cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO to CRM from EP 7.3 for calling BSP apps.

Former Member

on ‎01-14-2013 8:16 PM

0 Kudos

Hi Experts,

We have developed a simple URL redirecting Webdynpro Java Application on EP 7.3 which is called from the browser using direct application URL. Some URL parameters are passed to the WD Java application and it will read the parameter values and construct another URL with these values to call the BSP Application on CRM system.

The intention is when the user clicks a link on External website, the WDApp is called and it in-turn call the BSP application without prompting for credentials (Intranet Access).

SSO configuration is done from EP 7.3 to CRM and Windows Authentication is done to login to portal. Both are working fine.

When we access the Webdynpro Application URL from browser, using Windows authentication it is logging into Portal, But SSO is not happening to CRM and we are prompted for user credentials (for CRM).

How to carry forward the SSO ticket to CRM to avoid the CRM Login Screen OR how to embed the SSO ticket in the Application URL.

Regards,

Ramesh.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-14-2013 9:17 PM
0 Kudos

Is your WDJ application deployed on the same instance as your portal?

Remember to use FQDN hostnames in URLs, otherwise SSO will not work.

Show replies
Show replies
Former Member
‎01-15-2013 3:52 PM
0 Kudos

Hi Kaski,

Thanks for the response. Yes. WDJ appliction is deployed on the same instance and we are using FQDN in the Portal URL.

Windows authentication is working and the App URL is able to go inside Portal, but SSO from there to CRM is not happening.

Is there any way to carry the logon ticket further like --- embedding logon ticket in the URL before hitting CRM or routing the application thru System Object to enforce SSO to CRM.

I also tried creating BSP Application iveiw and adding parameters to the iview URL which didn't worked.

Regards,

Ramesh.

Former Member
‎01-15-2013 3:57 PM
0 Kudos

You also have to use FQDN in your System Landscape where you have defined the CRM system. In your case since you are doing a redirect in the WDJ application, you have to use the FQDN in that case too.

I don't think you can encode the SSO ticket in the URL, the SAP Logon Ticket is stored in the browser session and parsed from there by the receiving system.

There might be several reasons for SSO not working. Have you imported the portal certificate to the CRM system? Have you set the SSO parameters in CRM system?

Former Member
‎01-15-2013 5:26 PM
0 Kudos

Hi Kaski,

Thanks for quick response.

You mean by SLD deffinition - System Object in Portal. If yes, I have used FQDN of CRM in both Application Host and Gateway Host parameters.

Sorry for not mentioning. SSO to CRM is working fine from Portal - other CRM apps and even the BSP application iview for the same WDJ App is working (with SSO) thru portal role. Only the issue is when the WDJ App is accessed from direct URL in browser (out side portal).

With in sytem object both the ITS and ICM protocals are set to http. The error is showing like switch to https is not possible. Do we need to enable https on ICM of CRM and in Portal 7.3.

With in WDJ App, I have changed the CRM direct URL to BSP application ivew URL and still it is not routing thru the system object to pickup logon ticke and getting the same error - "No switch to https occured, so it is not secure to send password"

Regards,

Ramesh.

Former Member
‎01-15-2013 6:56 PM
0 Kudos

How are you accessing the WDJ application? Can you share the URL, hide parts that you want to hide. Also share all other hostnames that you are using. The error you are seeing just indicates that SSO is not working and it is not secure to login with HTTP. Unless you are using HTTPS to access the portal (or the WDJ application within the portal) you do not have to use HTTPS. If you use HTTPS and are not terminating it, you should use HTTPS all the way.

Former Member
‎01-15-2013 7:27 PM
0 Kudos

We are not using Https anyware - not while accessing the portal, not in CRM system object.

We are using the below URL to access WDJ App

http://portal_system_name.mycompany.com:port/webdynpro/resources/mycompany.com/crm~myapp~ui/myApp?cu...

Within the WDJ Application the CRM URL is constructed as below

http://crmsystemname.mycompany.com:httpport/sap/bc/bsp/sap/crm_cust_app/default.htm?crm-object-type=...

Then the above CRM Url is set the "source" property of the IFrame UI element in the WD View.

I also tried the below variation of CRM url of the BSP iView :

http://portalname.mycompany.com:port/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.test....

Regards,

Ramesh.

Former Member
‎01-15-2013 7:35 PM
0 Kudos
                
 
 Within the WDJ Application the CRM URL is constructed as below
 
   

This is the problem, you have to access CRM through the portal for SSO to work.

I also tried the below variation of CRM url of the BSP iView :
http://portalname.mycompany.com:port/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.test....

