2023年12月22日发(作者:)
ADS配置步骤(Basic Authentication)
1. 检查配置情况
a) 运行报表FP_TEST_00---检查ABAP系统的表单处理功能是否配置正确
i. 登录ABAP系统,运行SA38,执行报表FP_TEST_00
ii. 在弹出窗口的Form字段中填写“FP_TEST_00”,ADS connection字段填写iii.
“ADS”,选择“Output in Print Preview”
在output device里选择打印机,并“Print Preview”
结果:如配置正确,则显示表单。如错误,则不显示,需检查配置
b) 运行报表FP_PDF_TEST_00---检查ABAP中的RFC连接是否正确
i.
ii.
在ABAP系统中运行SA38,执行报表FP_PDF_TEST_00
在connection字段中填写“ADS”,并运行
结果:如果配置正确,则显示ADS版本,错误则需检查RFC连接配置。
c) 检查用户名和密码和角色是否正确
i. 在IE中输入以下地址,其中server为J2EE的主机名,port为J2EE port.
ii. 选择”Test”,在页面上选择”rpdata(test…)”,不输入任何东西,直接点”Sent”
iii. 输入用户名“ADSUser”及对应密码,注意大小写
结果:如正确则显示ADS版本号(Required stream: "PDFDocument" not
found错误可以被忽略),如错误则检查ADSUser密码,角色和组
d) 检查destination service设置
i.
ii.
在ABAP系统中运行SA38,执行报表FP_CHECK_DESTINATION_SERVICE
分别在取消和选中“With Destination Service”的情况下运行测试,connection字段填写ADS
结果:如果错误,则检查ICF服务是否激活,ADS_AGENT是否配置正确,以及Destination service配置是否正确。
2. 配置basis authentication的web service
a) 创建ABAP用户。
i. 在J2EE中运行VA->Server
management -> tree,检查ADSUser是否在组ADSCallers中,且选中no password
ii.
iii.
iv.
change required
如用户ADSUser不存在,则在ABAP系统的对应client中用SU01创建,类型System user。
如组ADSCallers不存在,则在ABAP的对应client中用pfcg创建角色ADSCallers,不需要authorization,激活该role,并分配用户ADSUser。
在J2EE中运行VA->Server
Policy Configurations中,在component中选择/AdobeDocumentServices*,在Security Roles中选择ADSCaller,在mapping中选择ADSCallers组中的ADSUser用户。
b) 创建ABAP 连接
i. 在SM59中创建RFC Destination “ADS”,类型G,target host为J2EE所在主机名,service no为5
Basic Authentication,用户名密码为ADSUser及其密码。用Test Connection测试
c)
创建Destination service
i.
ii.
iii.
激活ICF服务。在ABAP中运行SICF,执行并选择default_host sap
bc fp in the tree,并用Service/ Activate进行激活
在ABAP中运行SU01创建ADS_AGENT用户,类型service,角色SAP_BC_FP_ICF
用VA创建Destination service。Server
Destinations,在runtime选择HTTP,创建Destination service,名称FP_ICF_DATA_
d) 在Java中建立Basis Authentication
i. 运行VA->cluster->Server
Security->Web Service Clients > tc~wd~pdfobject
xy*ConfigPort_Document, 在Authentication列表中选择BASIC,在用户名和密码中填写ADSUser及其密码,ii.
参考文档:
/saphelp_nw04s/helpdata/en/37/504b8cbc2848a494facfdc09a359b1/
/adobe Media Library Documentation.
note 959462
sap message: 2006
ADS SSL
/saphelp_nw70/helpdata/en/90/71d273fa724cc9bb644ab00405e6f8/
/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/
1. Deploy SAP Cryptographic Toolkit package
Download SAP Java Cryptographic Toolkit from SWDC and deploy it with SDM
然后保存。
为激活authentication data,在VA中navigate到Services Deploy-〉Application-> /tc~wd~pdfobject,
先Stop Application.,然后restart。
Restart the J2EE dispatcher and server. You can verify that the correct library has been
loaded under Dispatcher Libraries core_lib in the Visual Administrator.
The iaik_ should be included in the list of loaded jars and not
iaik_jce_.
2. Create the server’s Key pair to use for SSL()
a)
b)
c)
d)
Select the Key storage service
Select the service_ssl view
Create ssl-credentials
Generate CSR Request to get CSR for the CA authorization
e) After getting the certificate , save the certificate as .crt file and
import CSR Response
3. Assign the Key pair to use for a specify SSL port
a) Select SSL Provider Service
b) Select the corresponding J2EE dispatcher
c) Select the socket that corresponds to the SSL port you want to configure.
d) In the Server Identity tab page, select the key pair entry to use for this port. (Choose
Add.)
e) If the server process is to accept the use of client certificates for authentication, then set
this option in the Client Authentication tab page. Also maintain the list of trusted
certificates in the Trusted Certification Authorities section
4. Test SSL connection
5. Create a view in the key storage service
a) Log on to the Visual Administrator.
b) On the Cluster tab, choose Server
c) On the Runtime tab, choose Create View.
d) In the Input dialog box, enter the alias ADSCerts, and choose OK.
e) Configure the user ADSUser for the SSL connection.
i.
ii.
iii.
iv.
v.
vi.
vii.
On the Cluster tab, choose Server
Choose User Management and then the Tree tab in the left panel.
Select ADSCallers ADSUser.
In the Authentication area, choose Add.
In the Add Certificates dialog box, from the Select view drop-down list box, select
the ADSCerts view.
From the Select entries list, select the certificate that you want to associate with
this user, and then choose OK.
In the Authentication area, select No password change required.
6. Setup the SSL in ABAP
a) Log on to your SAP system and go to transaction SM59.
b)
c)
In the RFC Destinations tree, select HTTP Connections to Ext. Server.
Select ADS, then choose Change.
d) On the Logon/Security tab, in the SSL area, select SSL Client Certificate.
e) Select the certificate.
f) Select Active.
/AdobeDocumentServicesSec/Config?style=rpc
h) Choose Save.
g) On the Technical Settings tab, in the PathPrefix box, enter
7. Creating or changing Destination service
a) Logon to VA
b) On the Cluster tab, choose Server
Runtime, select HTTP. The available destinations are displayed.
8. Setup the SSL configuration in JAVA side
a) Logon to VA and On the Cluster tab, choose Server
Services Security.
b) Choose Web Services Clients >
tc~wd~pdfobject
xySec*ConfigPort_Document.
c) Change the URL to
Troubleshooting:
If Destination test failed, try to check if the backend system is double stack and check the
parameter icm/HTTP/j2ee_00 in RZ10
Performance:
根据sap性能建议,需要在生产系统开启ads缓存(for double stack only),该配置不可传输,需要手工,运行.
注:该设置只对ABAP+Java double stack有效
1. sm30 维护视图FPCONNECT
2. 添加如下条目:
2. 对于非输入表单,关闭tag 输出功能;
You can use the PDFTAGGED field in the IE_OUTPUTPARAMS parameter (type
SFPOUTPUTPARAMS; function module FP_JOB_OPEN) to define whether PDF forms are
generated with or without tags.
3. 制作表单的时候,开启表单缓存功能及其他设计表单技巧
发布评论