Create SAP Server Connections

You can perform the following on the SAP Server page:

View SAP server details

You can see the following SAP server connection details on the Connections menu, under the SAP Servers tab:

  • Connection Name
  • Scope Level
  • System ID
  • Client
  • Server Type
  • Description

For a detailed view of a specific SAP Server, select it fromSAP Servers page list and click View. The Server Information page will then come up, and it will feature details for that SAP Server.

You can filter on any column shown on the SAP Servers tab.

Quick add an SAP server

  1. Go to Connections > SAP Servers.
  2. Click Quick Add, and enter the following information:
    • Connection name
    • System ID
    • Client
    • Server type
  3. Click Save. You will be notified that the SAP Server has been added successfully.

Add SAP server(s)

  1. Go to Connections > SAP Servers.
  2. Click Add. The Add New Server page appears.
  3. On the Server Information page, enter the following details:
    • Connection Name – Name you are assigning to this SAP connection
    • System ID – SAP System ID
    • Client - Client ID (this should be 3 digits)
    • Server Type – Select Production or Non-Production
    • Description – Description of the SAP Server
  4. Click Next. On the Logon Details page, select SAP Server or SAP Logon Group. For SAP Server, enter the details for the Router String, the Application Server Host, Instance Number, and the Code Page. Under logon options, if user has specific language pack installed on SAP server, he can add its value to this field. This field is not mandatory and requires numeric value. This value is maximum 4 in length example, 4103, 1100.
  5. For SAP Logon Group, enter the details for the Router String, the Logon Group, the Message Server Host, and the Message Server Port.
  6. Click Next. The Logon Types page will appear. SAP connection for following logon type support Japanese characters in SAP user name and password
    • Credential based App Server

    • Credential based Message Server

  7. On the Logon Types page, select an option from the Select Logon Type pane, and complete the steps as follows:

    Credentials-based

    • Use SAP credentials to connect to the SAP Server, and click the Test Connection button
    • In the Test Credentials window, enter the SAP Username, SAP Password, and Language
    • Click the Test Connection button

    Activate SNC

    • Enter the SNC Partner Name and the SNC Username
    • Select an SNC_QOP (security level) from the drop-down list
    • Click the Test Connection button
    • In the Test Credentials window, enter the SAP Username, Windows Domain, Windows Username, Windows Password, and Language
    • Click the Test Connection button

    SAP Enterprise Portal

    • Enter the SAP Enterprise Portal URL and select the mechanism you want to use from the EP Logon Using field (either User Credentials or SP Nego)
    • To Test Connection for User Credentials, click the Test Connection button
    • In the Test Credentials window, enter the SAP Username, SAP Password, and Language
    • Click the Test Connection button
    • To Test Connection for SP Nego, click the Test Connection button
    • In the Test Credentials window, enter the Windows Domain, Windows Username, Windows Password, and Language
    • Click the Test Connection button

    SiteMinder

    • Enter the Site Minder URL
    • Click the Test Connection button
    • In the Test Credentials window, enter the SAP Username, SAP Password, and Language
    • Click the Test Connection button
      Note: This SSO configuration is supported only for our legacy customers migrating from Foundation to Evolve using SiteMinder.

    X.509

    • Enter the SNC Partner Name and SNC Username
    • Select an SNC_QOP (security level) from the drop-down list
    • Click the Test Connection button
    • In the Test Credentials window, enter the SAP Username, Windows Domain, Windows Username, Windows Password, and Language
    • Click the Test Connection button

    SAP SSO

    • Enter the SNC Partner Name, SNC Username, and the System User’s name
    • Select an SNC_QOP (security level) from the drop-down list

    SAP SSO does not provide a test connection option.

