration needs a LOCAL system alias. You should leave the alias as LOCAL This BC set will create a Business Object Group for Reporting. You can leave the name SPI_REPORT for the SharePoint Integration Report This BC set will create a Business Object Group for Reporting Metadata. You can leave the name SPI_REPORT_MD for the SharePoint Integration Report The reports on the SCL will be grouped under this Category ID. The reports for BW will be grouped under this Category ID. Via the F4 help select the RFC destination that points to the SCL system Example SPI_BW_REP
Alias for Local Demo reports
LOCAL_REP
Alias for LOCAL system
LOCAL
Object Group for Reporting
SPI_REPORT
Object Group for Reporting Metadata
SPI_REPORT_MD
Rep Category for Local Demo Reports Rep Category for Sales&Des Reports RFC to local system
LD SD SCL
74
RFC: Leave Empty
This RFC destination has to be left empty due to the way this BC set is configured. Via the F4 help select the RFC destination that points to a connected BW system All users in this role will be assigned to the BW reports. You can select the role via the F4 help. All users in this role will be assigned to the local reports. You can select the role via the F4 help (this can be the same as in Role for BW Reports) This role will be synchronized to SharePoint. You should select the role from Role for BW Reports This role will be synchronized to SharePoint. You should select the role from Role for Local Demo Reports BKD_100
RFC: RFC Destination of connected BW Role for BW Reports
SPI_REPORTING_BW
Role for Local Demo Reports
SPI_REPORTING_DEMO
Synced Role to consumer (1) Synced Role to consumer (2)
SPI_REPORTING
SPI_REPORTING_2
The /IWTNG/BC_REPORTING BC set is activated. Note: A Warning message might be displayed concerning tables without data. This message can be ignored. Note: To use the local reports: a. Open transaction SE38. The ABAP Editor: Initial Screen is displayed. b. In the Program field, enter /IWCNT/DEMO_REP_LP_CONFIG. c. Click Execute. This program will configure the required RFC destinations and logical ports. Note: If an error message is displayed while trying to use the local report, go to SAP Note 1458454 and implement the correction instructions described there. Once the BC Set is successfully activated, you must do the following: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the Display icon.
75
4. Select General Settings > Manage Business Object Groups. 5. Click the Execute icon. The Display View Manage Business Object Groups: Overview page is displayed. 6. Clear the Active checkbox for the following Business Groups: IWREPT IWRPMD 7. Click Save
3.2.2 Defining the Number Range Interval for Reporting Objects

You must define the number range interval for the shared memory to be accessed by all processes. Note: If you have activated the Reporting BC set, you do not have to perform this procedure for the reports on the SCL system.
To define the interval for the number range:

1. Log on to the SAP system where the desired reports reside. The Number Range Object Maintenance page is displayed. 2. Go to transaction /nSNRO. 3. In the Object field, enter /OSP/JOBNR and click Number Ranges. 4. Click Change intervals, and then click Insert interval. 5. In the Intervals table, enter the following values: Field No. From number To Number Value to enter 01 0000001 9999999
6. Click Insert, and save the setting. 7. Repeat steps 3 to 7 entering /osp/ERPNR in the Object field.
76
3.2.3 Managing System Time Points

Note: This procedure is optional and is only required if time points are planned to be used. To manage system time points: 1. On the SAP system, open transaction SM36. The Define Background Job page is displayed. 2. In the Job name field, enter a name for the new background job. For example, TP_BROADCASTING_Report001. Note: Do not change the default values for Job class, Status, and Exec. Target. 3. Click Start Condition. The Start Time page is displayed. 4. Click Date/Time and fill in the Date and Time fields displayed. 5. Select the Periodic job checkbox at the bottom of the page. 6. Click Period Values. The Period Values page is displayed showing the following values: Hourly: occurs every hour. Daily: occurs every day. Weekly: occurs once week. Monthly: occurs once month. Other periods: occurs at a specified period. 7. Select the desired schedule and click 9. Click Step. The Create Step 1 page is displayed. 10. In the ABAP program section, enter /OSP/IW_TIMEPOINT_PROCESS (for ERP) in the Name field. 11. Click Save. Save.
8. Close the Start time page to return to the Define Background Job page
The Step List Overview page is displayed. 12. Check that the /OSP/IW_TIMEPOINT_PROCESS program has been added. 13. Click Create. The Create Step 2 page is displayed. 14. If you are using a BW client, in the ABAP program section, enter RSRD_BROADCAST_FOR_TIMEPOINT in the Name field. 15. Click Save.
The Step List Overview page is displayed. 16. Check that the RSRD_BROADCAST_FOR_TIMEPOINT program has been added. Note: The names should be entered in the same order as given above. 17. Click Save.
77
3.2.4 Retrieve URL for Logical Port

Note: Make sure a Type G RFC Destination to the SCL Host is created on the SAP System as explained in the Create Type G RFC Destination to the SCL section. Note: Make sure that a Type 3 RFC Destination to the SAP System is created on the SCL Host as explained in the Create a Type 3 RFC destination on SCL Host to SAP System section. 1. On the SCL, open transaction SOAMANAGER. 2. In the SOA Management page, select the Service Administration tab. 3. Click the Single Service Configuration link. The Web Service Administration page is displayed. 4. In the Search Pattern field, enter the endpoint RepAdapterWSVi_Document 5. Click Go. 6. Select the RepAdapterWSVi_Document service and click Apply Selection. 7. Click on the Configurations tab and select the endpoint, e.g. if you used the profiles to automatically create the endpoints, select the Endpoint Binding_T_HTTPS_A_HTTP with creation type Created based on profile 8. Click Display. 9. In the Configuration of Web Service section, select the Transport Settings tab. 10. Write down the URL displayed in the Calculated Access URL field. Note: If you used the Create Endpoints for Duet Enterprise Services, then the path should be /sap/bc/srt/pm/iwcnt/repadapterwsvi_document/001/duet_enterprise_assertion/1/binding_t _https_a_http__-iwcnt_-repadapterwsvi_document_duet_enterprise_assertion where 001 is the client of the SCL system.
3.2.5 Create a Logical Port

1. On the SAP system, open transaction LPCONFIG. The Display/Create Logical Port page is displayed. 2. In the Proxy Class field, enter /OSP/CO_REP_ADAPTER_WSVI_DOCUM. 3. In the Logical Port field, enter a name. This can be any alphanumeric string without spaces. 4. Select the Default Port checkbox. 5. Click Create 6. In the General Settings section, select the Call Parameters tab. 7. In the HTTP Destination field, press F4 to select the RFC destination previously created, for example, SCLCNT001-HTTP. 8. In the Path Suffix field, enter the path obtained in the previous procedure: /sap/bc/srt/pm/iwcnt/repadapterwsvi_document/001/duet_enterprise_assertion/1/binding_t _https_a_http__-iwcnt_-repadapterwsvi_document_duet_enterprise_assertion where 001 is the client of the SCL system. 9. Click 10. Click Save. Execute.
78
3.2.6 Manage SAP System Aliases for Reporting

