Enablement Kit for SAP NetWeaver Business Client V3.40 SAP NetWeaver Business Client 4.0 Technical Requirements & Server Side Configuration Overview

SAP NetWeaver Business Client 4.0

Objective



In this presentation we consolidate the activities on the ones to be performed on OS level and for each transaction



At the end you find a short summary for a SAP GUI based end-user check as well as the front-end related configuration steps

© 2013 SAP AG. All rights reserved.

2

SAP NetWeaver Business Client 4.0

Required Backend Release and Stack

Minimum Release and Support Package Stack Level for Productive Use: 

SAP NWBC 4.0 is recommended for customers and partners implementing SAP Best Practices packages based on enhancement package 6 for SAP ERP 6.0 and higher



SAP NetWeaver 7.03 appl. server ABAP or higher



Plus SAP Cryptographic Software

•

SAP NetWeaver Business Client 4.0 is shipped together with enhancement package 6 for SAP ERP 6.0 (SAP ERP 6.06) and other SAP business suite applications based on at least enhancement package 3 for SAP NetWeaver 7.0 (SAP NetWeaver 7.03)

Follow the instructions stated in SAP notes 1707626 - NWBC 4.0 Patches -CLIENT ONLY- SAP NetWeaver Business Client 1353538 - NWBC -Patch Collection- SERVER SIDE (ABAP)+NWBC for HTML The SAP NetWeaver Business Client runtime supports the usage of SAP NetWeaver Business Client 4.0 for Desktop as well as the usage of SAP NetWeaver Business Client 3.5 for HTML.

© 2013 SAP AG. All rights reserved.

3

SAP NetWeaver Business Client 4.0

High Level Backend Configuration Steps Installation and configuration of SAP Crypto Library Activities on OS level, configure system parameters, TX STRUSTSSO2 Enablement of SSO2 tickets / cookies  configure system parameters Enable enhanced POWER list functionality in the Switch Framework (SFw)  Switch activation in TX SFW5 Configuration of the Internet Communication Manager (ICM) / https enablement  TX STRUSTSSO2, configure system parameters, TX SMICM Configuration of the Internet Communication Framework (ICF) TX SICF

Check enablement of enhanced PFCG functionality  TX SM30_SSM_CUST Role assignment  TX PFCG and/or SU01 © 2013 SAP AG. All rights reserved.

4

SAP NetWeaver Business Client 4.0

Backend Configuration – SAP Crypto Library (1/2)

Download the current SAP Crypto Library via SAP Software Distribution Center (SWDC) in SAP Service Marketplace (SMP) • https://service.sap.com/swdc > Download > SAP Cryptographic Software • E. g. SAP Cryptographic Library Microsoft Windows 2003 for x86_64 Extract the content of the SAP CAR or SAR file into the kernel folder • E. g. for Windows 2003 x64 server using command sapcar –xvf 90000114.SAR • Copy sapcrypto.dll and sapgenpse.exe from extraction folder ..\ nt-x86_64 to ..\sapmnt\\SYS\exe\uc\NTAMD64

System profile parameter adaption consolidated in separate slide Same applies for configuration of TX STRUSTSSO2

© 2013 SAP AG. All rights reserved.

5

SAP NetWeaver Business Client 4.0

Backend Configuration – SAP Crypto Library (2/2)

Additional detailed information in SAP Help Portal

http://help.sap.com > SAP NetWeaver > Platform > 7.3 Including Enhancement Package 1 > Application Help > SAP NetWeaver Security Guide > Using the SAP Cryptographic Library for SNC > Configuring the Use of the SAP Crypto Library for SNC > Config SNC for Using the SAPCRYPTOLIB on the AS ABAP http://help.sap.com/saphelp_nw73ehp1/helpdata/en/32/431c3aadda4f25e10000 000a11402f/content.htm?frameset=/en/e6/56f466e99a11d1a5b00000e835363f/f rameset.htm

© 2013 SAP AG. All rights reserved.