And it didn't work? That is how you should do it. Access WDJ through portal as well as CRM.

Former Member
‎01-15-2013 9:12 PM
0 Kudos

Hi Kaski,

Unfortunately the BSP iView URL (URL captured when previewed the BSP iview in portal) is also not working and opening up the login popup to CRM and giving warning "No switch to https occured, so it is not secure to send password". The core purpose of this WDJ application is to avoid the credentials popup to CRM and to provide direct access to CRM BSP Application thru SSO.

The same BSP iview is working fine in Portal when I preview it.

Regards,

Ramesh.

Former Member
‎01-15-2013 9:31 PM
0 Kudos

I really don't understand what your requirement is and what you have done and why. Something is not adding up here.

If the only reason for having the WDJ application is to do a redirect to CRM within the portal, you don't need the WDJ application. Simply define the CRM content in the portal and specify the URL to the CRM content within the portal. In your example, use the last URL without going through the WDJ application. If SSO is correctly setup between the portal and CRM, it will work.

You do realize that users must exist both in the portal and the CRM system for SSO to work?

Former Member
‎02-12-2013 8:01 PM
0 Kudos

Hi Kaski,

Thanks for spending time and sharing your thoughts.

Just wanted to share the resolution worked for me. Actually, the WDJ application is called from salesforce application - passing some business parameters (These parameter values should be auto populated into some of the BSP application Fields). This application was working earlier in EP 7.0. After the upgrade to EP 7.3 we have changed the domain of EP to a different name leaving the CRM on the old domain name.

This caused the issue as the SSO ticket issued by Portal for the new domain name is not valid for the old domain name of the CRM system. This did'nt worked though we configured MDC since the WDJ application is accessed as stand alone (with application URL from outside - browser) and since the portal framework is not loaded the MDC is not hit.

We have changed the CRM back-end domain name to equalize to that of EP 7.3 and it resolved the issue.

Note :- The BSP iview URL used from WDJ did worked till passing thru SSO with out CRM credentials pop-up, but  could not pass the business parameters to the BSP Application. Even the App Integrator also did not worked. Not sure if there is really a way to pass/inject dynamic parameters into BSP iView (or any iview for that matter) to carry them to the embedded BSP application.

Regards,

Ramesh.

Former Member
‎05-31-2013 9:37 PM
0 Kudos

Hello,

Wanted to see if you found an answer to this?

We are working on similar requirement

From ECC, we want to pass parameters to CRM web client and not have users login to CRM

We have SSO working with ECC 6.0 Ehp6 and BW 7.3.1 and CRM 7.02 in EP 7.3.1

Users can login now automtically to CRM from  the portal with Windows AD from IE

EP=  http://sapportal.insummit.com:50000/irj

We have a url from an ECC ABAP program, it opens a new broswer and user is prompted to logn to CRM web application

http://sapcrmd.insummit.com:8025/sap/crm_logon/default.htm?crm-object-type=BP_ACCOUNT&crm-object-act...=

As you can see, this calls the CRM web application server and BSP page directly and not through the portal.  And since CRM is a BSP, there is only a single Iview in the portal, we cannot see how to configure single sign on in this way.

We are trying to find the right url string so the request to enterprise portal and passes the parameters on the URL to the CRM BSP BP_ACCOUNT through the portal where we have SSO and SPNEGO working correctly.

Lee Lewis

Former Member
‎05-31-2013 10:14 PM
0 Kudos

Simply create a BSP iView pointing to the CRM system in the portal, use a URL to go through the portal passing all required parameters. Use the NavigationTarget parameter to open the respective BSP iView in the portal.

If you have follow-up questions, open a new discussion thread. Hijacking threads is not nice.

Former Member
‎05-31-2013 10:52 PM
0 Kudos

Thanks Samuli very much!

I usually work in BW and have limited knowledge of portal applications, so  I do appreciate help on perhaps a basic question.

I have an iview and now trying the NavigationTarget parameter in this url string

This now does take the user direclty to the CRM BSP in the portal now with out prompting for login, but does not pass the parameters as expected.  It should open the account details.  What happens is that the main page for CRM is displayed,

Perhaps I missing in the url string?

http://sapportal.insummit.com:50000/irj/portal?NavigationTarget=/servlet/prt/portal/prtroot/pcd!3apo...

Direct CRM url - passes parameters ok

https://sapcrmd.insummit.com:8126/sap/crm_logon/default.htm?crm-object-type=BP_ACCOUNT&crm-object-ac...

Thakns again

Lee Lewis

Former Member
‎05-31-2013 11:06 PM
0 Kudos

Continuing in discussion thread http://scn.sap.com/thread/3368235

Ask a Question