Note: If you activated the /IWTNG/BC_REPORTING BC set, these settings should already be available. There is no need to perform this procedure. Make sure that IWREPT and IWRPMD are not activated. Note: Before performing this procedure, make sure that the RFC destinations to the SAP Systems have been created and that trust has been defined. Note: Make sure that at least two system aliases have been created: the LOCAL system alias which points to the SCL, and a system alias that points to the SAP system on which the reports will be executed. 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Go to Connection Settings > SCL to SAP System > Manage SAP System Aliases. 4. Create System Alias LOCAL: a. Click New Entries. b. In the SAP System Alias column, enter the desired name, for example, LOCAL c. In the Description column, enter a description, for example, Local system alias d. In the Local SCL column, select the checkbox. e. In the Software Version column, press F4 and select Default. f. Click Save. 5. In the IMG, select General Settings > Manage Business Object Groups. The Manage IW Business Object Groups page is displayed. 6. Assign the system alias LOCAL to the IWREPT Business Object Groups. a. In the Manage IW Business Object Groups table, select IWREPT. b. In the Dialog Structure section, double-click Assign SAP System Aliases. c. Click New Entries. d. In the SAP System Aliases column, press F4. e. Select the system alias created before, e.g. LOCAL. f. In the User Role column, leave the field empty to have all roles assigned Reporting. 7. Repeat the procedure above to assign the system alias LOCAL (generated during the general setup) to the IWRPMD Business Object Groups. 8. Select the Active checkbox for the IWREPT and the IWRPMD Business Object Groups. 9. Click Save.
10. Create System alias for SAP systems on which the Reports are executed 11. Create a System Alias for the trusted system with Software version ERP on which the Reports will be executed. Note: Since Workflow with Software Version DEFAULT must use the System alias <SID>_<CLIENT>, this naming cannot be used for Reporting if both point to the same SAP system
79

The Check SAP System Aliases activity verifies the various connections you configured. The verification includes the following: Assigned RFC: Checks if a system alias has an RFC destination assigned to it. Assigned Web service provider system: Checks if a system alias has a Web service provider system assigned to it. RFC test: Checks if the assigned RFC destinations are functional. To check the configuration for aliases for an SAP system: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Select Connection Settings > SCL to SAP System > Check SAP System Aliases. 3. Click the Execute icon.
A status report of the listed checked items is displayed.
3.2.7 Manage Source Systems, Report Types and Formats on the SCL
Note: If you activated the /IWTNG/BC_REPORTING BC set, these settings should already be available. There is no need to perform this procedure. 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Reporting Administration IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select Peripheral Settings > Manage Source Systems, Report Types and Formats. The Delivery Formats page is displayed. 6. Check that the Delivery Formats table is populated with the following types:
ZIP XLS MHTML PDF XLSX
80
3.2.8 Configure a Report

Note: If you activated the /IWTNG/BC_REPORTING BC set, these settings should already be available. If you have specific reports you want to run, follow the procedure below. To manage reports and their properties: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Reporting Administration IMG. 3. Select Report Settings > Manage Reports and their Properties. 4. Click the Execute icon.
The Manage Reports and their Properties page is displayed. 5. Click New Entries. 6. In the SAP System Alias field, enter the SAP system alias previously created. 7. In the Report Type field, e.g. AL. 8. Enter the reports specific details. 9. Click Save.
10. In the Dialog Structure section, select Report Parameters and Values. 11. Check the information on the page and save the settings. 12. In the Dialog Structure section, select Report Formats for Report Type. 13. Check the information on the page and save the settings. 14. In the Dialog Structure section, select Report Roles. The Report Roles page is displayed. 15. Click New Entries. 16. Assign the role obtained from the SCL Reporting template to the report. (This is the role to which the users that should be able to see this specific report are assigned.) 17. Click Save.
18. Go back to the Manage Reports and their Properties page. 19. Select the Active checkbox for the report. 20. Click the Check icon to check the reporting configuration.
To manage report categories: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Reporting Administration IMG. 3. Select Report Settings > Manage Categories. 4. Click the Execute icon.
The Manage Categories page is displayed.
81
5. Click New Entries. 6. In the Category column, enter the desired category name. 7. Click Save.
To manage the context variables: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Reporting Administration IMG. 3. Select Report Settings > Manage Context Variables. 4. Click the Execute icon.
The Change View Manage Context Groups: Overview page is displayed. 5. Click New Entries. 6. In the Manage Context Groups table, enter the context group, the context group description, and the value type in the relevant column. 7. Select the desired row in the Manage Context Groups table and, in the Dialog Structure section, select Manage Context Groups > Manage Context Variables. The Manage Context Variables page is displayed. 8. Click New Entries to add a new variable. 9. In the Manage Context Variables table, enter the context variable, the context variable description, and the control type in the relevant column. 10. Click Edit to change a variable
11. Make the desired changes. 12. Click Save.
13. Select a variable and, in the Dialog Structure section, select Manage Context Groups > Manage Context Variables > Enable Context Variables. 14. Click New Entries. 15. In the Enable Context Variables table, enter the SAP System Alias and the Implementation Class Name. 16. Click Save.
To manage system time points: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Reporting Administration IMG. 3. Select Report Settings > Manage System Time Points and Data Change Events. 4. Click the Execute icon.
The Manage System Time Points and Data Change Events page is displayed. 5. Click Edit to change the name of an event.
82
6. Select the Active checkbox to activate scheduling events. 7. Click Refresh. To manage peripheral settings: Note: These settings will be applied to all SCL reports. 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Reporting Administration IMG. 3. Select Peripheral Settings > Define General Settings. 4. Click the Execute icon.
The Define General Settings page is displayed. 5. In the Setting Value field, enter the relevant value, for example, 100. 6. Click Save.
3.2.9 Check Event Handler

Note: If you activated the /IWTNG/BC_REPORTING BC set, these settings should already be available. There is no need to perform this procedure. To check the event handler: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Development IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select Outbound Flow > Events > Event Handler Registration. The Handler and event type combination page is displayed. 6. Select the /IWFND/CL_EVT_MESSAGE_NOTIF Event Type and the /IWFND/OB_TEXT Handler ID. Note: If this configuration does not exist, you must create it manually. 7. In the Dialog Structure section, click Assignment to objects. 8. Check that the REPORT_RESULT_SET business object appears in the Assignment to objects list
3.2.10 Check Adapter Class

