Embed Size (px)
DESCRIPTION
Connector for SAP - Demo07
Citation preview
Connector for SAP HCMDEMO 07
The SAP Connector is built on the Web Services Connector. Please refer to the TechNet documentation for the Web Services Connector for additional information.
SummaryFeatures Supported variants
Connected data source versions SAP ECC 5.0 SAP ECC 6.0
Scenarios Object Lifecycle Management Password Management
Operations Full import Export (Add, Remove, Replace)
Schema Employee
Permissions in connected data sourceTo create or perform any of the supported tasks in Web Service connector for all the supported data sources, you must have following permissions.
1. SAP_BC_WEBSERVICE_ADMIN: Administration authorizations for Web Services in AS ABAP2. SAP_BC_WEBSERVICE_CONSUMER: Web Service userFor more details, see Generate Authorization Profiles.
Ports and protocolsThis depends upon SAP installation and configuration.
Connector update historyBuild Release Revision list5.0.458.0 2012 June First release of the Web Services Connector.
Requirements, before you begin, and installation
Installation of Default ProjectsThe default project installer file is available at the Microsoft Download Center. Download the installer file and run to install.
Double click the downloaded project file to begin installation.
a. The following screen appears, click Yes.
b. Next license agreement screen appears; click Yes to accept the terms and conditions.
c. The next screen prompts to specify the location for installing the default project. Specify the location: %FIM_INSTALL_DIR\2010\Synchronization Service\Extensions and click OK.
d. The installation starts and the successful completion is reported. Click OK to exit setup wizard.
The default project consumes the exposed BAPIs in the form of web service through WSDL path. Ensure that the web service is exposed correctly and includes all the required native BAPIs. For more
information, see Exposing Web Service for SAP ECC 6 Connector.
Content of Default Project
Web ServicesThe discovery operation retrieves the endpoint ZSAPConnectorWebService and all the BAPIs that have been exposed through the web service at SAP. The exposed web service here includes only the native BAPIs listed below:
BAPI_ADDRESSEMP_CHANGE BAPI_ADDRESSEMPGETDETAILEDLIST BAPI_EMPLCOMM_CHANGE BAPI_EMPOYEE_DEQUEUE BAPI_EMPLOYEE_ENQUEUE BAPI_PERSDATA_CHANGE BAPI_PERSDATA_GETDETAILEDLIST BAPI_TRANSACTION_COMMIT BAPI_USER_CHANGE BAPI_USER_CREATE1 BAPI_USER_DELETE BAPI_USER_GET_DETAIL BAPI_USER_GETLIST BAPI_USER_UNLOCK SUSR_USER_CHANGE_PASSWORD_RFC
Important:
There are few attributes that are defined for the default projects of each of the supported data source These are mandatory for calling the BAPIs/CIs/APIs successfully.
Below is the list of these mandatory attributes:
Functions Attributes
BAPI_PERSDATA_GETDETAIL employeeID personalDataFromDate personalDataToDate personalDataRecordNumber
BAPI_ADDRESSEMP_GETDETAIL employeeID addrDataFromDate addrDataToDate addrDataRecordNumber
WorkflowsA native BAPI in SAP is used to perform a single task. There are certain operations for which native BAPIs are not available and hence the default project does not have support them.
But they can be configured with the help of custom BAPIs by including them in the web service and then configuring the required workflow. Following are the workflows that are supported for:
Employee Object
FIM Operation Implemented through native web service (BAPI) operation
Full Import Yes
Delta Import No
Export Add No
Export Delete No
Export Replace Yes
Set Password N/A
Change Password N/A
Exposing Web Service for SAP ECC 5 ConnectorWeb Service Configuration Tool discovers the Web service through a WSDL (Web Services Description Language) and retrieves its services, endpoints and operations (BAPIs) it provides. Services, endpoints and operations (BAPIs) are used by the Web Service Connector to access the SAP server and synchronize identities with Forefront Identity Manager (FIM) 2010.
For a web service to be discovered, it is first required to be exposed at the SAP ECC 5. This topic describes the process of exposing the web service from SAP ECC 5 workbench.
Login to SAP ECC 5 and enter the ABAP workbench using Transaction Code SE80. This will open the Object Navigator screen, where you maintain different SAP application components like packages, viewing function groups, BSP programs etc.
To create a Web service that can be utilized by Web Service Configuration Tool, you must first create a package so that all the objects can easily navigate through different systems.
1. Create a new Package through T.code SE80.
Open T.code SE80. Give the package name and hit enter. Following screen appears:
Click yes to proceed for package creation. Give the required details in the following screen and click create button.
