Managing the SAP® Enterprise Portal 6 application in IAG SP2

  • Article

Applies To: Intelligent Application Gateway (IAG)

Application-Specific Settings

This topic describes additional options you can implement and which determine aspects of the behavior of SAP Enterprise Portal 6 when accessed from a remote computer using Whale Communications Intelligent Application Gateway (IAG) 2007, including:

  • Enabling access via the SAP portal to third-party applications that communicate directly with the application server, in Integration with Third-Party Applications.

  • Preventing users from uploading attachments to the portal, or sending email attachments, unless their computer meets the defined security policy requirements, as described in Blocking Uploads and Attachment Sending.

  • Preventing users from deleting documents or editing documents locally, unless their computer meets the defined security policy requirements, as described in Blocking Document Deleting and Editing.

Note

Some SAP implementation may generate URLs with a long path. By default, the IIS rejects URLs where the path is longer than 260 characters. For details, and for a description of the registry key that controls this setting, access the following link:

https://support.microsoft.com/kb/820129/en-us

Note that this setting is global to all IIS sites on the computer.

Integration with third-party applications

You can enable access from the SAP portal to third-party applications via the SAP portal iViews. This is required only for third-party applications that communicate directly with the application server, for example an Outlook Web Access server.

For applications of this type, you need to add a corresponding application to the Whale portal. In the Configuration program, use the Add Application Wizard to add the required applications to the trunk that enables access to the SAP portal.

Blocking uploads and attachment sending

You can configuration the upload policy of an application so that end-users cannot upload attachments to the portal, or send email attachments, if the client endpoint does not meet the security policy requirements. Users that are blocked are notified accordingly.

In order to enable this option, once you finish adding the application to the trunk, you need to assign a unique Upload policy to the application, as described in this section.

To block uploads and attachment sending

  1. In the Configuration console, access the Application Properties dialog box.

  2. In the General tab, in the Endpoint Policies area, in the Upload list, select the SAP Enterprise Portal 6 Upload policy.

  3. By default, the value of the policy is as follows:

    • The value of the Windows platform-specific policy is "True", and it does not prevent uploads from endpoint computers running Windows operating systems.

    • The value of the MAC OS, Linux, and Other platform-specific policies is "False", and they prevent uploads from endpoint computers running operating systems other than Windows.

    If required, change the policy to comply with your corporate policy by removing the default values from the relevant platform-specific policies, and assigning the appropriate values. For more information, see Managing IAG client endpoint policies.

  4. On the toolbar of the Configuration console, click the Activate Configuration icon, and then on the Activate Configuration dialog box, click Activate.

    When the configuration is activated, the message "IAG configuration activated successfully" appears.

    Attachment sending and uploading will only be enabled on endpoint computers that comply with the security policy that you define here.

Blocking document deleting and editing

You can prevent end-users from deleting documents, or editing documents locally, if the client endpoint does not meet the defined security policy requirements. Users that are blocked are notified accordingly.

In order to enable this option, once you finish adding the application to the trunk, you need to define the security policy requirements using a dedicated endpoint policy: "SAP Enterprise Portal 6 Enhanced Security". By default, the value of the policy is as follows:

  • The value of the Windows platform-specific policy is "True", and it does not prevent document deleting and local editing on endpoint computers running Windows operating systems.

  • The value of the MAC OS, Linux, and Other platform-specific policies is "False", and they prevent document deleting and local editing on endpoint computers running operating systems other than Windows.

If required, change the policy to comply with your corporate policy, as described here.

To block document editing and deleting

  1. In the Configuration console, open the Application Properties dialog box. In the General tab, click Manage Policies.

  2. In the Manage Policies and Expressions dialog box, under the Policies group, select the policy SAP Enterprise Portal 6 Enhanced Security, and then click Edit Policy.

  3. To define the prerequisites that endpoint computers must meet in order to enable document deleting and local editing, remove the default values from the relevant platform-specific policies, and assign the appropriate values. For more information, see Managing IAG client endpoint policies..

  4. On the toolbar of the Configuration console, click the Activate Configuration icon, and then on the Activate Configuration dialog box, click Activate.

    When the configuration is activated, the message "IAG configuration activated successfully" appears.

    Document deleting and local editing will only be enabled on endpoint computers that comply with the security policy that you define here.

Cleaning application-specific temporary files

When the option Attachment Wiper Cleans Application-Specific Temporary Files is activated, the IAG Attachment Wiper component deletes the client’s cache. This option is activated in the Session tab of the trunk properties. Note that the Attachment Wiper component deletes. Application-specific files only if the application is part of the IAG site.

By default, the IAG Attachment Wiper component deletes the browser’s cache. In addition, you can configure the IAG to delete attachments, including all files and sub-folders, from the following SAP-specific cache folder:

%temp%\docservice\*.*\

Warning

The "docservice" folder is where SAP saves temporary copies of documents that users edit locally. If the Attachment Wiper deletes the folder before the user checks in a document, all changes are lost.

For more information, see About the IAG Attachment Wiper component.

To configure Attachment Wiper to delete the "docservice" folder

  1. In the IAG server, copy the following file:

    …\Whale-Com\e-Gap\von\conf\samples\SAPEP6_sample.txt

    Place it under the following location:

    …\Whale-Com\e-Gap\von\conf\wizarddefaults\AWPaths

  2. Rename the file you copied in step 1 to SAPEP6.txt:

    …\Whale-Com\e-Gap\von\conf\wizarddefaults\AWPaths\SAPEP6.txt

  3. In the IAG Configuration console, click the Activate icon to activate the configuration, select the option "Apply changes made to external configuration settings", and click Activate.

    When the IAG Attachment Wiper component deletes attachments, it will delete all data under the "docservice" folder.

    Note

    The file you copied in step 1 will be over-written when the IAG software is next upgraded or a patch is applied. In this case, you will have to run this procedure again.