Note: If you activated the /IWTNG/BC_REPORTING BC set, these settings should already be available. There is no need to perform this procedure. To check the adapter class: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Development IMG. 3. Click the Display icon.
83
4. Select Outbound Flow > Content Publisher > Consumer Adapter Classes. 5. Click the Execute icon. The Content Publisher Consumer Adapter Class table is displayed. 6. Check that the following configuration appears in the table: Consumer Type: SHAREPOINT_INT Content Publisher Operation Type: /GEH/PUBLISH_DOC Class Interface: /IWTNG/CL_CP_TANGO_PUBL_DOC_A Note: If this configuration does not exist, you must create it manually.
3.2.11 Create Consumer Proxy

To complete this step, you will require input from the SharePoint administrator. Open the Duet Enterprise Worksheet located at http://go.microsoft.com/fwlink/?LinkId=207604 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select Connection Settings > SCL to Consumer > Configure Service Endpoint. The SOA Management tool is displayed. 6. Select the Service Administration tab. 7. Click the Single Service Configuration link. The Web Service Administration page is displayed. 8. From the Search by drop-down list, select Consumer Proxy. 9. In the Search Pattern field, enter /IWTNG/CO_OBAFILE_RECEIVER_SOA. 10. From the Field drop-down list, select Both Names. 11. Click Go. 12. Select the OBAFileReceiverSoap Web service and click Apply Selection. The Details table is displayed below. 13. Select the Configurations tab. 14. Click Create Logical Port. 15. In the page displayed, fill in the Logical Port settings. a. In the Logical Port Name field, enter LogicalPortforReporting. b. Select the Logical Port is Default checkbox. c. Enter the description. d. From the Configuration Type radio buttons, select WSDL Based Configuration. e. From the WSDL Base radio buttons, select Via HTTP Access.
84
f.
In the URL for WSDL Access User field, enter the WSDL URL found in the Duet Enterprise Worksheet, in the URL to Official file for reporting row (for example, https://<hostname>:<portnumber>/_vti_bin/OBAFileReceiver.asmx?WSDL).
g. In the WSDL Access User field, enter the WSDL access username. h. In the WSDL Access Password field, enter the WSDL password. i. j. Click Apply Settings to save the logical port. Click Apply Settings.
16. Click Save. The Logical Port is created. To update the RFC destination with the login details: 1. In the details view of the proxy, go to the Configurations tab. 2. Select the logical port you have created and click Display. The details of the logical port are displayed. 3. Go to the Additional Information tab. and note down the value displayed in the HTTP Destination field. This is the name of the RFC destination. 4. Open transaction sm59. 5. Search for the HTTP destination obtained before in the Additional Information tab and click Go. 6. Go to the Logon and Security tab and select the Basic Authentication radio button. 7. Enter the SharePoint user in charge of sending data from the SCL to SharePoint. The user name appears in the Duet Enterprise Worksheet, table 1, row 5 8. Click Save and perform a connection test.
To perform Routing - Maintain Logical ports for Proxy: 1. On the SCL, open transaction SIMGH. 2. Select the Microsoft SharePoint Integration Activities IMG. 3. Click the Display icon.
4. Select Routing - Maintain Logical Ports for Proxy. 5. Click the Execute icon.
The Display View Customizing table for Logical ports routing: Overview page is displayed. 6. For each Logical port that was created in the Create Consumer Proxy section above, insert: Proxy Class name - /IWTNG/CO_OBAFILE_RECEIVER_SOA Logical Port Name - the logical port name from the SOAMANAGER transaction (defined in the 3.2.11 Create Consumer Proxy section above, step 15a, for example, LogicalPortforReporting). Routing URL the URL directing to the sites logical address within SharePoint.
85
3. Configuring Duet Enterprise Specific Content 3.3 Configuring Starter Services
3.3 Configuring Starter Services

Note: Make sure that a Type 3 RFC Destination to the SAP System is created on the SCL Host as explained in the Create a Type 3 RFC destination on SCL Host to SAP System section. Note: Make sure that a trust from the SCL to the SAP System is configured as explained in Configuring SAP System to Accept Assertion Tickets from the SCL
3.3.1 Activate Starter Services BC Set

To activate the /IWTNG/BC_SAMPLE_SERVICES BC set: 1. On the SCL, open transaction SCPR20. The Business Configuration Sets: Activation Screen is displayed. 2. In the BC Set field, press F4. 3. Select the /IWTNG/BC_SAMPLE_SERVICES set. 4. Click the Activate icon. The Enter Variable Field Values table is displayed. 5. Fill in the fields in the table according to the following: Field Alias for Employee Description Starter Services consists of several individual parts. One of these parts is the Employee business object. You have to specify an Alias for this business object. As with Employee, you have to specify an Alias for Services. The BC set creates a Business Object Group for Codelist. You can leave the name SPI_CODELIST for SharePoint Integration CODELIST. The BC set creates a Business Object Group for Employee. You can leave the name SPI_EMPLOYEE for SharePoint Integration EMPLOYEE. The BC set creates a Business Object Group for Multi Destination objects. You can leave the name SPI_SERVICE_MD for SharePoint Integration SERVICE_MD. The BC set creates a Business Object Group for Multi Destination objects. You can leave the name SPI_SERVICE_DD for SharePoint Integration SERVICE_DD. Example SPI_EMPLOYEE
Alias for Services Object Group for Codelist
SPI_SERV SPI_CODELIST
Object Group for Employee
SPI_EMPLOYEE
Object Group for Multi Destination
SPI_SERVICE_MD
Object Group for Single Destination
SPI_SERVICE_SD
86
RFC to backend system
Using the F4 help, select the RFC destination that points to the SAP system used by Starter Services. All users in this role are assigned to CodeList. You can select the role using the F4 help, or you can leave it blank to allow access for all users. All users in this role will be assigned to SPI_EMPLOYEE. You can select the role using the F4 help, or you can leave it blank to allow access for all users. All users in this role are assigned to Multi Destination. You can select the role using the F4 help, or leave it blank to allow access for all users. All users in this role are assigned to Single Destination. You can select the role using the F4 help, or leave it blank to allow access for all users. The BC set creates a Business Object Group for Doc Helpers. You can leave the name SPI_DOC_HELPERS for SharePoint Integration documentation helpers. This role is synchronized to SharePoint. Select the role from Role for Object Group for Employee This role is synchronized to SharePoint. Select the role from Object Group for Multi Destination. This role is synchronized to SharePoint. Select the role from Object Group for Single Destination. This field can be left empty.
BKD_100
Roles for Code List
Roles for Employee
SPI_EMPLOYEE
Roles for Multi Destination
SPI_SERVICES_MD
Roles for Single Destination
SPI_SERVICES_SD
SCL Business Object Group
SPI_DOC_HELPERS
SPI_EMPLOYEE
SPI_SERVICES_MD
SPI_SERVICES_SD
WS Provider System (1)
87
WS Provider System (2)
To connect Starter Services to the SAP system, you must specify/have already specified a provider system in the SOA Manager (see the Create a System Connection section). Add the name of the provider system here.
PS_BKD_100
The /IWTNG/BC_SAMPLE_SERVICES BC set is activated. Note: A Warning message might be displayed concerning tables without data. This message can be ignored. Once the BC Set is successfully activated, you must do the following: 9. On the SCL, open transaction SIMGH. 10. Select the Service Consumption Layer Administration IMG. 11. Click the 13. Click the Display icon. Execute icon.
12. Select General Settings > Manage Business Object Groups. The Display View Manage Business Object Groups: Overview page is displayed. 14. If any of the following Business Groups is active, clear the Active checkbox: IWCOD IWDOC IWCUST IWINH IWINI IWINP IWQUH IWQUI IWQUP IW_BOM IW_MAT IWEMP 15. Click Save
88
3.3.2 Configure the Service Provider for Starter Services Endpoints

