VENKAT SAP BASIS: NW ABAP

Showing posts with label NW ABAP. Show all posts

Adobe Document Services (ADS) comes installed by default with NetWeaver AS Java and is SAP’ s standard way of creating PDFs by SAP applications. These PDFs can be normal PDFs or interactive (called Adobe Interactive Forms). The SAP system using ADS can be any NetWeaver ABAP or Java system. This makes the setup process a little bit more complex: it depends on your use case which steps have to be executed. You can have the ADS system that is a NW Java system, a NW ABAP system and another NW Java system that use ADS. And many times the calling NW Java system is the same system ADS is running on.

Tip : When you start configuring ADS, write down each system and its role. If not, it`s pretty likely you`ll have later some problems in identifying which connection and user you are configuring.

For this document I`ll consider the scenario of an ABAP system calling ADS to generate a PDF. In this scenario, the components involved are ADS, NW ABAP and NW Java. These are also the main areas to consider when setting up ADS.

Things are more complicated because the communication between the ADS and the calling system is bidirectional. For instance, the ABAP system calls ADS and sends the data to be converted and after ADS finished the conversion, ADS calls the ABAP system. After all, you want to use PDF in your ABAP system. Simplified, the information looks is like:

What does this mean now when you have to configure ADS together with ABAP?

1. Check that there is an ADS user with the right UME actions on NW Java

2. Check that there is an ABAP user with the right profile on NW ABAP

3. There needs to be a connection from ABAP to ADS (destination type web service)

4. There needs to be a connection from ADS to ABAP (as a destination: NW Java, as a SICF service: NW ABAP)

Configuration: ADS

As ADS is a JEE application it makes use of the security and authorization concept of JEE. This means that you

a) need an ADS user and

b) assign the right permissions to this user

to be capable of executing the application. As ADS is a NW Java application, to gain access the right assignment of UME action to the user executing/calling the application is needed (therefore, you can use any username). By default, the user ADSuser is created and the UME actions are made available in the NW Java system when ADS is installed. If they are missing, something is wrong with the ADS

installation. Short: on the Java side the ADS configuration is actually nothing more than assigning permissions.

Parameters to remember:

While the SAP documentation talks about assigning a role, what counts are the UME actions assigned to that role. Looking up the UME actions for default user ADSuser .

ADSuser:

Role

UME actions:

As soon as the user ADSuser is assigned to the role SAP_ADSCALLER the necessary permissions are available and this user can access and use ADS.

Remember

ADSuser is the user used by the ABAP system to call ADS. The ABAP system will use this user to logon to NW Java and to execute the ADS web services. This is not a service user used in the background by ADS.

Configuration: ABAP

In the ABAP system, configuration involves main tasks:

1. Set up a HTTP connection so the ABAP system can call ADS

2. Maintain user used by ADS to call the ABAP system

3. Set up the destination called by ADS to transfer the PDF

Let us go through each one of these three steps, starting with the user administration.

1. HTTP Connection

This configuration is needed so that the ABAP system can actually call ADS.

Transaction : SM59

Information flow: ABAP > ADS

By default, the name of the destination is ADS and of type G (which means HTTP. After all, ADS is exposed as a web service).

The technical settings point to the NetWeaver Java server where ADS is running.

Parameter Value

Target host : FQDN of NetWeaver Java server

Service No : Port of NetWeaver Java server

Path Prefix : /AdobeDocumentServices/Conf i g?style=rpc

Logon tab

Here the logon information send by ABAP to Java to authenticate as an ADS user are given. The user entered here MUST have the right UME permissions assigned. The user information entered must match what was used in Configuration: ADS ( see above) .

USER

To send back the PDF, ADS invokes a ICF service on the ABAP server. To do so, it must authenticate on the ABAP server . Therefore, a user must be made available on the ABAP system that has the This is the user used by ADS to send back the gener ated PDF to the ABAP system.

Informat ion f low : ADS > ABAP .

Transaction : SU01

Parameter Value

User name : ADS_AGENT

User type : Service

Assign role : SAP_BC_FPADS_ICF

ICF service.

This configuration is used by ADS to actually send back the generated PDF. ADS is not using a RFC/BAPI connection but a web URL. As in ABAP a URL is backed by a ABAP application, a valid ABAP user with the right permissions to execute the ABAP application is needed. This user was provisioned in the previous step. This implies also that the PDFs are not simply stored as pdf files in a file repository but processed by a SAP application.