6

SAP NetWeaver Business Client 4.0

Backend Configuration – System Parameters (1/2) Distribution of parameters to the default and instance profile Depending on your architecture it might be reasonable to distribute the parameters to the default or instance profile (DEFAULT.PFL / _DVEBMGS_, e. g. EH3_DVEBMGS00_BPEHP). In general it is valid to include the parameters in the instance profile. You can either use transaction RZ10 for maintaining the profiles or editing them directly on OS level – ensure always before edition in transaction RZ10 that you uploaded the current version from the OS level (menu: Utilities > Import profiles > Of active servers)

Attention After maintaining the system parameters you need to restart your system so that the parameters will be taken into account. For Windows servers the service SAP_ (e. g. SAPEH3_00) as well needs to be restarted before the SAP application server ABAP is started again. © 2013 SAP AG. All rights reserved.

7

SAP NetWeaver Business Client 4.0

Backend Configuration – System Parameters (2/2) Full Qualified Domain Name (FQDN) • e. g. icm/host_name_full = iwdfvm4711.wdf.sap.corp

Define http(s) settings • e. g. with following time-out values, SMTP for completeness icm/server_port_0 = PROT=HTTP,PORT=500$$,PROCTIMEOUT=300,TIMEOUT=900 icm/server_port_1 = PROT=HTTPS, PORT=443$$, PROCTIMEOUT=300, TIMEOUT=900 icm/server_port_2 = PROT=SMTP, PORT=250$$, PROCTIMEOUT=300, TIMEOUT=900

Enable SSO2 cookie acceptance and creation • login/accept_sso2_ticket = 1 login/create_sso2_ticket = 2

SAP Crypto Library • e. g. for Windows 2003 x64 servers sec/libsapsecu = $(DIR_CT_RUN)\sapcrypto.dll ssf/name = SAPSECULIB ssf/ssfapi_lib = $(DIR_CT_RUN)\sapcrypto.dll ssl/ssl_lib = $(DIR_CT_RUN)\sapcrypto.dll © 2013 SAP AG. All rights reserved.

8

SAP NetWeaver Business Client 4.0

Backend Configuration – TX STRUSTSSO2 If you use server signed certificates you will receive some warnings when logging on via SAP NWBC 4.0 but functionality is not affected.

Others to be created in the same way

These screenshots show examples of self-signed certificates maintained via right mouse clicks.

The following four certificates must be created: System PSE SNC SAPCryptolib SSL server Standard SSL client SSL Client (Standard)

© 2013 SAP AG. All rights reserved.

All required certificates are created

9

SAP NetWeaver Business Client 4.0

Backend Configuration – TX SMICM Verify in transaction SMICM that https service is activated •

Menu: Goto > Services or [Shift]+[F1] or

• If https is not active, activate the service via menu: Service > Activate To be able to activate https the SSL server Standard certificate needs to be created (see previous slide)

© 2013 SAP AG. All rights reserved.

10

SAP NetWeaver Business Client 4.0

Backend Configuration – TX SFW5 Activate in TX SFW5 enterprise business function /KYK/GEN_AIO_SIMPLIFICATION

© 2013 SAP AG. All rights reserved.

11

SAP NetWeaver Business Client 4.0

Backend Configuration – Services, TX SICF 1/3

Activate Services in TX SICF To make use of SAP NWBC you need to activate various services in TX SICF. Most important is the so-called cockpit, /sap/bc/nwbc linked to the external alias /nwbc. The subnodes of /sap/bc/nwbc may be activated on test systems but should be deactivated on productive systems. The other services are used to enable the framework (especially /sap/public), and to display the various transactions.

Attention If you have already activated part of the node you can activate the entire tree by deactivating and reactivating the upper node. However, you have to update the service tree with the Refresh icon .

© 2013 SAP AG. All rights reserved.

12

SAP NetWeaver Business Client 4.0

Backend Configuration – Services, TX SICF 2/3 Activate Services in TX SICF Update the specified services in the Internet Communication Frameworks (ICF), for general information see Note 517484.

Call transaction SICF

Execute (F8)

Node /Select service with the mouse /highlight

Menu Service/Host - Activate (Ctrl+F11) or use the mouse and right-click to activate the service

© 2013 SAP AG. All rights reserved.

