Authorization Process Manager®

version 2.4

APM ABAP Add-On

Installation and Configuration
Authorization Process Manager
ABAP Add-On Installation and Configuration

Table of content

1. Introduction.................................................................................................................. 3

2. System landscape.......................................................................................................... 4

3. System requirements.................................................................................................... 5

4. Installation guide.......................................................................................................... 6
4.1. Prerequisites for Hosted Web Server ...................................................................... 6
4.1.1. Single Sign-On (SSO) ..................................................................................................................... 6
4.1.2. HTTPS and Web Server Certificate................................................................................................. 6
4.2. ABAP Add-On ........................................................................................................ 7
4.3. Configuration ......................................................................................................... 7
4.3.1. Profile Parameter Settings ............................................................................................................... 7
4.3.2. RFC Destination .............................................................................................................................. 8
4.3.3. ICM Service Activation................................................................................................................... 9
4.4. Test connection to web server ................................................................................. 9
4.5. Remote logon........................................................................................................ 10

© AppliCon Solutions A/S Page 2 of 11

Authorization Process Manager
ABAP Add-On Installation and Configuration

1. Introduction

This document describes how to install and configure the APM ABAP add-on.

© AppliCon Solutions A/S Page 3 of 11

Authorization Process Manager
ABAP Add-On Installation and Configuration

2. System landscape
The APM consists of two main components:

- An ABAP add-on package (yellow dot on drawing) containing 2 new tables and some
ABAP programs that are to be imported in each of the SAP systems that are relevant
for using the APM. For the APM there is no primary SAP system, therefore basically
the same add-on package is installed on all your SAP systems.

- A web service solution programmed in the script language PHP containing the
majority of the APM solution. The web service solution is installed on a web server
(server and required software products are specified in section 3 – System
requirements)

SAP R/3 SAP BI …… SAP Solution Manager

Prod Test Dev Prod Test Dev Prod Test Dev

Web Server
APM - Web Service

This document describes only the installation of the APM ABAP add-on component.

© AppliCon Solutions A/S Page 4 of 11

Authorization Process Manager
ABAP Add-On Installation and Configuration

3. System requirements

With respect to hardware there are no special requirements. The APM only uses very limited
system ressources and the number of users that simultaneously will be running transactions
from the APM will be very limited.

The APM supports the following SAP products and versions:

SAP products and SAP R/3 Enterprise

versions SAP ECC 6.0 (certified)
SAP BASIS versions The APM add-on is available for SAP_BASIS version 620, 640
and 700.
SAP-GUI: Versions corresponding to the above SAP products.

All interaction with the APM is done through the SAP-GUI.

Therefore users are to have access to one of the above SAP-GUIs.
Language The APM is currently only delivered in english. The APM will
also function if a user logon to SAP with a language that is not
english, however all screens in the APM will be in english.

Important to note:
Please do not begin to install the APM on any SAP system before ensuring that you have
appropriate back-up of the relevant system if anything should go wrong during the
installation.

For each relevant SAP system please ensure that your APM version corresponds to the SAP
version. Should you have any doubt regarding this matter please contact AppliCon Solutions
before beginning the installation.

© AppliCon Solutions A/S Page 5 of 11

Authorization Process Manager
ABAP Add-On Installation and Configuration

4. Installation guide
4.1. Prerequisites for Hosted Web Server
The following important prerequisites MUST BE configured in order for APM to work with a
hosted web server.

4.1.1. Single Sign-On (SSO)

In order for the APM communication to run optimally, it is necessary to configure internal
SSO (between SAPGUI and ICM) on each system where APM will be used. Note that this is
not a cross-system SSO scenario. To configure this, a few system parameters must be set and
a server certificate must be generated in transaction STRUST. The precise steps involved are
described in SAP Note 817529 Checking the SSO configuration. The SSO configuration can
be verified by running program SAPHTML_SSO_DEMO in SE38.

If this internal SSO is not configured correctly, users will see a logon prompt when accessing
the APM transactions within SAPGUI.

4.1.2. HTTPS and Web Server Certificate

In order to enable secure connections between SAP systems running APM and the APM web
server, HTTPS must be enabled and the APM web server certificate must be installed on the
SAP systems. Follow the instructions in SAP note 510007 Setting-up SSL on the Web
Application Server ABAP (points 1, 2, 4 and 5) to set up HTTPS. Then install the provided
server certificate in the anonymous SSL client PSE in transaction STRUST.