Transaction : SICF

Information flow : ADS > ABAP

Enter "fp" in the service name field and execute the report. The service will be shown. Ensure that the service is active.

Configuration: ADS to ABAP

Configure a connection between ADS and ABAP so that ADS can call the ABAP system and send back the generated PDF. This is done in NW Java using a destination.

Open NWA and navigate to SOA > Destinations

Create a new destination. The name of the destination needs to follow a certain naming convention: FP_ICF_DA TA_<SID>

In case the <SID> of your ABAP system is SID, the correct name to enter here is FP_ICF_DA TA_SID. (If your ABAP SID is AB1, it would be FP_ICF_DA TA_AB1).

Next, enter the connection settings. These are needed by ADS to call the ABAP server using HTTP and for the logon information. In case the HTTP server of the ABAP server is listening on port 8000 on SID and client 100 with logon language English, the information to be entered looks like this:

The last step in the destination configuration wizard is to provide the logon information. Remember, this is how ADS will authenticate itself against the ABAP system. Therefore,a user with the right permissions on the ABAP system must be entered here. For basic authentication, (NetWeaver Java will transmit username and password) using the default user ADS_AGENT the information to be entered is:

Conclusion

After going through the basic setup, there are a few things to note.

a. On the Java ADS side, you can have more than one ADS user They only have to be assigned to the correct UME actions. If you want, you can have N users: ADS1, ADS2, …, ADSN

b. For each ABAP system you`ll have to create a destination on the ADS NW system.

c. Each destination can have its own user , these do not have to be the same or even share the same password

d. Both the destination ADS uses as well as the URI of the ABAP service are fixed. While ADS uses the destination to resolve the host name (and user/password), the path on the ICF service cannot be configured through the destination and is fixed.

In case ADS is not working as expected, you can take a look at this

document: Solving ADS related issues

Table of content

Wizard-based Configuration for Adobe Document Services

1) Creating a User i n AS ABAP for Basic Authentication

2) Creating the User ADS_AGENT

3) Setting Up Basic Authentication - Creating the ABAP Connection

4) Creating or Changing the Destination Service

5) Activating the ICF service

6) Creating a User in AS Java for Basic Authentication

7) Setting Up Basic Authentication in a Java Environment

Wizard-based Configuration for Adobe Document Service

To carry out the basic configuration steps required for Adobe document services,call the wizard-based configuration tool as described in Configuration wizard.

Only carry out the wizard-based configuration if your system has never been configured before.

The wizard-based configuration for Adobe document services performs the following post-installation steps:

In an ABAP+Java system

Creating the User ADSUSER for Basic Authentication.
Creating the User ADS_AGENT.
Setting Up Basic Authentication - Creating the ABAP Connection.
Creating the Destination Service
Activating the ICF service.

In a Java system

Creating the User ADSUSER in AS Java for Basic Authentication.

Setting Up Basic Authentication in a Java Environment

You have to carry out these steps manually, if

you do not want to use the configuration wizard.
your system landscape is not a double-stack installation, thus consists of different servers for ABAP and Java.
An existing AS ABAP is enhanced wit h an AS Java (Add-in).

Afterwards, perform the manual steps for basic configuration.

After you have performed all configuration steps,you can check whether the configuration is complete. For more information see, Configuration Check.

Creating a User in AS ABAP for Basic Authentication

Use

When your system is an ABAP+Java system the user ADSUser is created during the execution of the wizard-based configuration. This user is required for the secure communication between the ABAP system and the Java system where the Adobe document services are installed. You have to proceed the following

procedures manually when your syst em is not an ABAP+Java syst em.

Creating the User ADSUser

1) Logon to the AS ABAP with an admin user, in the client that is used for the UME authentication.

2) Choose Tools → Administration → User Maintenance → User (transaction SU01).

3) Enter ADSuser as user name and choose Create.

4) Choose system user as type for ADSUser.

5) Enter a password and save your settings.

Creating the Role ADSCALLERS

1) Choose Tools→Administration→User Maintenance→Role Administration→Roles (transaction PFCG)

2) Create a role ADSCALLERS (no authorizations required).The ADSCallers role in SAP NetWeaver AS ABAP appears automatically as the ADSCallers group in the NetWeaver Administrator.

3) Activate the role.

4) Assign user ADSUser to this role.

Assigning UME Role and Actions to the ADSUser

1) Navigate to http://<server>:<port>/useradmin to start the User Management .

