The documentation may have changed since you downloaded the PDF. You can always find the latest information on SAP Help
Portal.
Note
This PDF document contains the selected topic and its subtopics (max. 150) in the selected structure. Subtopics from other structures are not included.
2015 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose
without the express permission of SAP SE. The information contained herein may be changed without prior notice. Some software products marketed by SAP
SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are
provided by SAP SE and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP
Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set
forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional
warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in
Germany and other countries. Please see www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.
Table of content
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 1 of 5
Table of content
1 Exposing Back-End Data as OData Services
1.1 Authorizations in Gateway to Access Applications
1.2 Enabling Single Sign-on Authentication
1.3 Creating Destinations on SAP NetWeaver Application Server Java
1.4 Managing Service Registrations
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 2 of 5
Note
Fiori Apps and the Unified Inbox are not yet supported by the Gateway Java. If you want to consume the back-end data as OData services in Fiori Apps or
the Unified Inbox, please use the Gateway.
Before you can expose SAP back-end content as OData services with Gateway Java, the following preperation steps are needed:
Enable SSO authentication between SAP NetWeaver Application Server Java (AS Java) and SAP back-end system.
If you have deployed the component IW_BEP 200 SP06 or lower in the SAP backend, you need to implement the SAP note 1816779
component IW_BEP 200 is required to enable SAP services as OData services.
. The
Related Information
Enabling Single Sign-on Authentication
Creating Destinations on SAP NetWeaver Application Server Java
Managing Service Registrations
Description
GW_Admin
GW_User
Use this role to manually or automatically assign a user or a group of users with
application permissions.
To assign the roles you use the Identity Management that is integrated in the SAP NetWeaver Administrator.
1. Log on to the SAP NetWeaver Administrator with http://<host>:<port>/nwa.
2. Choose
Configuration
Identity Management
Note
You can also directly open the Identity Management application using the quick link, http://<host>:<port>/nwa/identity.
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 3 of 5
3. On the Overview tab, you can search for the GW_Admin and GW_User roles using Roles as Search Criteria .
4. You can create a user or modify an exisitng user and assign the appropriate role. For more information, see UME Roles and Actions (AS Java).
Related Information
Security Aspects of Process Orchestration
Context
You must encrypt the communication channel between SAP Application Server and SAP back-end system for security reasons. This is achieved by uploading
the SSO certificate of the SAP back-end system to the SAP Application Server and vice versa.
Procedure
1. Download the certificate from the SAP Application Server:
1. Use the link http://<host>:<port>/nwa to go to the SAP Application Server and log on.
2. Choose the Configuration tab, and
Certificates and Keys
Ticketkeystore
SAPLogonTicketKeypair-cert.
3. Choose Export Entry .
4. In the Export Entry to File window, choose Binary X.509 as the export format.
5. Choose Download and save the certificate on your system.
This SAP Application Serve certificate has to be uploaded to SAP back-end system.
2. Upload the certificate to the SAP back-end system:
1. Log on to SAP back-end system in which you want to upload the certificate.
2. Go to transaction strustsso2 .
3. Expand System PSE and choose the child node to get the details of the system.
4. Click the assigned owner, for example, CN=AP2 .
5. Choose Import Certificate .
6. Enter the path where the downloaded SAPLogonTicketKeypair-cert.crt is saved.
Context
You create the destinations in the SAP NetWeaver Administrator on the SAP NetWeaver Application Server Java.
Procedure
1. To go to the SAP NetWeaver Application Server Java, use the following URI http://<host>:<port>/nwa and log on.
2.
3.
4.
5.
6.
Option
Description
URL
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 4 of 5
Hostname, port and client number depend on the system you are using.
To get the destination URL:
In transaction SICF , choose Execute to display the service tree
hierarchy.
Expand the default host and navigate to the node IWBEP (
default_host
sap
iwbep ).
In the context menu of the node iwbep , choose Test Service and in the
pop up window, choose Allow .
The URL you get in the address bar of the browser is the destination URL.
System ID
Client
Make sure that the service information you enter is the same as on the SAP Business Suite system. To get the list of the SAP Business Suite
services, perform the following steps:
1. Log on to the SAP Business Suite system and go to the transaction SPRO .
2. Open the SAP Reference IMG and navigate to
SAP NetWeaver Gateway
Service Enablement
Backend OData Channel
Service
Deployment for Backend OData Channel
Display Models and Service .
7. Choose Next .
8. Select the Authentication type. You can choose from the following types:
No Authentication: When the back-end system has no authentication mechanism.
Basic (User ID and Password): When the back-end system is authenticated using credentials.
Logon Ticket: SSO authentication; for this type of authentication you have to establish mutual handshake.
Assertion Ticket: Similar to SSO authentication, but the session timeout is shorter than the one of the logon ticket.
User Mapping: Using this option, the user can map the destination to a particular application server.
X509 Client Certificate with SSL: If the user has a certificate authorized by a CA.
Results
A destination is created for the SAP back-end system. You can now register a service using 'OData Provisioning Administration' of Gateway Java.
Related Information
Managing Service Registrations
Prerequisites
You have created a destination for the SAP services to point to the SAP back-end system from which the data is fetched. For more information, see
Creating Destinations on SAP NetWeaver Application Server Java.
Context
The OData Provisioning Administration is the central user interface for all Gateway administration tasks. You also use the OData Provisioning
Administration tool to register SAP services.
Procedure
1. To start the OData Provisioning Administration, enter the URL http://<hostname>:<port>/igwj/Admin and log on using the administrator user
2.
3.
4.
5.
Results
The registered service is activated by default. A service document URL to access the OData service is generated. You can see this URL in the Service
Document column.
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 5 of 5