How to launch AfO report via URL

This is a continuation of my earlier blog post about launching AfO documents (reports) from SAP GUI. Analysis for Office (AfO) documents can be shared with users also by sending them just a simple URL that will open the document in either MS Excel or MS Powerpoint applications. The URL is basically an SICF (SAP Internet Connection Framework) service for Analysis documents. It has following syntax:

 

http(s)://<server>:<port>/sap/bw/analysis?application=<application>&object_type=<type>&object_id=<id>&var<VAR1_TECH_NAME>=<val_of_variable1>&var<VAR2_TECH_NAME>=<val_of_variable2>

 

A value of application parameter can be excel or powerpoint. The value of object_type parameter can be document (for workbooks and presentations), query, query_view or infoprovider. Finally, the value of object_id is the technical name of the object in the BW system, e.g. AfO report technical name. Parameters of the report’s selection screen can be supplied as well – see the URL’s parameter like var for passing variables values etc.

What happens when the URL is accessed is that a web browser gets a file with an extension sapaox (e.g. analysis.sapaox). Over that file depending on BW’s backend configuration either logon popup window is displayed and the user provides logon credentials there or via Single Sing On (SSO) target AfO application is opened (Excel/Powerpoint) and the AfO report is shown in there. The sapaox file is technically an XML file that contains ticket which allow the authenticated login to the backend server (BW servers BusinessObjects BI platform server).

However, in order to this function working there is a one prerequisite. The SICF service mentioned above needs to be activated via t-code SICF.

 

More information:

Online docu

Launch AfO from SAP GUI

2658872 - Analysis Office: How to ensure secure connections in Analysis Plugin

3105370 - Using and troubleshooting SAC Live Data Connections in Analysis Office

Logging to SAP BPC Add-in with different (no SSO) user

Sometimes there is a need to logon to SAP’s BPC Add-in with different user too. Similarly like to Analysis for Office or like to other SAP applications. Briefly, what needs to be done is to bypass SSO authentication scheme. Below is quick info on how to do it.

 

Logon to SAP BPC web administration page (sometimes called BPC Web Client). The URL of this page may differ based on particular version of the BPC it can look like:

https://hostname:port/sap/bc/ui5_ui5/sap/bpc4webclient/index.html

Once you logged with your default user (in case of SSO – e.g. your WINDOWS domain user) you need to log out via menu Preferences-> Log Off:

Afterwards login with different user:

Now other user is logged in into BPC Web Client. However, our ultimate goal is to login to MS Excel’s Add-in called “SAP BusinessObjects EPM solutions, add-in for Microsoft Office”. That is a place where the BPC users are working for most of the time. To get the MS Excel opened with the different user you need to proceed in BPC Web Client’s menu called Settings->EPM Plug-in for Microsoft Office Excel.

This will open the new session in the MS Excel. You are now logged with the different user the one that was used to login to BPC Web Client. You can prove it by typing in EPM function EPMUser() in the MS Excel. That will show what user is currently logged in.

 

More information:

Logging to Analysis for Office with different (no SSO) user

Disabling SSO in SAP app

Logging to Analysis for Office with different (no SSO) user

Single Sign On authentication scheme is very popular and useful for users. While user is successfully authorized by OS with the same login ID is allowed to access to other applications. In many organizations, it is deployed also for SAP systems. In one of my previous posts, I described how to avoid SSO for Analysis for Office. However, in case user has no possibility to edit entries to SAP systems in SAP Logon Pad – simply just deactivating the SSO for particular SAP system will not help.

Luckily, there is another option. First following settings of the AfO need to be adjusted. In Options part of Analysis Customizing available menu on MS Excel: File -> Analysis -> Customize Analysis -> Options:

Switch to Advanced tab and choose and enable following two check boxes:

-      Allow Client and language Selection for SSO Logon

-      Force Logon Window for SSO Logon on BIP

Now try to open Insert Data Source -> Select Data Source for Analysis a BW report while selecting menu on Analysis ribbon, and Skip below popup window:

On next pop-up, choose particular BW SAP system, which you want to log on into:

Choose Cancel for next pop-up:

Finally, you are prompted to enter logon criteria for non-SSO user:

More information:

Bypassing SSO in Analysis Office (AO)

Logging to SAP BPC Add-in with different (no SSO) user

Disabling SSO in SAP app

Single Sing On (SSO) is a great thing. It saves us from slave labor of entering passwords into many different systems every time as we are already logged into trusted system (e.g. operating system) already.

However there are scenarios that we don’t need to be authenticated via SSO and we would like the system asks us for logon credentials. Most basic case is when we are testing something. And in such a cases it comes handy when we know how to suppress e.g. temporarily the SSO.

With regards to many SAP applications which are accessed by web browser there is a special parameter supplied that supports SSO disabling.  Usually name of the parameter is SPNEGO. It stands for Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO). This thing actually serves as a protocol used to determine whether common GSSAPI (Generic Security Services Application Program Interface) mechanisms are available. If so it selects it and dispatches all security operations to it.

Whenever SPNEGO is used we are authenticated by SSO and there is no need to enter password again. The parameter is provided via URL of the application. How to use the parameter to disable the SSO?

1. SAP Portal usage:

http://hostname:port/irj/portal?spnego=disabled

2. NWBC usage:

          http://hostname:port/nwbc?spnego=disabled

3. example case for JAVA AS usage:

          http://hostname:port/nwa?spnego=disabled

http://hostname:port/useradmin?spnego=disabled

http://hostname:port/scheduler?spnego=disabled

4. example of common app usage:

http://hostname:port/my_app?spnego=disabled