    CyberSafe SSO

    • Enter the SNC Partner Name, SNC Username, and the System User’s name
    • Select an SNC_QOP (security level) from the drop-down list.
    CyberSafe SSO does not include a test connection option.
    Note: This SSO configuration is supported only for our legacy customers migrating from Foundation to Evolve using Cybersafe.
  8. Click Submit to save your changes. You will be notified that the SAP server has been added successfully.
Note:

French, German, Spanish or Japanese characters are not supported in Domain user name, Host name, Email address, SAP user name, and password in SAP connection for following logon types.

  • Credential based App Server

  • Credential based Message Server

  • Kerberos SSO (Activate SNC)

  • Enterprise Portal (Credential based, SPNego)

  • SiteMinder

  • X.509 certificate

  • SAP Trust (SSO)

  • CyberSafe SSO

  • SAP SAML

SAP SAML on Evolve

This feature is used for SAP that has SAML as trust provider.

SAP SAML portal has capability to add multiple SAP servers on portal.

  1. The user who is successfully logged in using email address on SAP SAML portal through the browser then same user will also used in Studio and Evolve. In case there are 2 or more SAP servers configured on the portal, the user who is able log in to system, then same user will also used in Studio and Evolve.

  2. For all the SAP servers configured in the portal, the SAP user must exist on the server and explicit authorization is required on each of the server.

Following is the configuration required for running all SAP server from Studio and Evolve.

  1. EIS (Evolve Identity Service) setup - You need to provide following details which is used to create SAML token signed by provided certificate. This SAML token is then passed to SAP to get mysapsso2 ticket to create RFC connection using SAP details (like System ID, Client, and so on). This will work for all Evolve use case (Studio, Form and AutoRun/Server scheduling).

SAP SMAL Attribute Example Behaviour

Audience

<<SAP-Evolve>>

The audience of the SAML token. This is case sensitive.
Certificate Password   If certificate has password then this password is provided to user.

Issuer

<<JohnTestIDP>>

This is name of the issuer of the SAML token. This is case sensitive.

Sign Certificate

It supports bot pfx and cert file

This certificate is used to sign SAML token using password.

Subject/User name

{firstname}.{lastname}

{email}

This username will be treated as SAP user name and replaced with claim attributes user name.

URL

https://cha-en-vsap1.wsdt.local:8001/sap/bc/ui5_ui5/ui5/simpletest/index.html

This is SAP SAML URL which has trust setup with Evolve.
  1. Manual setup - This is used to for Studio use case like other EP Portal. In this case, user needs to provide SAP SAML URL on Evolve. This SAML URL is used by Studio to fetch mysapsso2 ticket for creating RFC connection. It supports only interactive run from Studio and Add-in. It does not support non interactive SAP operations like Local/Server scheduling, web services, autorun/update plugin and F4 lookup.

Edit SAP server details

  1. Go to Connections > SAP Servers.
  2. Select the SAP server from the SAP Servers page list and click Edit.
  3. On the Update Server pages (theServer Information, Logon Details, andLogon Types pages), make your changes. Click Next to move through the pages.
  4. After adding all your changes, click Submit. You will be notified that the SAP Server details have been updated successfully.
Note:

User should use two characters in SAP language on Studio and Evolve as Single character does not work throughout the SAP interaction. Add bold text for SAP language content. Example: SAP Username, password, and preferred language with two characters (EN, FR and so on)

Referencing an edited SAP server in a solution may cause issues with that solution. The Connection Name field cannot be edited.

Delete an SAP server

  1. Go to Connections > SAP Servers.
  2. Select the SAP Server from the SAP Servers page list and click Delete.
  3. When you are prompted to confirm the deletion, click Yes. You will be notified that the SAP server has been deleted successfully.

Further background:

  • When an SAP server is deleted, the associated SAP credentials and policies are also deleted.
  • If an SAP server is deleted, credentials which have been added by other users for this SAP server are also deleted.
  • Referencing an edited SAP server in a solution may cause issues with that solution.
  • If the SAP Server is added again using the same configuration and connection name, the solutions will work as they did previously. Users must add the SAP credentials for this SAP server again; they must also update the policies to include this server.