Professional Documents
Culture Documents
WDEBU7 Workshop nw2004s WAS Settings BI: Roland Kramer Rampup Coach nw2004s SAP Switzerland
WDEBU7 Workshop nw2004s WAS Settings BI: Roland Kramer Rampup Coach nw2004s SAP Switzerland
Chapter 05
Contents:
Overview BI Customizing
Instance profile parameter
Internet communication monitor
SSO configuration
Web basis tree configuration
Web tuning suggestion
Example customer portal
Web printing extension
Web browser settings
Additional Notes for the WAS settings and the web Reporting:
y Note 434918: DNS configuration for BSP Applications on W2K
- icm/host_name_full = server.domain.ext
- http://server.domain.ext:1080/sap/bc/bsp/sap/it00/default.htm
y Note 550669: Compressed transfer of BI web Applications
y Note 561792: Client-sided caching of image/gif files
y Note 517484: Inactive services in the Internet Communication Framework
y Note 529793: Missing error text in the Internet Explorer browser
y Note 622130: Timeout problems in BI web Applications
y Note 619884: Integration of BSP applications in BI web Applications
y Note 498936: Log on/password change in web with BI3.0B or higher
y Note 516884: Anonymous logon with BI 3.0A/B and SAP web App. Server
y Note 517860: Logging on to BSP applications (Check the Documents in the
Append of the Note)
y Note 434918: DNS configuration for BSP Applications on Windows 2000
y Note 616900: BSP FAQ -- Frequently Asked Questions
y Note 677118: SP31-> Fully Qualified Domain Names Check
Also note that the extension “EXTBIND=1” is still valid for Web AS 7.00.
So you can bind ports lower than 1024 on UNIX without any restrictions.
icm/plugin_<xx>
This parameter is used to specify the protocols supported by the ICM.
<xx> must be specified in ascending order from 0. A protocol is specified by the name of
the protocol (for example, HTTP, HTTPS) and a shared library (plug-in) for the protocol.
The plug-in can be associated with the parameter icm/server_port_<xx> at one or
several ports
icm/server_port_<xx>
Use
You can use this parameter to specify the service/port that is to be used for a protocol.
Either the service name or the port number can be specified.
You can also determine additional service properties. This is described in the procedure
below.
Prerequisites
A plug-in for the protocol must be specified in the parameter icm/plugin_<xx>, as
otherwise the service cannot be started. There cannot be more than one service
allocated to a single port. Also, a service cannot be started if another program is using
the port or service.
The Transaction SMICM (ICM Monitor) is in comparison with SM51 (Instance Overview)
and it contain also a work process Overview. The Advantage in the SMICM is that you
can restart the ICM without restarting the SAP Instance (no bounce of the system).
For the ICM Usage in the web Application Server it in mandatory to update the basis
Kernel 7.00 regularly, e.g. the Released Kernel support Stacks. The ICM get his updates
together with the Kernel Patches.
Please check also the interfere between Kernel and ICM. In the 6.x it happened
sometime that Kernel patches produced errors in the web interface.
Here on this page you see the Steps to check the SSO configuration for the WAS web
reporting for BI.
By Default, only HTTP is active you will get a prompt from your web browser as soon
you want to log on to your WAS Server with http://server.domain.ext:<port>. The
Disadvantage is, that you only get two fields: Username and Passwords. If you want to
have additional Functionality like Language field or changing Password you need to
enable the SSO configuration on the system.
This configuration is also the necessary Pre Requisites to integrate the BI system into
the EP 7.0 Portal.
Note 888687: BEx Web Java: Analysis of communication/logon problems
Note 817529: Checking the SSO configuration
Note 838097: Follow-up after installation/upgrade of ERECRUIT 600
Make sure the libraries are accessible before restarting the system
(chmod 775), otherwise errors will occur with the SSO.
© SAP AG 2003, Setup BI 7, Roland Kramer / 9
The libraries are available from the SAP service Portal http://service.sap.com/swdc.
There are also some updates for the secure library available at the kernel section in the
service Portal http://service.sap.com/patches
Please note that the files on the UNIX based system needs enough permissions,
otherwise the SSO will not be enabled. This is also valid for Windows based systems
(no read only permission).
If you forgot to change the permission after you restarted the system, you have to stop
the SAP system and change the permission before SAP is restarted. You will have no
effect when you only restart the ICM service.
The SMTP service will be used for various reason like in SEM or in the process chains
for BI. It is also used together for the Information Broadcasting, the new feature of BI 3.x
and above.
Note:
for Double stack
Installations the
CN must be dif-
ferent and the ACL
points to the Issued
System with client
000 (“EP default”)
This Configuration step is done automatically, if all pre requisites are fulfilled to
start and run the NetWeaver Administrator Template Installer (CTC).
System parameter/settings
y login/accept_sso2_ticket = 1
y login/create_sso2_ticket = 2
y icm/host name full
To enable the Internet browser accept the SSO2 cookie, you must enter a fully qualified
host name in accordance with notes 434918 and 654982.
y SAPSECULIB / SAPCRYPTOLIB
You must use the SAP Security Library or the SAP Cryptographic Library.
y Transaction STRUST
y Transaction STRUSTSSO2
In this transaction, you define which systems are meant to accept logon tickets. This is
necessary, for example, when you want to access data from one system of a BI
application to another application of another system, without having to log on again.
y Documentation http://service.sap.com/security
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-
0a01-0010-d5a9-9cb9ddcb6bce
(New improved security features with nw2004s)
Please make sure that the whole tree in BI has a active compression flag, especially the
sap/BI/bex and the sap/BI/Mime tree.
You can do this once and transport this settings through your system Landscape
Please note that sometime corrections in the basis support packages an deactivate the
service by accident. Than you simply have to turn the service back to active.
When you change something in a service, the service keeps active all the time. You don‘t
have to restart the service.
The Button „Test Service“ switches directly to the web output without having a web query
ready.
http://server.domain.ext:<port>/sap/bw/bex?sap-language=DE&template_id=0ANALYZER
Note 970002 - Which BEx Analyzer version is called by RRMX?
y Transaction RRMX_CUST
Note 966043 - BEx Analyzer: Calling queries with RRMXP
The marked Option activates also the underlying service (Recommended). Please use
this Option whenever Possible.
The Default Setting is HTTP. In most of the cases there is no Change to HTTPS
necessary. However enabling the full HTTPS Environment is always possible with this
configuration.