Note: Depending on the ERP release you are using, the names of tabs and fields might be different. 1. On the SAP system, open transaction SOAMANAGER. Note: Make sure that all the services have been activated as described in the Activating the Services section for the SAP system. 2. From the Technical Configuration tab, click the Profile Management link. The Profile Management page is displayed. 3. Click Create. 4. In the Profile Properties section, enter a profile name, e.g. ASSERTION_PROFILE. 5. Select the Transport Settings tab and check that the Transport Binding information is correct. 6. Select the Security tab and select the SAP Logon Ticket checkbox. 7. Optional - Select the Secure Communication Only checkbox to enable SSL. 8. Select the profile you just created, e.g. ASSERTION_PROFILE profile from the list and click Activate. 9. Return to the SOA MANAGER homepage and select the Application and Scenario Communication tab (or the Service Administration tab, depending on the ERP release you are using). 10. Click the Business Scenario Communication link. The Business Scenario Communication page is displayed. Note: Instead of manually creating the Business Scenario configuration (see steps 11 to 18) you can import the XML file attached to Note 1480794. Follow the steps outlined in the note and release the services. 11. Click Create. 12. In the Configuration Scenario section fill in the following: a. Enter the configuration scenario name, for example, StarterServices. b. Enter a description for the scenario, for example, Services used by Starter Services. 13. Select the Provider tab and click Add. A table is displayed at the bottom of the section. 14. Select the Search tab. a. In the Search by field, select Service. b. In the Search Pattern field, enter the name of a starter service required service, for example CustomerERPByIDQueryResponse_In. c. In the Field field, select Both Names. d. Click GO. e. Click Add to Worklist.
89
f.
Repeat this procedure to add all of the following services:
External Name
CustomerERPByIDQueryResponse_In CustomerERPBasicDataByIDQueryResponse_In_V2 CustomerERPRelationshipContactPersonByIDAndCo ntactPersonInternalIDQueryResponse_In CustomerERPBasicDataUpdateRequestConfirmation _In CustomerERPRelationshipContactPersonCancelReq uestConfirmation_In CustomerERPRelationshipContactPersonCreateReq uestConfirmation_In CustomerERPByIDQueryResponse_In CustomerERPRelationshipContactPersonUpdateReq uestConfirmation_In_V1 MaterialBasicDataByIDQueryResponse_In ProductionBillOfMaterialVariantItemByVariantI dentifyingElementsQueryResponse_In ProductionBillOfMaterialVariantBasicDataByMat erialAndPlantQueryResponse_In
Internal Name
ECC_CUSTOMERIDQR ECC_CUSTBASICDATABYIDQR_V2 ECC_CUSTOMCONTACTPERSONQR
ECC_CUSTOMERBASICDATAUPDRC
ECC_CUSTOMERCONTACTPERSONCNCRC
ECC_CUSTOMERCONTACTPERSONCRTRC
ECC_CUSTOMERIDQR ECC_CUSTRELCNTPERSONUPDRC1
ECC_MATERIALBASICDATABYID000QR ECC_PRODBILLOFMATERIAL001QR
ECC_PRODBILLOFMATERIALVBDQR
QueryCodeList
15. Select the all the services and click Assign.
QUERYCODELIST
16. In the Profiles section, search for the profile previously created and click Assign to Service. 17. Check that the profiles are displayed in the Provider Details table. 18. After all services have been assigned, select the configuration scenario and click Activate. Note: Depending on the ERP release you are using, you might not be prompted to activate the services. If you are not prompted, go back to the Application and Scenario Communication tab and click Activation Requests Management. Click Start Activation.
90
3.3.3 Retrieve External Identifier

1. On the SAP System, open transaction SOAMANAGER. 2. Click the System Global Settings link. The System Global Settings page is displayed. 3. In the Services Identifier tab, retrieve the value for the External Identifier field, for example, 484670B650F30087E10000000A4217D6. Note: Take a note of this identifier number for future use.
3.3.4 Export the Profile

You must export the profile from the SAP system and save it to a file. 1. On the SAP system, open transaction SOAMANAGER. 2. Select the Profile Management link. The Profile Management page is displayed. 3. From the list displayed, select the profile previously created, for example, ASSERTION_PROFILE and click Export. 4. Save this file for future use.
3.3.5 Manage Web Services

Applications running on the SCL use Web services to call the SAP systems. Therefore, the applications have proxies that are shipped with the SCL. These proxies are grouped in "service groups". Each service group can be configured to point to one or many SAP systems. The actual system that will be used is determined at run time via the destination finder. The following has to be configured: A profile that contains general configuration on security and transport systems for the entire landscape. Provider systems, to indicate which SAP systems are called. This can be compared with RFC destinations. The service groups, to determine which SAP systems may be called per service group from the SCL (acting as the consumer) User Account Management, for authentication settings when calling an SAP system 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the Display icon.
4. Select Connection Settings > SCL to SAP System > Manage Web Service Communications. 5. Click the Execute icon. The SOA Management page is displayed. 6. Click the Profile management link. The Profile Management page is displayed. 7. Click Import.
91
8. In the dialog box provided browse for the profile you exported from the SAP system and click Import. The Profile Management Wizard is displayed. 9. Keep the profile name displayed and click Next. 10. Keep the selected checkboxes 11. Click Finish. A dialog box asking if you want to activate the profile immediately is displayed. 12. Click Yes.
3.3.6 Create a System Connection

