Skip to Content
0

SSO is not working for multiple client Fiori - S/4HANA

Apr 12 at 04:00 AM

71

avatar image

Dear gurus,

We are configuring multiple client for Fiori - S/4HANA as per SAP Note 2453516 - How to Configure Fiori with Multi-clients. The multiple client works correctly except SSO function(currently using login ticket).

S4F001 <--> S4H400
S4F002 <--> S4H401

How to reproduce the error:

1. Login to Fiori Launchpad using Web dispatcher URL:
https://xxx.yyy.zzz.com

2. Enter user ID for Fiori Client

3. Click "Manage Bank Account" tile

4. Login screen for Backend system appear -SSO is not working


F12 trace:

Failed to load resource: the server responded with a status of 403 (Forbidden)
https://xxx.yyy.zzz/sap/es/ina/GetServerInfo?_=1523501897960

From below SAP Notes, this issue is due to incorrect setup of SSO.

2490978 - Fiori Launchpad Search Option Giving Login Popup

2408795 - Credentials are needed to load services for Fiori Search on Fiori Launchpad


T-code: SSO2 in S4F


T-code: SSO2 in S4H


Question:

Can SSO works in multiple client Fiori - S/4HANA?
in SAP S4HANA OP Fiori Configuration for Multiple Clients document, it is mentioned to remove client for below RFC:

a. R3 connections for S4<XXX>_RFC
b. HTTP Connections to ABAP System for S4<XXX>_HTTPS

So, will SSO work for multiple client?

Thanks,
Fadzly Iqbal

tile.png (41.6 kB)
tile.png (41.6 kB)
manage.png (28.8 kB)
f12.png (68.1 kB)
f12.png (68.1 kB)
s4f.png (64.0 kB)
s4h.png (74.4 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Isaias Freitas
Apr 12 at 01:45 PM
0

Dear Zulfadsly,

I guess that if the clients were the same at both systems it would work:

S4F400 <--> S4H400
S4F401 <--> S4H401

If you have an SAP Web Dispatcher as the entry point (e.g., in front of both S4F and S4H), you could use the "CLIENT=..." argument of the wdisp/system_XX parameter. This would work fine if you had different clients between the systems, but only one client per system.

Handling the multiple clients and the mapping to different clients between the systems might not be possible.

I am trying to think of a modification rule that you could create at the SAP Web Dispatcher (if it is used), but could not think of one so far...

Regards,

Isaías

Show 4 Share
10 |10000 characters needed characters left characters exceeded

Dear Isaias,

Thanks for the answer.
According to SAP S4HANA OP Fiori Configuration for Multiple Clients:

6 Additional Activities

-Open the Web Dispatcher profile and ensure the parameters for “wdisp/system_#” does not have “CLIENT=###” values. The client number is not required.

So, the web dispatcher parameter should look like this (without CLIENT)
wdisp/system_0 = SID=S4F, MSHOST=JPXXXXXAP, MSPORT=8103, SRCSRV=*:443, SRCURL=/sap/bc/ui5_ui5/;/sap/bc/ui2/;/sap/bc/lrep;/sap/opu/odata;/sap/public/;/sap/bc/bsp; /sap/bc/nwbc/

wdisp/system_1 = SID=S4H, MSHOST= JPXXXXXAP, MSPORT=8100, SRCSRV=*:443, SRCURL=/sap/bc/webdynpro/;/sap/es/;/sap/bc/gui/;/sap/bc/apc;/sap/bw/ina;/sap/bw/Mime/DS/Content

0
Zulfadzly Iqbal Mohmad Zulkafli

Dear Zulfadsly,

Maybe my comment was not clear enough. Let me try to clarify it.

The "CLIENT" argument could be used if you did not have multiple clients on each system, but had different clients between the systems.

For example, S4F only had client 001. S4H only had client 400. SSO would still not work because of the different clients between the systems. One way to workaround that would be to use the "CLIENT" argument of "wdisp/system_X".

Your scenario is different. You have two clients per system, and also have different clients between the systems.

Therefore, using the "CLIENT" argument is definitely not an option. I was just commenting around possible scenarios.

One way to solve this is to change the clients at the Fiori frontend (S4F).

If the clients are the same on both systems, you should be good. For example:

S4F400 <--> S4H400
S4F401 <--> S4H401

Once the user chooses the client and logs on to S4F, the same client would be used when accessing S4H.

If this is not an option, I believe that we would have to try creating modification rules in the Web Dispatcher, but I am still thinking of what those could be.

Regards,

Isaías

0

Dear Isaías,

SSO is working when we changed to:

S4F400 <--> S4H400
S4F401 <--> S4H401

Thank you very much. Really appreciate your advice!

Regards,
Fadzly Iqbal

0
Zulfadzly Iqbal Mohmad Zulkafli

Dear Fadsly,

You are welcome! :-)

Regards,

Isaías

0