13

SAP NetWeaver Business Client 4.0

Backend Configuration – Services, TX SICF 3/3 Mandatory services to be activated:

Test applications for troubleshooting:

/default_host/sap

/default_host/sap

/public

/bc /bc/icons /icons_rtl /pictograms /ur /webdynpro/* /webicons

/echo/* /error/* /bsp/sap /htmlb_samples /it00 /sbspext_htmlb /sbspext_xhtmlb

/bsp/sap/htmlb /public/bc /system /icf_info /logon_groups /urlprefix /icr_groups /icr_urlprefix

ICF / system

/webdynpro/sap only with with with with

required load distrib load distrib load distrib load distrib

using using using using

msg msg Web Web

WD ABAP /wdr_test_events /wdr_test_ui_elements /wdr_test_table /wdr_test_popups_rt /wdr_test*

server server Dispat Dispat

BSPs

as specified in the name

/icman /myssocntl /bc /bsp/sap/public/bc /system /gui/sap/its/*

depending on the processes to be implemented (only needed for usage of SAP NWBC 4.0 for HTML)

/igs_data /nwbc /print/* /smart_forms /webdynpro

depending on the processes to be implemented /kyk/* /sap/lord* /create_complaints_comp /cust_cockpit_comp /lo_oif* /o2c_* /powl* /wdk* /wdhc_application

© 2013 SAP AG. All rights reserved.

Services for WD ABAP development:

For security reasons, these services should NOT be activated in a production system. /default_host/sap /bc /wdvd/ /wd_trace_tool /webdynpro/sap /configure_* /wd_analyze_*

14

SAP NetWeaver Business Client 4.0

Backend Configuration – Roles (1/2) General Information The use of SAP NWBC is for SAP BAiO packages based on ABAP roles. So to be able to use SAP NWBC as a user interface, roles need to be assigned to the logon user.

Within the SAP BAiO packages roles starting with SAP_NBPR_* are delivered. Please use either TX SU01 to assign roles to a specific user or PFCG to assign users to specific roles. Afterwards do not forget to perform the user comparison in TX PFCG for all newly assigned roles! For BAiO Packages usually SAP_NBPR_EMPLOYEE_S + the relevant functional roles should be assigned to the user. Details can be found in the SAP BAiO Business Process Documentation (BPD).

© 2013 SAP AG. All rights reserved.

15

SAP NetWeaver Business Client 4.0

Backend Configuration – Cockpit (1) SAP NWBC Cockpit When SAP NWBC 4.0 is connected to an ABAP system, central access point on ABAP side is the so-called cockpit. The call is established via an external alias /nwbc, so that the URL has always the same structure. This external alias is connected to service /sap/bc/nwbc.

For example with standard scenario: http(s)://..:/nwbc forwards automatically to http(s)://..:/sap/bc/nwbc

© 2013 SAP AG. All rights reserved.

16

SAP NetWeaver Business Client 4.0

Backend Configuration – Cockpit (2) To ensure correct communication you need to verify that the error pages handling of logon errors of the cockpit is configured correctly. Access the service (sap/bc/nwbc) in TX SICF with a double click: • Radio button System Logon selected and • Configured for Service Specific Settings displaying at least System Messages using protocol Logon via HTTPS

© 2013 SAP AG. All rights reserved.

17

SAP NetWeaver Business Client 4.0

Backend Configuration – System Logon Configuration of the System Logon screen for SAP NWBC You can define how the logon screen for SAP NWBC should look like and which parameters should be set for the logon process. To do so doubleclick on the respective service node for your cockpit in transaction SICF, choose -> Error Pages -> Logon Errors and then the button Configuration (see previous slide). You can decide wether you want to use the global settings (usually only user and password) or if you want to set further parameters for the logon process. You can find a detailed description for the configuration in http://help.sap.com/saphelp_nw70ehp1/h elpdata/en/48/3a0638902131c3e100000 00a42189d/content.htm.

© 2013 SAP AG. All rights reserved.

18

SAP NetWeaver Business Client 4.0

Backend Config. – Table NWBC_CFG Adding a Branding Image and URL to NWBC Layout In table NWBC_CFG you can define a branding image in the lower part of the left navigation panel with a clickable URL behind the image. Therefore make the following entries in table NWBC_CFG via transaction SE16: Branding image: IDX = any ID, consisting of three characters COCKPIT = * (means relevant for all Cockpits) NAME = BRANDING_IMAGE VALUE = URL The URL must be a link to a picture (JPG or PNG) and it must be ensured that the image can be loaded without authorization having been required. Branding URL: IDX = any ID, consisting of three characters COCKPIT = * (means relevant for all Cockpits) NAME = BRANDING_URL VALUE = URL The URL can be the corporate portal page of the company which is then loaded. For the configuration of table NWBC_CFG and the available parameters see also the general documentation for SAP NWBC 4.0, chapter 4.6 Configuration via Table NWBC_CFG. © 2013 SAP AG. All rights reserved.