1. On the SCL, open transaction SOAMANAGER. 2. Select the System Connections link. The System Connections page is displayed. 3. Click New. The System Connections Wizard is displayed. 4. Enter a name and description for the provider system, and choose the profile you created. For example, PS_<SID>_<CLIENT> 5. Click Next. 6. In the SLD Identifier field, select F4. If the SAP system you want to define as the provider is listed in SLD Identifier, select it. If not, enter the name of the SAP system. For example, <SID_Client>. 7. In the Access Url for WSIL field, enter the name of the WSIL that points to the SAP system. Important: Make sure you enter the URL for the SAP system. If you enter the WSIL that points to the SCL system, the services will not be released. To obtain the WSIL URL: a. Log on to the SAP system you specified as a provider, and enter transaction SICF. b. In the Type Hierarchy field, enter SERVICE. c. Enter WSIL for the service name. d. Click Execute. The WSIL service should now be listed. The default value for the URL is: http://<host_name:port>/sap/bc/srt/wsil 8. Enter all required credentials to access the services on the SAP System, and click Next. 9. Click New to create a business application. 10. Enter the application name and description. 11. In the External Application Key field, enter the External Identifier previously retrieved, for example, 484670B650F30087E10000000A4217D6 and click OK. 12. Click Next. 13. In the Data transfer scope section, select the Minimal Data Transfer radio button. 14. In the Transfer Protocol section, select the Transfer via HTTP header radio button. 15. Click Next.
92
16. Leave the encryption certificate empty. 17. Click Finish. 18. In the System Connections page, click Activate. 19. Click Test Connection and check that the connection to the WSIL was successful.
3.3.7 Create the Account Maintenance User

1. On the SCL, open transaction SOAMANAGER. 2. Select the Service Administration tab. 3. Select the User Account Management link. The User Account Management page is displayed. 4. Click New. 5. Enter the account name and description and click Next. 6. From the Account Type drop-down list, select Business User. 7. Click Finish. 8. On the User Account Management page, click Activate. A dialog box asking if you want to activate the profile immediately is displayed. 9. Click Yes. 10. Select the Account Assignment tab on the User Account Management page. 11. Click New. The Account Assignment Wizard is displayed. 12. In the Business Application field, press F4 and select the Provider System you created in the 3.3.6 Create a System Connection procedure above., for example, PS_<SID>_<Client> 13. Select the Assign to all services within this business application checkbox. 14. Select the All service groups can use this assignment checkbox. 15. Click Next. 16. From the Account drop-down list, select the account you have just created. 17. Click Finish.
3.3.8 Create a Business Scenario Configuration

1. On the SCL, open transaction SOAMANAGER. 2. Select the Service Administration tab. 3. Select the Business Scenario Configuration link. The Business Scenario Configuration page is displayed. 4. Click New. The Business Scenario Wizard is displayed. 5. Enter the desired business scenario name, for example, Starter_Services and click Next. 6. On the provider service step click Next 7. From the table displayed in step 3 Consumer Side, select the desired service groups and business applications on the consumer side for the business scenario.
93
a. Click Add. The Search page is displayed b. In the Search by field, select ServiceGroup. c. In the Search Pattern field, enter an asterisk. d. In the Field field, select Both Names. e. Click GO. f. Select the following groups: IW_BPC_CustomerContact_SG IW_CodeList_SG IW_PRD_MaterialBOM_SG g. Click Add to Worklist. h. Select a service group and click Assign Business Application. i. j. Select the previously created provider system and click Assign To Service Group. Repeat steps h and i for each of the service groups on the list.
Note: you can also select all Service groups and assign the same Provider System in one go 8. Click Finish. A dialog box asking if you want to activate the profile immediately is displayed. 9. Click Yes. 10. On the SOA management tool, select the Service Administration tab. 11. Select the SOA Configuration Request Queue Management link. The SOA Configuration Request Queue Management page is displayed. 12. Click Start request queue processing. 13. Wait until all services are created.
3.3.9 Manage SAP System Aliases

Note: Before performing this procedure, make sure that the RFC destinations to the SAP Systems have been created and that trust has been defined.
Note: If you activated the /IWTNG/BC_ SAMPLE_SERVICES BC set, these settings should already be available. There is no need to perform this procedure. Make sure that IW_MAT, IW_BOM, IWF_SAMPLE_USR,
IWEMP, IWDOC and IWCOD are not activated. To manage SAP system aliases: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select Connection Settings > SCL to SAP System > Manage SAP System Aliases.
The Change View: SAP System Aliases Overview page is displayed. 6. Click New Entries.
94
7. Enter the following details for the system alias: SAP System Alias: Name of the sap system alias. Description: Descriptive text for the system alias., for example, Alias for Starter Services Local IWF: Select to indicate that the system alias points to a local SCL instance. RFC Destination: Specify the RFC destination defined for your SAP system. For example, BKDCNT001<SYSTEM_NUMBER_TO_SCL_HOSTNAME> WS Provider System: Enter the Provider System you created in the 3.3.6 Create a System Connection procedure above. Software Version: Specify the version of the SAP system. SAP provides the software version. For Starter Services this probably is ECC_604 8. Click Save.
We recommend that you check the system alias configurations using Check SAP System Aliases.
3.3.10 Add the System Alias and Roles to all Starter Services Relevant Object Groups
Note: If you activated the /IWTNG/BC_ SAMPLE_SERVICES BC set, these settings should already be available. There is no need to perform this procedure. By assigning roles and system aliases to business object groups Duet Enterprise routes user requests to certain SAP systems. If user A in group GROUP_A should see Starter Services data from System with Alias ALIAS_A and user B in group GROUP_B should see data from the system with System alias ALIAS_B this can be configured here. To add the System Alias and Roles to all Starter Services relevant Object Groups: 1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Administration IMG. 3. Click the 5. Click the Display icon. Execute icon.
4. Select General Settings > Manage Business Object Groups.
The Manage IW Business Object Groups page is displayed. 6. From the Assign SAP System Aliases table, select the following groups including the Business Objects that are assigned to each: SPI_CODELIST With Business Object: CODELIST SPI_DOC_HELPERS With Business Objects: DOC_STORAGE_CATEGORY DOC_TYPE_STATUS Note: For the above Business Object Groups, no Role Based Assignment should be performed. Only one System Alias should be assigned.
95
SPI_EMPLOYEE With Business Objects: IW_EMP_EMPLOYEE SPI_SERVICE_MD With Business Objects: BILLOFMATERIAL DOCUMENT MATERIAL SPI_SERVICE_SD With Business Objects: CONTACTPERSON CUSTOMER INQUIRY_HEADER INQUIRY_ITEM INQUIRY_PARTNER QUOTATION_HEADER QUOTATION_ITEM QUOTATION_PARTNER 7. From the Dialog Structure section, click Assign SAP System Aliases. 8. Click New Entries. 9. In the SAP System Alias field, press F4 and select the desired system alias. 10. Click Save.
11. Repeat this procedure for all the object groups relevant to Starter Services.