2) Choose Role and search the role named SAP_ADSCALLER. This UME role was created during installation.

3) Go to the Assigned Users tab. Under Available Users, search for the user ADSUSER and press Add to assign this user to the role SAP_ADSCALLER.

4) Save your changes.

Creating the User ADS_AGENT

The service user ADS_AGENT in the AS ABAP corresponds to the user you specify in the authentication parameters of the Destination Service in the ASJava that hosts the Adobe document services.

Procedure

1) Log on to the SAP NetWeaver AS ABAP and choose transaction SU01 (User Management ).You must specify this client in the Destination Service.

2) Enter the name ADS_AGENT in the User field and choose User→ Create .

3) Choose the Logon data tab and assign a password.You must specify this password in the Destination Service.

4) Choose Service as the user type for ADS_AGENT.

5) Choose the Role tab and assign one of the following roles to the user ADS_AGENT.

SAP_BC_FP_I CF ,

If AS ABAP and AS Java (with ADS) are on the same system (Double-Stack or Java Add-I n).

SAP_BC_FPADS_I CF ,

If AS ABAP and AS Java (with ADS) are on different systems.This distinction is for performance reasons. You may copy the required role first. For more information, see Changing Standard Roles in the SAP Library.

6) Save the data.

7) Create or change the Destination Service

Setting Up Basic Authentication - Creating the ABAP Connection

Use

This procedure applies only in the scenario of print forms or forms created in an SAP Web AS ABAP. The purpose of this procedure is to create a connection in the ABAP environment to use when connecting to Adobe document services and to set up Basic Authentication.

Procedure

1. Log on to your SAP NetWeaver AS ABAP central instance host .

2. Call transaction SM59.

3. Choose Create .

4. Enter at least the following:

RFC destination : ADS

Connection type : G

Description : <your descript ion>

5. Choose ENTER

6. Choose the Technical settings tab and enter at least the following:

a) Target Host

Enter the host name of the AS Java that runs the Adobe document services or of the SAP Web dispatcher if applicable.

b) Service No

Enter the HTTP port number of the Target Host you have specified (The following naming convention applies : 5<J2EE_instance_number>00(50000, for example, if your J2EE instance is 00).

c) Path Prefix

Enter exactly the string "/AdobeDocumentServices/Config?style=rpc".

Note: A warning is displayed:Query String Not Allowed.Ignore this warning by pressing Enter.

7. Choose the Logon/Security tab, select Basic Authentication .

8. In the User and Password boxes, enter the user name ADSUser and the password.

9. Save your settings.

Creating or Changing the Destination Service

Use

This procedure applies to SAP applications using print forms and forms in ISR scenarios, for example in the Business Package Manager Self-Services.When processing forms between an ABAP environment and a Java environment,where the Adobe document services are installed,the Destination service is used.This service runs in the AS Java and facilitates communication and data transmission between the Java and ABAP environments. Communication between ABAP and the Java Destination service is enabled by the Internet Communication Framework(I CF).

In an ABAP+Java system, the Destination service is configured for basic authentication,when you execute the wizard-based configuration. You need to change or create these settings, if

ABAP and Java are installed on separate systems
you want to use SSL
The service user ADS_AGENT in the ABAP system is not in the default client .

Prerequisi tes

The ICF service on the SAP NetWeaver AS ABAP is active. For more information,see Activating the ICF service.
The service user ADS_AGENT was created and assigned to the appropriate role. For more information,see Creating the User ADS_AGENT.

Procedure

To change destination, proceed as follows:

1. Navigate to http://<server>:<port>/nwa to start the SAP NetWeaver Administrator

2. Choose Configuration Management→Security Management→Destinations.The system shows the Destination List, where the available destinations are displayed

3. Choose Create.

4. Enter the Destination Name FP_ICF_DATA_<SI D>,where < SI D> is your ABAP system,and choose HTTP for the Destination Type. Press Next .

5. Under Connection,enter the message server(or Web Dispatcher) of the SAP NetWeaver AS ABAP in the URL f ield:

http://<hostname>:<HTTP_port>

and in case of SSL,

https://<hostname>:<HTTPS_port>

To display the host name of your SAP NetWeaver AS ABAP log on to SAP NetWeaver AS ABAP and call transaction SICF. In the main menu, choose Goto→Port Information. The information is displayed on a screen; Where the HTTP_port is specified under Services .

