Integration of Successfactors Business Execution Into SAP Netweaver Portal Via Single Sign-On
Total Page:16
File Type:pdf, Size:1020Kb
Cookbook Integration of SuccessFactors Business Execution into SAP NetWeaver Portal via Single Sign-On Target Audience ■ System Administrators CUSTOMER Document version: 1.20 – 2013-04-24 Document History CAUTION Before you start the implementation, make sure you have the latest version of this document. For the latest version, see: http://service.sap.com/hcm Media Library – SuccessFactors Integration The following table provides an overview of the most important document changes: Version Date Description 1.00 2012-06-29 First released version 1.10 2012-07-06 ■ Note on SAP NetWeaver Portal version added to section Integrating SuccessFactors BizX in SAP NetWeaver Porta [page 19]l ■ List of deep links added to section Using Deep Links for SuccessFactors BizX [page 20] 1.20 2013-04-24 Sections added: ■ Configuring User Mapping [page 11] ■ Configuring SAP NetWeaver Portal 7.0x [page 12] ■ Enabling Authentication with Logon Tickets in the Identity Provider [page 13] ■ Tools for Troubleshooting [page 23] Sections updated: ■ Information about identity provider solution added to section Introduction [page 5] ■ Information about identical users in SAP NetWeaver Portal and SuccessFactors BizX removed from section Prerequisites [page 7] ■ Navigation specified in more detail in section Adding a Trusted Provider [page 10] ■ Information about option By Uploading Certificate Manually added to section Setting Up a Trusted System for SAP NetWeaver Portal 7.0x [page 12] ■ Section Collecting Additional Information [page 15] renamed ■ Information about use of downloaded certificate added to section Downloading a Certificate [page 15] ■ Information about use of logon URL corrected in section Identifying a Global Logon URL [page 15] ■ Information about testing added to section Creating a URL iView in SAP NetWeaver Portal [page 19] ■ Links added to section Using Deep Links for SuccessFactors BizX [page 20] 2/28 CUSTOMER 2013-04-24 Table of Contents Chapter 1 Introduction .................................................. 5 Chapter 2 Prerequisites ................................................... 7 Chapter 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal .............................................. 9 3.1 Setting Up SAML 2.0 ............................................. 9 3.2 Adding a Trusted Provider ........................................ 10 3.3 Configuring User Mapping ........................................ 11 3.4 Configuring SAP NetWeaver Portal 7.0x .............................. 12 3.4.1 Setting Up a Trusted System for SAP NetWeaver Portal 7.0x .............. 12 3.4.2 Enabling Authentication with Logon Tickets in the Identity Provider ...................................................... 13 Chapter 4 Collecting Additional Information ............................... 15 4.1 Downloading a Certificate ........................................ 15 4.2 Identifying a Provider Name ....................................... 15 4.3 Identifying a Global Logon URL .................................... 15 Chapter 5 Configuring the SuccessFactors Provisioning Tool .................. 17 5.1 Adding a New SAML Asserting Party ................................ 17 5.2 Activating the Integration ........................................ 17 Chapter 6 Integrating SuccessFactors BizX in SAP NetWeaver Portal ............ 19 6.1 Creating a URL iView in SAP NetWeaver Portal ........................ 19 6.2 Using Deep Links for SuccessFactors BizX ............................ 20 Chapter 7 Tools for Troubleshooting ...................................... 23 2013-04-24 CUSTOMER 3/28 This page is left blank for documents that are printed on both sides. 1 Introduction 1 Introduction This document describes the steps necessary to establish a Single Sign-On connection between SAP NetWeaver Portal and Talent Management applications of SuccessFactors. For example, the user can use Single Sign-On to call SuccessFactors’ Compensation Management application from SAP NetWeaver Portal directly without having to log on again. For this, you need to make settings for SAP NetWeaver Portal and for SuccessFactors. Ensure that you have access to the required tools and have the necessary authorizations to make the settings. For more information, see the Prerequisites [page 7] section. NOTE You can use any identity provider solution. The settings described in this document, however, are based on the assumption that you use SAP NetWeaver Portal as the identity provider for on- premise. 2013-04-24 CUSTOMER 5/28 This page is left blank for documents that are printed on both sides. 