Note: in order for the SSL client to function, the “SSL Client (Standard)” PSE must be
configured, even though it is not used as such:

© AppliCon Solutions A/S Page 6 of 11

Authorization Process Manager
ABAP Add-On Installation and Configuration

4.2. ABAP Add-On

The ABAP add-on package is installed via transaction SAINT in client 000. Upload the
provided apm-230_ver-CO.sar file corresponding to your SAP_BASIS version from the
workstation and install the add-on. Make sure to install the highest available Support Package.

See standard SAP documentation for further details on installing add-on packages.

4.3. Configuration
4.3.1. Profile Parameter Settings
Check the setting of the following profile parameters in transaction RZ10.

auth/new_buffering = 4
The parameter auth/new_buffering must have the value 4. This is the default value from
SAP_BASIS 6.20, but prior to this the default value is 3 and must be changed for APM to
function correctly.

login/ticket_only_to_host = 1
Unless cross-system SSO is already configured, the parameter
login/ticket_only_to_host should be set to 1. Otherwise, users may receive additional
logon prompts when switching between multiple APM sessions involving different SAP
systems.

© AppliCon Solutions A/S Page 7 of 11

Authorization Process Manager
ABAP Add-On Installation and Configuration

4.3.2. RFC Destination

Create the RFC destination APM_WEB using transaction SM59. The destination should be
created as follows substituting the provided hostname, port and path:

© AppliCon Solutions A/S Page 8 of 11

Authorization Process Manager
ABAP Add-On Installation and Configuration

For hosted customers, the Logon & Security tab should be filled in as follows:

Remember to
• set Basic Authentication
• activate SSL
• choose the SSL PSE where you have installed the APM web server certificate and
• type the username and password you have been given

NOTE: Do not activate compression on the Special Options tab.

4.3.3. ICM Service Activation

Using transaction SICF, activate the service appliapm which is part of the APM ABAP add-
on.

4.4. Test connection to web server

In transaction SM59, press “Test connection”. If everything is working correctly, you will see
a screen similar to:

© AppliCon Solutions A/S Page 9 of 11

Authorization Process Manager
ABAP Add-On Installation and Configuration

(up to SAP_BASIS 640)

or:

(from SAP_BASIS 700)

4.5. Remote logon

Within the APM Authorization Cockpit it is possible to work on issues, tasks and projects
across the entire APM system landscape. Actions to be executed in a different system/client
from where the Authorization Cockpit is running are initiated via remote logon, where the
user is prompted to logon to the remote system.
In order to enable this remote logon functionality, RFC destinations must be maintained in
each system from which the Authorization Cockpit is to be executed. The RFC destinations
used are of type 3 (R/3 connection) and observe the naming convention APM_sid_cli,
where sid is the 3-character system id of the remote system and cli is the 3-digit client
number. These RFC destinations can be maintained automatically from the Authorization
Cockpit using the following procedure.

© AppliCon Solutions A/S Page 10 of 11

Authorization Process Manager
ABAP Add-On Installation and Configuration

1. On each of the target systems to which remote logon will be enabled

a. logon to any client of the target system
b. start the APM Authorization Cockpit (transaction
/APPLISOL/APMCOCKPIT)
c. in the System Overview, click the server icon ( ) for the system you are
currently logged on to
d. in the right-hand pane (Maintenance of System xyv) click “Add clients to
APM landscape” (this has the side-effect of transfering the necessary technical
data about this system to the APM server for use in step 2) – no further actions
are necessary here
2. On each of the source systems from which remote logon will be enabled
a. logon to any client of the source system
b. start the APM Authorization Cockpit (transaction
/APPLISOL/APMCOCKPIT)
c. in the System Overview, click the server icon ( ) for the system you are
currently logged on to
d. in the right-hand pane (Maintenance of System xyv) click “Manage remote
logon connections”
e. select the target system(s) to which remote logon is required and click
“Create/update RFC destinations” – this will create the RFC destinations,
which will subsequently be visible in transaction SM59
f. the created RFC connections can be tested by clicking on their test icon ( )

In some cases, it may be desirable to modify the settings of the created RFC destinations, e.g.
to enable load-balancing.

© AppliCon Solutions A/S Page 11 of 11