6. Enter the appropriate client number of the system,where the service user ADS_AGENT exists into the Client field. Keep the other fields System I D and Language empty.

7. Under SSL Server Certificates,choose Ignore server certificates and press Next .

8. Under Logon Data→Authentication,choose Basic.

9. Enter ADS_AGENT in the Username field and enter the same password as given for this user in the SAP NetWeaver AS ABAP in the Password field.

10. Choose Finish for saving the data.

11. Check the settings of the Destination Service. For more information, see the last section in Checking the Destination Service and the ICF Service.

Activating the ICF service

Use

The communication between the Destination Service of the SAP Web AS Java and the SAP Web AS ABAP uses the Internet Communication Framework.You have to activate the corresponding service,if this is not done so far.

Procedure

1. Logon to your SAP Web AS ABAP system

2. Choose transaction SICF.

3. Choose default_host→sap→bc→fp in the tree.

4. Choose Service/Virt. Host→Activate

5. If AS ABAP and AS Java(with ADS) are installed in different systems,and you want to bundle your forms to improve performance, you also have to activate the fpads ICF service.

Result

The ICF service is now active.

Creating a User in AS Java for Basic Authentication

Use

This user is required for the secure communication between the Web Dynpro for Java application and the Java system where the Adobe document services are installed.

You can create this user in the AS Java or in the AS ABAP depending on the installation settings for the SAP User Management Engine(UME). You create this user in the SAP NetWeaver AS ABAP when the UME is configured against the ABAP backend.

Prerequisites

You need to log on to the configuration tool with administrative privileges.

Procedure

To create a user in AS Java and assign the SAP_ADSCALLER role:

1. Navigate to http://<server>:<port>/useradmin to start the User Management .

<server>is the AS Java that hosts the Adobe document services and <port> is the HTTP port of the AS Java.

2. On the Identity Management tab search for Group. .

3. Choose Create Group to create a group called ADSCallers and enter the required data.

4. Then search for User .

5. Choose Create User and enter ADSuser for the user name. Type a password. You need to confirm the password.

6. Under Security Policy choose Technical User.If you choose Technical User,the password won’t expire.

7. Go to the Assigned Roles tab. In Available Roles,search for the role SAP_ADSCALLER and press Add to assign it to the user ADSuser.

The SAP_ADSCALLER role was created when your system was installed. You should not assign this role to users other than the user that you will use for accessing Adobe document services.

8. Save your changes.

9. Continue with Setting Up Basic Authentication in a Java Environment.

Setting Up Basic Authentication in a Java Environment

Use

This procedure applies for the scenario of interactive forms in a WebDynpro for java application. It describes you the configuration steps to set up basic authentication between the WebDynpro runtime and the Adobe document services.

Prerequisites

The user ADSUser exists.

Procedure

To set up Basic Authentication in a Java environment :

1. Navigate to http://<server>:<port>/nwa to start the SAP NetWeaver Administrator.

<server> is the AS Java where the WebDynpro application is installed and <port> is the HTTP port of the AS Java.

2. Choose SOA Management→Business Administration→Web Services Administration

3. In the Search by field,choose Proxy Definition Name, and then choose Go.

4. In the displayed table select DestinationSi under Proxy Definition .

5. To create a logical port,Choose the Configuration tab,and then choose Create LP .

6. Choose Manually and choose Next .

7. Enter ConfigPort_Document in the field Logical Port Name .Enter the name exactly as given here,case sensitive.

8. In the field WS Endpoint URL enter the following: http://<host>:<port>/inspection.wsil

where <host> is the AS Java where the Adobe document services are installed, and <port> is the HTTP port of the AS Java.

9. On the Security tab,in the Authentication group box,choose HTTP Authentication and select the User ID/ Password(Basic) indicator.

10. Click on the Details button. A dialog box appears. Enter ADSUser in the field User I D :and the password in the Password and Confirm Password fields. You must specify the same password as you did in the task Creating a User in AS Java for Basic Authentication.

11. Save your entries.

1) ADS CONFIGURATION
2) ADS Configuration with screen shoots

VENKAT SAP BASIS

What is SAP?

SAP SOLUTION MANAGER

SAP HANA

FEEDBACK

ADS Configuration with screen shoots

Configuration: ADS

ADS CONFIGURATION

ADS (ADOBE DOCUMENT SERVICE)

Subscribe & Follow

Feedback

Popular Posts

Tags

Forums

Link list 1

Link list 2

Total Pageviews