The Check SAP System Aliases activity verifies the various connections you configured. The verification includes the following: Assigned RFC: Checks if a system alias has an RFC destination assigned to it. Assigned Web service provider system: Checks if a system alias has a Web service provider system assigned to it. RFC test: Checks if the assigned RFC destinations are functional. To check the configuration for aliases for an SAP system: 1. On the SCL, open the Service Consumption Layer Administration IMG. 2. Click the 4. Click the Display icon. Execute icon. 3. Select Connection Settings > SCL to SAP System > Check SAP System Aliases.
A status report of the listed checked items is displayed.
96
3. Configuring Duet Enterprise Specific Content 3.4 Configure Code Lists
3.4 Configure Code Lists

Note: This section is applicable only in a landscape where the SAP ERP system is lower than version ECC-SE EhP5. If you have a Duet Enterprise landscape with an SAP ERP version lower than ECC-SE EhP5, some code lists may not be pre-delivered. In such cases, you must maintain these code lists manually in the metadata table SCODE_REGISTRY so that the values for these fields can be retrieved and displayed correctly. These code lists are: Job Function Code Account Title Country Code To configure the code lists manually: 1. On the SAP system, open transaction SM34. 2. In the View cluster field, enter VC_CODE_REGISTRY and click Maintain. A message warning you that the table is cross-client is displayed. 3. Click the checkmark. The Determine Work Area: Entry page is displayed. 4. In the Registered Code Type field enter the relevant code type and click the checkmark. 5. In the following pop-up dialogs, specify the package where the object will be created and select the transport request for the changes. 6. Enter the code type details. 7. Click Save.
The code types and details for the various code lists are given below: Job Function Code Code type: SAPPLSEF_CONTACT_PERSON_FUNCT3 Field Codelist Source IMG Table/Domain Field name Text Table Text Field Name Value IMG Table TPFK PAFKT TPFKT VTEXT
97
3. Configuring Duet Enterprise Specific Content 3.5 Caching Code Lists
Account Title Code type: SAPPLSEF_FORM_OF_ADDRESS_CODE1 Field Codelist Source IMG Table/Domain Field name Text Table Text Field Name Country Code Code type: SAPPLSEF_COUNTRY_CODE Field Codelist Source IMG Table/Domain Field name Text Table Text Field Name Value IMG Table T005 LAND1 T005T LANDX Value IMG Table TSAD3 TITLE TSAD3T TITLE_MEDI
3.5 Caching Code Lists

1. On the SCL, open transaction SIMGH. 2. Select the Service Consumption Layer Services Administration IMG. 3. Click the Display icon.
4. Select Code List Settings > Refresh Code List Cache. 5. Click the Execute icon.
The Refresh the cached code list page is displayed. 6. In the Consumer Id field, enter SHAREPOINT_INT. 7. In the Code List Names field, enter ContactPersonFunctionTypeCode. 8. In the Languages field, press F4 and select the desired language. 9. Click Execute. 10. Repeat the procedure for the CountryCode and TitleCode code lists.
98
3. Configuring Duet Enterprise Specific Content 3.6 Configure Document Upload Option
3.6 Configure Document Upload Option

Starter Services provides the option to upload documents to SharePoint and have them available on the SAP system as well. To enable document upload: Note: If you activated the /IWTNG/BC_ SAMPLE_SERVICES BC set, these settings should already be available. There is no need to perform step 1 in this procedure. 1. On the SCL, create a Business Object group containing the following business objects: DOC_STORAGE_CATEGORY DOC_TYPE_STATUS Note: The values for these business objects will always be retrieved from one system. 2. Perform cache cleanup. a. On the SCL, open transaction SIMGH. b. Select the Service Consumption Layer Administration IMG. c. Click the e. Click the Display icon. Execute icon. d. Select Cache Settings > Clean Up Cache and Persistency. The Cleanup for Service Consumption Layer Cache and Persistency frameworks page is displayed. f. In the Cleanup Scenario field, enter /IWCNT/DOC_STORAGE_CAT_CLEANUP for the storage category, and then /IWCNT/DOC_TYPE_STAT_CLEAN for the document type and status. Execute.
g. Clear the Execute in test mode checkbox. h. Click 3. Assign a System Alias to the business object group. Note: Leave the User Role field empty. 4. Perform customization for Document File Extension to Workstation mapping. a. On the SCL, open transaction SIMGH. b. Select the Service Consumption Layer Services Administration IMG. c. Click the Display icon. d. Select Document Settings > Maintain Workstation Application For File Extensions. e. Click the Execute icon. The Display View Maintain Workstation Application and File Extensions: Overview page is displayed. f. On the SAP system, open transaction SPRO. The Customizing: Execute Project page is displayed. g. Click SAP Reference IMG. The Display IMG page is displayed. h. Select Cross- Application Components > Document Management > General Data > Define Workstation Application.
99
3. Configuring Duet Enterprise Specific Content 3.7 Configuring User Profile Synchronization
i. j.
Click the
Execute icon.
The Change View Define Workstation Application: Overview page is displayed. Check that the values displayed in the Maintain Workstation Application and File Extensions table match the ones in this page.
k. If there are discrepancies in the values, edit them.
3.7 Configuring User Profile Synchronization

To include SAP data in the SharePoint My Profile site (see http://technet.microsoft.com/enus/library/gg982939.aspx), the user running the profile synchronization (for example, the farm account) must be: Assigned to the role that is used for the Employee Business Object. Mapped on the SCL (see 2.6.2 Mapping User Data in the SAP System and the SharePoint Server) Available in the SAP backend system from which the data is retrieved.
3.8 Retrieving the URL for the "View Inquiry in SAP System" Link
When working in SharePoint, in the Workspace, a link to the Inquiry in the SAP system is displayed. For this link to work, you require a URL which must be updated by the SharePoint administration in the corresponding model. To retrieve the URL: 1. Open transaction SE80. 2. The Object Navigator is displayed. 3. Under Test Repository, select Web-Dynpro Comp/intf from the drop-down list. 4. In the field below, enter the following component name : LORD_MAINTAIN_COMP. 5. Click Display.
6. In the Object Name section, under LORD_MAINTAIN_COMP, open Web Dynpro Applications. 7. Double click lord_Maintain. 8. Select the Properties tab. 9. In the Administration area, copy the URL displayed and add it to the Duet Enterprise Worksheet in the Sales Document Processing URL row.
100
Appendix 1 Service Consumption Layer Overview Cross-Phase Documentation
Appendix 1 Service Consumption Layer Overview