It will prompt for a transport request. Save it a transport request.
Now right click on the Package name and select Enterprise Service.
Click continue
Give the Virtual Interface name its short description and select the endpoint as Function Group and click continue.
The function group chosen in the example is already defined and encapsulates the BAPIs related to users.
Add the required BAPI’s in the function group and select those required BAPI’s and click continue.
Now, give the name of the Webservice and its short description and the Profile as Basic authorization and click continue.
Once you click continue Webservice and the Virtual interface are created.
Request where the Webservice is saved.
After the Web Service is created, you must change the Profile settings of the Service definition. Under Features Tab, check the Select Feature checkbox and activate the Service definition. This will enable Stateful communication.
Note: A Stateful service retains its status within the framework of a HTTP session throughout several calls form the same service consumer. The standard value for services is Stateless. If you require stateful communication, you can choose this instead.
Configuring a Web ServiceGoto T.code WSCONFIG. Give the webservice name and press enter. You can see the webservice with green icon. Green icon indicates that the webservice is released.
If the Webservice is marked with red icon then Double click on Service it will take you to the following screen and click on ICF Details.
Right click on the service and select activate service.
Click Yes and the service gets activated and click back button and now you can the service with green icon.
Goto T.code WSADMIN. Select your web service. You can find this under SOAP Application for RFC-Compliant FMs tree. Expand that and click on your webservice name. To test the URL click on WSDL icon and URL will open in a new browser.
Details of the Webservice.
Exposing Web Service for SAP ECC 6 ConnectorWeb Service Configuration Tool discovers the Web service through a WSDL (Web Services Description Language) and retrieves its services, endpoints and operations (BAPIs) it provides. Services, endpoints and operations (BAPIs) are used by the Web Service Connector to access the SAP server and synchronize identities with Forefront Identity Manager (FIM) 2010.
For a web service to be discovered, it is first required to be exposed at the SAP ECC 6. This topic describes the process of exposing the web service from SAP ECC 6 workbench.
Login to SAP ECC 6 and enter the ABAP workbench using Transaction Code SE80. This will open the Object Navigator screen, where you maintain different SAP application components like packages, viewing function groups, BSP programs etc.
To create a Web service that can be utilized by Web Service Configuration Tool, you must first create a package so that all the objects can easily navigate through different systems.
1. Select dropdown Package, give new package name and press enter. Following screen appears if the object is not available in the system. Click Yes to proceed with package creation.
Provide the required details in the Create Package screen and click Create button. You can choose to specify the Application Component. This would restrict the scope of object created only to the application (SAP module, for ex: ABAP, MM, PS, LW etc.) specified. It is recommended that you do not specify the application component which makes the object global.
The system prompts for a transport request. Click Save button to save the transport request.
Transport request number: EC6K900034
The transport request is generated using transaction code SE10.
2. Once the package is created under Object Name; to start creating the web service, right click on the Package name and select Enterprise Service.
3. The screen to select Object Type is displayed. Select Service Provider as object type and click Continue.
4. On Service Provider screen, select Existing ABAP Objects (Inside Out) and press Continue. With inside out you start at the backend with an existing application and enable service for a particular functionality. It means that you start with the implementation and move out towards the interface.
5. For the selected Object Type, provide the Service Definition name, description and Endpoint Type as Function group. You must choose Function Group as Endpoint type since the Web Service configuration tool for FIM requires a single URL for all the selected BAPI’s.
Click Continue.
6. On Choose Endpoint screen, select the required Function Group name and press Continue. The web service configuration tool works with HR data and hence, extracts all the data related to users. The function group chosen in the example is already defined and encapsulates the BAPIs related to users.
7. On Choose Operations screen, select all the required BAPIs and add the BAPIs that are not included in the function group. Click Continue.
8. On Configure Service screen, choose a profile for Security Settings. There are four profiles defined by SAP for selection. Select one profile as per requirement.
PRF_DT_IF_SEC_HIGHAuthentication using certificates and transport guarantees
PRF_DT_IF_SEC_MEDIUMAuthentication using UserID and password and transport guarantee
PRF_DT_IF_SEC_LOWAuthentication using User ID and password, no transport guarantee
PRF_DT_IF_SEC_NONo authorization and no transport guarantee.
Check Deploy Service checkbox and press Continue.
Important:
It is mandatory to check the box for Deploy Service. This will ensure that the newly created web service is automatically deployed as well i.e. the service and endpoint will be created.
While in case, when the checkbox for Deploy Service is not checked then the endpoint and service will not be created.
In the absence of endpoint, SOA Manager screen will look like this.
In this scenario, you must create a Service first, by going to the Configurations tab.
