SAP Portal & ESS PayStub - From Blueprint and Workshops to WDA/ABAP Configuration, Security, and Second Level PIN Authentication to an Employee Self-service Portal
Optimizing AI for immediate response in Smart CCTV
SAP Portal and Second Level Authentication Implementation for ESS Paystub
1. Employee Self-Service Portal / ID: 2101
Markus van Kempen – SAP Solutions Architect
E: mvk@ca.ibm.com T: @markusvankempen
Innovating with People and Technology
1
2. Abstract
SAP Portal/ESS Pay - From Blueprint and Workshops to
WDA/ABAP Configuration, Security, and Second Level
PIN Authentication to an Employee Self-service Portal
Session ID: 2101
2
4. Related Session
Additional Session:
Portal ‒ How to Deal with Role-Based Navigation Models
for Different Countries and Languages
Thu. 03:00 p.m. - 04:00 p.m.
Session id: 2213
4
5. LEARNING POINTS
ESS /WDA and Portal can be implemented quickly
Implementation Approach via Prototyping
Pay attention to Non- functional requirements
5
6. Agenda
Pay & Time Portal Implementation Journey
Plan
Approach
Lessons Learned
6
7. The Scope
The Scope
Business Case
Upgrade/use Eph5
Implement NW Portal
ESS Pay/Time Statements
Tax Forms
For 4000+ Managers
7
8. The Plan
The Plan
Build a Prototype
Run workshop for Blueprinting
Build Infrastructure in Parallel
Use Prototype to accelerate implementation
Communication and Change Management
5 FTEs (3 FTE Customer/Client) - 5 Month
Start in Oct 2011 /go live Feb 2012
8
9. Blueprinting via Prototyping
Portal
Strategy
Collect, Finalize
Portal
Requirements
Blueprint Agree &
Confirm
July 2008 September October November December January February
We are here
Specs
Review
SignOff
Design &
Build
Go-Live
Deliverables
Realize
Step 1 Step 2 Step 3 Step 4
Prepping
Testing
9
14. Time and Close/logoff Popup if inactive
Config and Javascript
http://help.sap.com/saphelp_nw70ehp2/helpdata/de/85/38c3e489ba4a9a984c05851e07c5aa/content.htm
Logout
On Logout close all
open Portal windows.
help.sap.com
Set properties:
enableCloseAllWindows to true
14
18. 2nd Level Authentication
PIN requirements
PIN – Personal Identification Number
PIN has
4-8 Digits
PIN does not expire
PIN can be changed
Initial Pin is PerNr(4)+Birthday(2)+BirthMonth(2)
18
19. 2nd level Authentication via PIN
19
Click on
Payroll Link
will shows PIN
Logon screen
Welcome to the
Payroll Portal
Click on
Payroll Link
will shows PIN
Logon screen
28. Volume and Stress/Load Test (VST)
Load Testing will help to
Validate Sizing
Set/Find SLA/KPI
How
Testing tools (QTC,Rational,…)
Parallel Manual Testing
28
31. Statistics/Reporting
tcode: stad
Tcode: STAD or ST03 (Web Server Stats)
These report display the userid information
by Web Dynpro application and time period.
31
35. Related Session
Additional Session:
Portal ‒ How to Deal with Role-Based Navigation Models
for Different Countries and Languages
Thu. 03:00 p.m. - 04:00 p.m.
Session id: 2213
35
36. THANK YOU FOR PARTICIPATING
Please provide feedback on this session by completing a short
survey via the event mobile application.
SESSION CODE: 2101
Related Session
Please visit also my Portal Session (2213) -
How to Deal with Role-Based Navigation Models for
Different Countries and Languages
36
37. Thank You
Markus van Kempen – SAP Architect
email: mvk@ca.ibm.com
Twitter: @markusvankempen
Hashtag: #MVK
Innovating with People and Technology
37
38. Markus van Kempen – SAP Architect
Innovating with People and Technology
email: mvk@ca.ibm.com
Twitter: @markusvankempen
Hashtag: #MVK
39. Additional
OOPS/OSS notes
0000791765 Mixed JSESSIONID Cookies from Different Servers
0001332726 Troubleshooting Wizard 0001472848 Advance delivery of patches or
analysis tools
0001536782 IPrincipal.toString method reads data from the datasource
0001552337 Security session persistence in T_CHUNK
0001569773 Security sessions might remain alive after expiration period
0001621149 Memory leak in session management
0001670179 Deadlock in session management while tracing is enabled
0001688352 Deadlock in engine session management while stopping an app
0001696132 Deadlock in AS Java Session Management
0001720677 User Guest granted privileges of a real user
39
40. VA Assessment
KM/ SAP Management Console
KM needs to be secured
Note 599425 - Permissions for KM repositories
Note 1499993 - Insecure default configuration of ACLs in KM
Note 943336 - HttpOnly cookie attribute
Disable SAP Console
http://Server:5xx13/
Note 1439348 - Extended security
40
41. WDA/Config & URL Parameter
DATA APPLICATION Type Ref To CL_WDR_CLIENT_APPLICATION. "used to get Configuration ID
DATA CONFIGITTAB Type WDY_CONFIG_KEY. "used to get Configuration ID
* Custom Code for ESS: begin - default start date and end date depend on Configuration ID
APPLICATION = cl_wdr_task=>APPLICATION.
CONFIGITTAB = Application->configuration_id.
* CONFIGID = CONFIGITTAB-CONFIG_ID.
IF CONFIGITTAB-CONFIG_ID eq 'ZTT_ESS_CC_TIM_DATESEL_OVP_PREV'.
year = SY-DATUM+0(4).
year = year - 1.
datechar = '20001231'.
write year to datechar+0(4).
ev_begda = datechar.
ev_endda = datechar.
ELSE.
Put Current Date back
ev_endda = sy-datum.
ev_begda = sy-datum.
ENDIF.
41