The Service Consumption Layer (SCL) is a framework that connects business users to SAP systems. You implement SCL components to do the following: Run applications and SAP solutions that integrate end user programs with SAP systems. It serves as an entrance to your existing SAP system, routing requests, commands and data from end users to SAP systems, thereby allowing business users to access SAP business processes and enterprise information from their familiar desktop environment such as, Microsoft Office Suite and IBM Lotus Notes. Develop and enhance applications and SAP solutions that integrate end user programs with SAP systems to run on the framework. This guide describes the installation and configuration of SCL in your SAP system landscape.
Cross-Phase Documentation
Use the following guides together with this guide: Service Consumption Layer Implementation Guide The Service Consumption Layer Implementation Guide (IMG) is a tool provided when you install in the SAP system. It contains the steps for customizing settings for Service Consumption Layer, and describes the system configuration activities. Service Consumption Layer Operations Guide The Service Consumption Layer Operations Guide is the starting point for configuration and maintenance tasks in the system landscape in which SCL components run. The guide refers users to the tools and documentation needed to carry out various tasks, such as monitoring, backup and restore, transports, and tests. Service Consumption Layer Developer Guide The Service Consumption Layer Developer Guide provides information to help you to develop and enhance applications and SAP solutions that integrate end user programs with SAP systems to run on the framework. Service Consumption Layer Security Guide The Service Consumption Layer Security Guide provides information about security aspects, including roles, permissions and user management.
101
Appendix 1 Service Consumption Layer Overview Overview of the Service Consumption Layer
Overview of the Service Consumption Layer

The Service Consumption Layer as a framework is provided as an SAP NetWeaver ABAP Add-On, which you install on top of your existing SAP Business Suite or Application Platform. When installed, it provides the following: A runtime environment for SAP solutions that integrate desktop programs with SAP systems. Runtime features including user interface, secure data access, database connectivity, and network communications for managing applications running on top of the framework. An infrastructure and tools for developing applications to run on the framework or enhance SAP solutions which integrate desktop programs with SAP systems. Connection to multiple SAP systems regardless of their versions.
Architecture of the Service Consumption Layer

The main components in the architecture of the Service Consumption Layer can be grouped into the following categories: Consumer Connectivity Interface Layer Backend Abstraction Layer (BAL) Consumer Adoption Layer (GAL) Backend Connectivity The following is an illustration of the runtime architecture of the Service Consumption Layer.
Consumer Server
Generic Service Consumer
Generic Service Provider
GenIL
Reuse services
Web Service Proxy
Interface Layer
Consumer Connectivity
Composition BSO
Adaptation BSO Generic GSI
GSI Implementation
BAL/Consumer Adoption Layer

RFC Backend Operation Proxy Web Service Backend Operation Proxy
Specific Proxy
Backend Connectivity
Runtime Components of Service Consumption Layer
102
GSSO
BOP Facade
Consumer Connectivity
The consumer connectivity layer contains the interfaces that communicate with a consumer server. The consumer server is any application platform that processes commands, requests and data from an integrated desktop application. The consumer server communicates with SCL through Web services. You can customize the consumer connectivity layer to interface with any specific consumer server.
The consumer connectivity layer provides services for cache handling, and device management.
In addition, it supports the communication protocols and tools for generating the interface patterns that query, create and modify the data. The consumer connectivity layer is also referred to as the Consumer Connectivity Layer.
Interface Layer
The SCL connects to the Generic Interaction Layer (GenIL) Model in order to use the internal formats in the model. The consumer connectivity layer uses the interface layer to map information to the internal formats used in SCL.
Generic Interaction Layer (GenIL) Model

GenIL provides uniform access to business data in a stateless request and response format. Also, it provides the infrastructure, central services and implementation guidelines for plugging in arbitrary existing business objects such as an Account, a Sales Order, an Employee Time Sheet, or services. GenIL allows for the separation of the GenIL consumers and provider of the GenIL interface to ensure that these objects are replaceable. One of the generic implementation of GenIL consumer is the Generic Service Consumer for GenIL.
Generic Service Consumer for GenIL

The Generic Service Consumer is used in Web service interface implementations to access the Interface Layer. Internally the generic service consumer manages additional tasks such as loading the appropriate GenIL component, the object model and the supply and mapping of messages.
Generic Service Provider for GenIL

The Generic Service Provider is the generic implementation of a GenIL provider for the SCL. The Generic Service Provider serves as GenIL outbound faade, which maps data from the GenIL container to the Consumer Specific Service Object (GSSO) and instantiates and executes methods of the Generic Service Interface (GSI) implementation.
Consumer Adaptation (GAL) and the Backend Abstraction (BAL)

GSI interfaces describe the functionality needed in the Web services for a consumer scenario. These interfaces enable communication between the Consumer Adaptation layer (GAL) and the Backend Abstraction layer (BAL).
103
Generic Service Interface

The Generic GSI is a generic view on a GSI and defines the contract between the Generic Service Provider for GenIL calls and all GSI implementations. The GSI could be implemented as an Adaptation Backend Service Object (BSO) to adjust an SAP system specific format to the canonical SCL format.
Adaptation Backend Service Object

An Adaptation BSO contains the backend business object faade (BOP faade). The BOP faade reads and writes data from and to the cache, to identify and execute the respective Backend Operation Proxy (BOP).
Composition Backend Service Object

Composition Backend Service Object (BSO) is a GSI implementation that consists of multiple Adaptation BSO.
Consumer Specific Service Object

The consumer specific service object (GSSO) is a GSI implementation that adapts the canonical format of an Adaptation BSO or Composition BSO to a consumer specific format.
Backend Connectivity
The backend connectivity layer contains the BOP. The BOP encapsulates single RFC calls or Web service operation calls to the SAP system. All SAP system calls are executed via BOPs; these add common framework logic to SAP system calls for supportability and extensibility. There are two kinds of BOPs: RFC BOPs RFC BOPs contain all data types that are required to call the corresponding remote RFC. The RFC BOP is required as the data types used in the remote RFC signature are not locally available in the system running the SCL. Customers can create Custom RFC BOPs that make enhancements to an existing solution in an SAP system available to SCL. Web service BOPs Web service BOPs wrap the external consumer server Web service proxies created by SPROXY. Enhancements can be done using the Enterprise Service Repository (ESR).
How Service Consumption Layer Works

When business users send request for data in the SAP system from an integrated application in their desktop environment, the server (consumer server) for that integrated desktop application identifies the request as its own. The consumer server then sends the request to the consumer connectivity layer, which exposes an inbound service interface as a Web service. The implementation of this interface maps the message from the Web service to an internal format which is a GenIL data container. In addition, the interface calls generic functionality such as message store and log tracing APIs. The Generic GenIL consumer processes the request by determining the GenIL component and delegating the request to a service provider in the GenIL runtime.
104
The Generic GenIL service provider uses the Instance Manager to instantiate the respective GSI implementation, and delegates the request to the GSI implementation.
The GSI implementation adapts the request parameter to the SAP system format and delegates the request to the Backend (Outbound) Operation Proxy (BOP). The BOP maps the system alias provided by the Instance Manager to the logical designation and remotely executes the required operations in the SAP system.
The results of the request is adapted and made to conform to formatting rules, which in this example is identical to the GenIL object model. The SAP system then inserts the results into a GenIL data container which is then returned to the consumer connectivity layer. In addition, the SAP system maps the results out of the GenIL data container into a Web service structure and returns the results to the consumer server which in turn returns it to the specific user.
105
Appendix 2 - Duet Enterprise Deployment Worksheet Deployment Worksheet