2 Prerequisites 2 Prerequisites Information and Data Required From SuccessFactors Business Execution (SuccessFactors BizX) You need to obtain the following information about your SuccessFactors BizX system from your contact person at SuccessFactors: ■ Digital certificate in the X.509 standard format ■ SuccessFactors entity ID ■ Consumer Service URL ■ Optional global logout response handler URL ■ Relay state (relative path of the application to which the incoming Security Assertion Markup Language (SAML) assertion should be redirected) ■ Access to SuccessFactors Provisioning tool NOTE If you do not have access to the SuccessFactors Provisioning tool, ask your SuccessFactors contact person to make the necessary settings. For more information, see the Single Sign-On – Technical Specifications document provided by SuccessFactors. General Requirements ■ You need to have the authorization to make changes for your SAP NetWeaver Portal in SAP NetWeaver Administrator. NOTE To start SAP NetWeaver Administrator, enter the following address in a browser: http://<host>:<port>/nwa ■ You need to have the authorization to make changes in the Content Administration area of your SAP NetWeaver Portal. 2013-04-24 CUSTOMER 7/28 This page is left blank for documents that are printed on both sides. 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal 3.1 Setting Up SAML 2.0 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal You need SAP NetWeaver Identity Management to perform the steps described in this section. As this is only available as of Release 7.3x, you need to perform these steps in a SAP NetWeaver Application Server system landscape with Release 7.3x or higher. If you want to use SAP NetWeaver Application Server 7.3 as an SAML 2.0 identity provider, you also require the IDMFEDERATION software component, which is delivered with SAP NetWeaver Identity Management and SAP NetWeaver Single Sign-On. Your SAP NetWeaver Portal, however, can have a lower version. You can integrate it into the system landscape as a trusted system (see section Setting Up a Trusted System for SAP NetWeaver Portal 7.0x [page 12]). 3.1 Setting Up SAML 2.0 Procedure 1. Start SAP NetWeaver Administrator and choose Configuration Security Authentication and Single Sign- On . 2. Choose the SAML 2.0 tab. If you get the message that the system is not configured to support SAML 2.0, you need to enable SAML 2.0 or configure a new provider. To do this, proceed as follows: 1. Choose Enable SAML 2.0 Support. 2. Enter the following data: ■ Provider Name: Specify a user-defined name, for example, SAPPortal731. ■ Operational Mode: Select Identity Provider. 3. Choose Next. 4. Make the following settings for Signing Key Pair: 1. Choose Browse Create . 2. Enter the following data: ■ Entity Name: Specify the name of the entity, for example, SAPPortal731. ■ Store Certificates: Select this indicator. 3. Choose Next. 4. In the Common Name field, specify a name, for example, SAPPortal731. 5. Choose Finish OK . 2013-04-24 CUSTOMER 9/28 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal 3.2 Adding a Trusted Provider 5. Choose Next Finish . For more information about setting up SAML 2.0, see the Implementation Guide for SAP NetWeaver Identity Management Identity Provider. This guide is located in SAP Service Marketplace at http:// service.sap.com/instguides SAP NetWeaver SAP NetWeaver Single Sign-On Identity Provider . In particular, refer to section 3.1 of this guide. 3.2 Adding a Trusted Provider Procedure Navigating to the Trusted Provider Section 1. Start SAP NetWeaver Administrator and choose Configuration Security Authentication and Single Sign- On . 2. Choose the SAML 2.0 tab. 3. Choose Trusted Providers. Adding a Trusted Provider Add an entry to the list of trusted providers. To do this, proceed as follows: 1. Choose Add Manually . 2. In the Name field, enter the entity ID provided by SuccessFactors, for example, https:// www.sucessfactors.com. 3. Choose Next. 4. Select the signing certificate, for example, SAPPortal731-cert. To do this, proceed as follows: 1. Choose Browse. 2. Choose Import Entry. 3. Select the type X.509 Certificate and browse for the digital certificate provided by SuccessFactors BizX (see Prerequisites [page 7] section). 4. Choose Import. 5. Select the imported certificate and choose OK. 5. Repeat this procedure to select the same certificate as the encryption certificate. 6. Choose Next. 7. Add an assertion consumer service. To do this, proceed as follows: 1. Enter the following data: ■ Binding: Choose HTTP POST. ■ Location URL: Specify the Consumer Service URL provided by SuccessFactors, for example, https://systemname.com/saml2/SAMLAssertionConsumer?company=ACE1234. 2. Choose OK. 8. Choose Next. 10/28 CUSTOMER 2013-04-24 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal 3.3 Configuring