SAP Provisioning with SPML 1.0Martin Raepple
Standards Architect, SAP AG
SAP NetWeaver Overview
SPML 1.0 in SAP NetWeaver
Online-Demo
SAP NetWeaver Overview
SPML 1.0 in SAP NetWeaver
Online-Demo
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 4
SAP ERP Product History
R/3R/3R/R/22
SAP R/2Real-TimeIntegrationInternationalMainframe
SAP R/3Standardized business processesClient-ServerDistributed Processing
mySAP ERPReal-time businessPowered by SAP NetWeaverEnterprise Services Architecture
20001972 1979 . . . . . 1992 2003
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 5
mySAP Business Suite & mySAP ERP Overview
mySAP Business Suite
SAP NetWeaver
mySAP Financials
mySAP HR
Corportate Services
Operations
Application Platform (Web AS)
People Integration (EP)
Information Integration (BI, MDM)
Process Integration (XI)
mySAPSRM
mySAPCRM
mySAPPLM
mySAPSCM
SA
P m
ySA
P S
olut
ions
SA
P N
etW
eave
r
mySAP ERP
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 6
SAP NetWeaver Features Overview
…
SAP NetWeaver™
PEOPLEINTEGRATION
(SAP EP)
INFORMATIONINTEGRATION(SAP BI, MDM)
PROCESSINTEGRATION
(SAP XI)
APPLICATIONPLATFORM
(SAP Web AS)Com
posi
te A
pplic
atio
ns
Integration Broker
Business Process Mgmt
J2EE, Web Services
DB and OS Abstraction
ABAP
Master Data Mgmt
Knowledge Mgmt
Business. Intelligence
Portal
Collaboration
Multi channel access
Life Cycle M
gmt
Security
Enterprise Service Architecture
Standards Based
……
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 7
SAP Web Application Server Evolution History (1/2)
SAP R/3 Release <= 4.6C
HR FI ...
SAP Basis
SAP Basis
SAP Web Application Server 6.10
BSP
SAP Basis BSP
SAP Web Application Server 6.20Java/J2EE
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 8
SAP Web Application Server Evolution History (2/2)
R/3 Basis
SAP WebApplication Server
1992 1996 2000 2002 2003
Reliable ArchitectureThree tiersScalability, High Performance
Internet-enablingInternet Transaction Server, SAP GUI for HTMLSAP Business Connector
Native Web TechnologyServer-side scriptingNative HTTP/XML support
OpennessFull J2EE supportWeb Services (WSDL, SOAP, UDDI)6.10
6.20
Java DevelopmentJava IDEWeb Dynpro
6.30
Leverage ProcessesSoftware Lifecycle M.ABAP enhancements
6.40 (NetWeaver 04)SPML 1.0
7.00 (NetWeaver 04s)
2004 2005
SAP NetWeaver Overview
SPML 1.0 in SAP NetWeaver
Online-Demo
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 10
SPML 1.0 Architecture in SAP NetWeaver 04s
SAP Web Application Server Java 7.00 in NetWeaver 04s
EJB Container
Web Service Container
User ManagementEngine (UME)
<SAPTarget
Schema/>
Target (PST)
Requestor (RA) Provider (PSP)SPMLConsumer
SPML Listener<host>:<port>/spml/spmlservice
RequestProcessor
UMERequestProcessor
BatchProcessingBean
schema.xml
LDAP/DB
SOAP over HTTP
SAP Web Application ServerSAP Web Application Server
JAVA (J2EE)JAVA (J2EE)
BrowserBrowser
SOA
P/XM
L
HTT
P(S)
SMTP
J2EEJ2EE
Internet Communication ManagerInternet Communication Manager
ABAPABAP
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 11
SPML Documentation for SAP NetWeaver (NW) 04s
Java API based on SPML 1.0
Covers all SPML 1.0 requestsReading the SchemaCreating ObjectsModifying Objects Deleting ObjectsChanging or Resetting PasswordsLocking and Unlocking UsersSearching for Objects or Obtaining Attribute Values for ObjectsUsing Batch Functions
Documentation available via SAP Service Marketplace and the SAP Developer Network https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/668e6629-0701-0010-7ca0-994cb7dec5a3
Target Audience: SAP Partners implementing an identity management solution
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 12
SPML 1.0 Schema Request in SAP NetWeaver 04s
SPML SchemaRequest<schemaRequest requestID="schema_01">
<schemaIdentifier schemaIDType="urn:oasis:names:tc:SPML:1:0#GenericString"><schemaID>SAPprincipals</schemaID>
</schemaIdentifier></schemaRequest>
SPML SchemaResponse<schema majorVersion="1" minorVersion="0">
<providerIdentifier providerIDType="urn:oasis:names:tc:SPML:1:0#URN"><providerID>SAP</providerID>
</providerIdentifier><schemaIdentifier schemaIDType="urn:oasis:names:tc:SPML:1:0#GenericString">
<schemaID>SAPprincipals</schemaID></schemaIdentifier><!-- all attribute definitions --><attributeDefinition name="logonname" description="Unique name and logonid"/>...<objectClassDefinition name="sapuser" description="User objects of SAP Systems">
<memberAttributes><attributeDefinitionReference name="logonname"><umeMapping namespace="default" name="uniquename"/><umeMapping type="sapaccount" namespace="default" name="j_user"/>
</attributeDefinitionReference>...
</objectClassDefinition><objectClassDefinition name="saprole" description="Role objects of SAP Systems">...<objectClassDefinition name="sapgroup" description="Group objects of SAP Systems">...
</schema>
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 13
Client-side SPML Programming Model in NW 04s
1. Create SOAP message (e.g. via SAAJ)
2. Create SPML request (e.g. SPML schema request) and add it to body of SOAP message
3. Create URL connection to SAP Web AS SPML Service
4. Set connection propertiesSet request method POSTAdd authorization credentials for HTTP basic authentication
5. Make call to SPML Service
6. Reveive and process response
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 14
SPML 1.0 DSML Schema in NetWeaver 04s (1/2)
attributeDefinition
fax
locale
timezone
validfrom
validto
certificate
lastmodifydate
islocked
ispwddisabled
telephone
department
id
sapuser
objectClassDefiniton
logonuser
isserviceuser
firstname
lastname
salutation
title
jobtitle
mobile
displayname
description
password
oldpassword
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 15
SPML 1.0 DSML Schema in NetWeaver 04s (2/2)
attributeDefinition
UME Metamodel
saprole
objectClassDefiniton
member
uniquename
displayname
description
lastmodifydate
id
user group
role
action
belongs to
is assigned to
is assigned to
sapgroup
member
uniquename
displayname
description
lastmodifydate
id
contains
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 16
Siemens and SAP Announced Identity Management Solution for Enterprise Services at SAP TechEd 2005
* slide from Strategic Technology - Shai Agassi – TechEd 2005
SAP NetWeaver Overview
SPML 1.0 in SAP NetWeaver
Online-Demo
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 18
Online Demo Scenario Overview
SPMLClient
SPML Add Request SPML Add Request
SPML Add Response
SPML Add RequestSPML Add Response
NetWeaver 04s
PSP
FPS
SPML Response PSTs
RA
Directory Server (LDAP)
© SAP AG 2005, Web Services Security Interoperability / Martin Raepple / 19
Online Demo
Online Demo