Record data in this worksheet to enable administrators of Microsoft SharePoint Server 2010 and the SAP system to exchange information that is required during deployment of Duet Enterprise for Microsoft SharePoint and SAP.
Table 1 Information provided by the SharePoint administrator

Information needed Example Value
URL of Web application for Duet Enterprise sites
http:// contoso.corp.com:80 Note:

This information is needed by the SharePoint administrator to perform a procedure during deployment.
URL of Web application for report https:// contoso.corp.com:443 publishing Note:

This information is only needed by the SharePoint administrator to perform a procedure during deployment.
SSL certificate file name and location STS certificate file name and location STS Issuer name
\\contoso\UpdatedModels\DuetSSLCert.cer
\\contoso\UpdatedModels\DuetSTSCert.cer
CN = SharePoint Root Authority OU = SharePoint O = Microsoft C = US
106
Information needed
Example
Value
AD DS Server name
contosoDC Tip:
This must be the NetBIOS name of the computer running the Active Directory Domain Services (AD DS) where the user accounts that are used by SharePoint are stored.
Port number of AD DS AD DS account and password Attribute in AD DS where SAP user name is maintained User Base Domain Name Unzipped model file location
389
This name is an attribute in AD DS. For example, sAMAccountName.
d:\UnzippedModelFiles -or\\contoso\UnzippedModelFiles Note:

This information is needed by the SharePoint administrator to perform a procedure during deployment.
BDC service name Report receiver site URL URL to OBAFileReciever for reporting
Business Data Connectivity Service http://contoso/sites/ Reports https://contoso:445/sites/Reports/_VTI_bin/ OBAFileReciever.asmx?WSDL Tip:

The SAP administrator must have a SharePoint user account that is granted a minimum of Read access to this file.
Secure store ID
107
Information needed
Example
Value
URL to OBAWorkflowService for Workflow SharePoint 2010 Timer service account This is the account name, in the form of domain\username that is assigned to the SharePoint 2010 Timer service. For example, contoso\timersvc. Name of the User Profile Service Application that you will use for Duet Enterprise. contoso\farmadm
User Profile Service Application name Farm account
Table 2 Information provided by the SAP administrator

Information needed Example Value
SSL Certificate location and file name SAML is configured (Yes/No) User name for WSDL access Password for WSDL access BDC models ZIP file location Pas$word1 d:\UpdatedModels\Models.zip Yes
SharePoint user account for the SAP administrator Role names for synchronization Secure Store credentials
This should be in the form of domain\username
108
Table 3 Accounts needed for SharePoint

Information needed Notes Value
Setup user account
This is the account that is used to run setup.exe and DuetConfig.exe, in the form of domain\username. Example, contoso\admin1
Service account for the Duet Enterprise sites Web application
The account that runs the application pool for the Web application used for the Duet Enterprise sites. Note:
This must be a managed account.
Users who can access SAP content You can use the nt
authority\authenticated users
account to grant access to all authenticated users or provide the list of Windows users/groups that will be granted access. Report publisher account SAP workflows service account
109

Duet e Depl Guide Installation Guide

Uploaded by

Copyright:

Available Formats

You might also like

Duet e Depl Guide Installation Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Duet e Depl Guide Installation Guide

Uploaded by

Copyright:

Available Formats

Duet Enterprise SAP Deployment Guide

June 28st 2011

1. Introduction 1.1 Before you Begin

1.1 Before you Begin

1. Introduction 1.2 Coordination between SAP and Microsoft

1.2 Coordination between SAP and Microsoft

1.3 SCL Overview

1.4 Planning the System Landscape

1. Introduction 1.5 Hardware and System Requirements for Duet Enterprise

The following is an illustration of the SCL system landscape:

Service Consumption Layer Components

Integrated Desktop Programs

1.5 Hardware and System Requirements for Duet Enterprise

1. Introduction 1.5 Hardware and System Requirements for Duet Enterprise

WEBCUIF 7.00 WEBCUIF 7.1. SP02

1. Introduction 1.5 Hardware and System Requirements for Duet Enterprise

Business Scenario XML file

1.5.1 Gathering Information for Installation

S_RFCACL S_RZL_ADM S_SRT_LPR

TCD=LPCONFIG, STRUSTSSO2 TTYPE= ; ACTVT=03;

Information Required from the Microsoft Administrator

Field URL of Web application for report publishing

Example https:// contoso.corp.com:443 Note:

This name is an attribute in AD DS. For example, sAMAccountName.

Field User Base Domain Name URL to OBAFileReciever for reporting

URL to OBAWorkflowService for Workflow

Table 3 - Accounts needed for SharePoint

Account name Report publisher account SAP workflows service account

1.6.1 Pre-Wizard Installation Procedures

1.6.2 Post Wizard Installation Procedures

1. Introduction 1.7 Prerequisites

1.7.1 Important SAP Notes

SAP Note Number 1465330

Duet Enterprise 1.0: Release Information Note

Contains essential information about the implementation of Duet Enterprise 1.0.

1. Introduction 1.7 Prerequisites

1.7.2 Activating the Services

7. Repeat the procedure for the following services:

7. Repeat the procedure for the following services:

1. Introduction 1.7 Prerequisites

/sap/bc/srt/rfc /sap/public/bc /sap/public/bc/ur /sap/public/mysssocnt /sap/bc/webdynpro/sap/appl_soap_management /sap/bc/srt/pm

1.7.3 Setting Profile Parameters

2. Installing Duet Enterprise 2.1 Installing the SCL Components

2. Installing Duet Enterprise

2.1 Installing the SCL Components

2. Installing Duet Enterprise 2.2 Configuring Settings for the SCL

2.2 Configuring Settings for the SCL

2.3 Setting Up User and Authorization Administrator for the SCL

2.3.1 Create and Assign SCL Administrator Role

Creating a Service User to Access WSDL from SharePoint

2.3.2 Create and Assign SCL User Role

3. Select User Settings > Define Role for SCL User.

3. Select User Settings > Define Role for SCL User.

2. Installing Duet Enterprise 2.4 Activating BC Sets

2.4 Activating BC Sets

2.5 Specifying Configuration Settings of the SharePoint Server

2.5.1 Configuring the SLD

2.5.2 Defining Settings for Idempotent Services

2.5.3 Creating RFC Destination for Outbound Queues