19

SAP NetWeaver Business Client 4.0

“End-user Tests” Some of the settings to be made require deeper knowledge in SAP basis system administration, such as system profile parameters and configuration of SSO. Therefore it is recommended that the user just checks for the correctness of the settings and the system administrator takes care of the correct configuration of these areas. System parameters: They can easily be checked using TX RSPFPAR uploading the following selection from the clipboard: icm/host_name_full icm/server_port_* login/*_sso2_ticket sec/libsapsecu ssf/* ssl/* Check for “Trust Manager for Single Sign-On with Logon Ticket” configuration – TX STRUSTSSO2 The following nodes need to be created: System PSE, SNC SAP Cryptolib, SSL Server Standard, SSL client SSL Client (Standard) ICM Monitor – Service Display – TX SMICM, Goto - Services: http and https enabled Internet Communication Framework – TX SICF: Check that required services are activated If services cannot be activated or are not found in the system run transaction SIAC_PUBLISH_ALL_INT to publish them at once PFCG / SU01: Assign required roles to your user Additional cockpit configuration – TX SICF: For correct SAP NWBC 4.0 connection to the backend you need to verify that the error pages handling of logon errors of the cockpit is configured correctly: •Radio button System Logon selected and •Configured for Service Specific Settings displaying at least System Messages using protocol Logon via HTTPS

© 2013 SAP AG. All rights reserved.

20

SAP NetWeaver Business Client 4.0

Additional Information Sources SAP Notes 1830798

SAP BP: SAP NWBC 4.0 as of EhP6 for SAP ERP 6.0, ABAP Config (Basis for the information in this presentation)

1353538

SAP NWBC, Patch Collection: Serverseite (ABAP)+NWBC for HTML

1378659

NWBC known issues & what to check when opening a ticket

1883689

Possible trace types for analysing NWBC issues

900000

SAP NetWeaver Business Client – FAQ

1815055

SAP NWBC ABAP Runtime Patch for 740 SP00/01

1707626

NWBC 4.0 Patches -CLIENT ONLY- SAP NetWeaver Business Client

1707623

SAP NetWeaver Business Client 4.0 expected releases

517484

Inactive services in the Internet Communication

-> If you are using an SAP Best Practices solution check the latest version of the corresponding note to obtain updates and corrections.

© 2013 SAP AG. All rights reserved.

21

SAP NetWeaver Business Client 4.0

Additional Information Sources Documentation on the SAP Help Portal for SNC SAPCRYPTOLIB: http://help.sap.com > SAP NetWeaver > SAP NetWeaver 7.0 > SAP NetWeaver 7.0 Library (including Enhancement Package 1) or > SAP NetWeaver 7.0 Library > SAP NetWeaver Library > SAP NetWeaver by Key Capability > Security > Network and Transport Layer Security > Using the SAP Cryptographic Library for SNC > Configuring the Use of the SAP Cryptographic Library for SNC > Configuring SNC for Using the SAPCRYPTOLIB on the AS ABAP http://help.sap.com/saphelp_nw70ehp1/helpdata/en/7c/3f443c8c06702ee10000000a11405a/frameset.htm SAP NWBC 4.0 documentation on the SAP Help Portal (end user guide and administrator guide): http://help.sap.com > SAP NetWeaver > User Interface Add-On for SAP NetWeaver > Application Help (SAP Library) > SAP NetWeaver Business Client http://help.sap.com/saphelp_uiaddon10/helpdata/en/03/ecbafb844b450a9314a5683b75ed80/content.htm?f rameset=/en/62/244a942bd844678e7ab72a960ad6c9/frameset.htm Note: SAP NWBC for Desktop 4.0 is delivered with the UI Add-On as well as with NW 7.40

© 2013 SAP AG. All rights reserved.

22

© 2014 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, Clear Enterprise, SAP BusinessObjects Explorer, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP France in the United States and in other countries. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG. This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice. SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement. SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence. The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.

© 2013 SAP AG. All rights reserved.

23