For detailed steps to create a service in SOAMANAGER, see Create Service in SOAMANAGER.
9. On the Enter Package/Request, enter the Package name and Transport Request where you want to save the service definition. Click Continue.
10. Click Complete button and Web Service will be created.
After the Web Service is created, you must change the Profile settings of the Service definition. Under Configuration Tab, select Stateful communication properties and activate the Service definition.
Note:A Stateful service retains its status within the framework of a HTTP session throughout several calls form the same service consumer. The standard value for services is Stateless. If you require stateful
communication, you can choose this instead.
The next step is to configure the service created using SOA manager and defining the security level.
Configuring a Web Service using SOA Manager and defining the Security levelFollow below steps to configure the Web Service.
Open the Transaction SOAMANAGER. Select Application and Scenario Communication tab.
1. Click on Single Service Administration.
2. Provide the Service Definition name in the box Service Pattern and click Go.
3. Select the Service definition and click Apply Selection.
4. Go to Configurations tab and click Edit.
Under Security tab you can define Transport Security setting and Authentication Security setting.
Security at transport level can be ensured by means of mechanisms used on the Internet. HTTPS sets up an encrypted connection between the client and the server and is suitable for simple situations – for example, when a client communicates directly with a single server. Every single message that is exchanged is sent through an encrypted channel.
Security at message level is possible through an encryption and signature concept. Here, not the transport channel but the message itself is protected. WS Security is a security model based on SOAP message transmission. WS Security essentially integrates XML Encryption and XML Signature.
To use a Web service, the user (or another client) sends a document to a server using the Simple Object Access Protocol (SOAP). It is sent through the network using the HTTP protocol. The document transmission is safeguarded through the use of HTTP or SSL, or by applying signatures and/or encryption to SOAP documents.
Authentication for Web Services .
Using the security profile settings for high, medium, and low, you can set strong or basic authentication levels.
Security profile High means authentication level Strong Strong Authentication (X.509 Client Certificate) Strong authentication authenticates the user through mutual SSL authentication. An SSL
client certificate must be provided for this. Strong authentication can refer to the HTTP header or the document.
Security profile Medium or Low means Authentication level Basic Basic Authentication (user name / password) This authentication authenticates the user based on the user ID and password in the
HTTP header. This option is supported for HTTP and HTTPS.
The user is authenticated on the basis of the user name and the password .
Security profile None means Authentication level None No authentication during transport .
In the example, Basic authentication is chosen at Transport Channel. Click Save.
Go to Overview tab and get the URL by clicking Display selected Binding’s WSDL URL.
Important:Certificate Authentication is not implemented for the Beta release of Web Service Configuration Tool for FIM Synchronization Service.
Binding the Web ServiceBy default the Web Service is generated with security policy also known as custom binding. It is recommended to use Basic HTTP Binding when exposing web service to be consumed by Web Service Configuration Tool.
Follow below steps for Basic HTTP binding.
Open the Transaction SOAMANAGER. Select Application and Scenario Communication tab.
1. Click on Single Service Administration.
2. Provide the Service Definition name in the box Service Pattern and click Go.
3. Select the Service definition and click Apply Selection. Then click Show WSDL Options.
4. Under WSDL Document Options, by default the WSDL Format is WS Policy that implements custom binding for the generated web service.
5. Change the WSDL Format to Standard to implement the Basic HTTP binding.
6. Click on Display selected Binding’s WSDL URL.
This will display the generated URL for the exposed Web Service.
Performance TestingScale Topology Hardware
SAP ECC 6.0
10000 Employees
FIM Synchronization Service and FIM Synchronization database collocated on one server. (Test Machine)
Test Machine hardware configuration.
2-gigabyte (GB) SDRAM
Intel® Xeon® 2.27GHz Processor
Hard disk volumes:
o Single volume
Note: The server hardware used is not representative for a large organization. The numbers presented should be used to understand the difference between different operations. You are encouraged and expected to configure your own test environments to more accurately estimate capacity and performance. Microsoft cannot guarantee that organizations will experience the same capacity or performance characteristics, even if the FIM Synchronization service components are deployed and configured identically to the components that are described in this guide,
The tests and results shown in the following table were performed using scripted provisioning code.
OperationElapsed time
(minutes: seconds)
Warm up Time (minutes: seconds)
Statistics Rate
Web Service Connector Full Import (Employee Object)
41:45 00:30 Staging: 10000
Employee
4 Employee objects read/second
Web Service Connector Export -Replace (Employee Object)
166:47 00:20 Staging: 10000
Employee
1 Employee Object exported/Second
Reference information
