Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Self Service in SAP NetWeaver Gateway

former_member195242
Active Participant
‎09-05-2013 8:01 AM

This blog introduces a new feature - User Self Service, from SAP NetWeaver Gateway. This mainly focuses on business to customers(B2C) scenarios using which SAP Business Suite B2C customers:

  • can register themselves in the SAP Business suite systems.
  • have an option to reset their password in case they forget it.
  • can manage their profile
    • Change profile data
    • Change password

For example, if a company is using SAP's Business Suite solution, they can enable their business consumers to register themselves in the SAP Business suite system by providing them with an application based on User Self Service.

So are you wondering how to start? How do I use the OData services provided to start using this feature? What are the steps? Can I customize or extend the features to my requirements?

Everything you need to know is below! I will be talking about customizations more while explaining the process.

Prerequisites

You need to make sure all the pre-requisites are fulfilled.

Self Registration Process

Assuming that all the required configurations have been done, we would be working with two OData services provided by SAP NetWeaver Gateway:

  1. /IWBEP/USERREQUESTMANAGEMENT - to register a user, activate a user and reset credential. You also have an option to extend the UserRequest entity in this service to suit their requirements.
  2. /IWBEP/USERMANAGEMENT - to access user's profile, change profile data and change the password.

Note: Please activate the above two services in your Gateway hub system.

Before we get started, let's have a quick look at the complete picture of the functionality in brief. An anonymous user can create his user in the SAP system by following the below mentioned two step process:

Figure 1:

Legends : * = mandatory

User Interface

For better understanding, lets take a simple example, where an organization wants to provide User Self Service facility through a browser based SAP UI5 application and make it available to it's users. I will try to show how the UI may look in this case with some screenshots. UI is just indicative and not a part of standard delivery.

Step 1: Register your username

UI: The first UI may look like as shown below where in it provides option for users to register themselves. It also shows another view where users can login and view their profile.

Figure 2:

The first step is to register yourself with a user name. The OData service used for this purpose is /IWBEP/USERREQUESTMANAGEMENT. You need to execute a POST request on the entity UserRequestCollection. This service is executed in service user context. You need to provide other details like FirstName, LastName, EmailAddress, UserCategory, etc.

  • Customization 1*: You need to provide the UserCategory as you must have earlier maintained, in the IMG activity  - Maintain User Category. User category is mapped to a reference user  which will be used to create your user. The reference user has to be created with proper authorizations and profiles based on your requirements. Multiple user categories can be maintained and used while creating users as per the customers' requirements.  Please check IMG documentation for more information.

The HTTP POST to create a User Request can be done as shown below:

Upon successful creation of User request, you will receive a notification email to your email Id which you had provided while creating the User Request. The activation link in that email will contain the Activation Key required to perform the next step.

  • Customization 2* : To receive the notification email, you need to maintain the application URL in the IMG Maintain URL for User Account Activation as mentioned in the IMG Activities. This URL should take the user to the application page(Figure 3) where he can provide password and can proceed with next step - Activate your User.

  • Customization 3 : The email notification is the default implementation provided by SAP. You can define your own notification process. in the IMG Define Notification Process for User Request Management as mentioned in the IMG Activities.

  • Customization 4 : In case you want to use the standard notification agent to send email notifications but customize the content of the email, the same can be in the IMG Define Notification Process for User Request Management  as mentioned in the IMG Activities. Please check the IMG documentation for more information.

Step 2: Activate your user

UI:  The below image is the activation UI which appears when you click on the activation URL received in the email. Here the end users need to just enter the password and click activate. The UI also shows a navigation back to the login page where end users can view their profile after successfully activating their user:

Figure 3:

Now, the next step would be to activate your user. You need to execute a PUT request on the entity i.e. UserRequestActivationRequestCollection with key as RequestID. The request body while executing PUT in this case has two properties ActivationKey and Password. RequestID and ActivationKey is present in the email link that you received earlier and the Password should come from the UI. The email link also has a parameter type, value '0' means its user activation link and value '1' means its a link for reset credential(discussed later in the section - Reset Credential).

Activation URL example:
<applicationURL>?RequestID=005056A509D41ED2BA8EBB9F89EEEBE1&ActivationKey=47CBAC803E9B6F1FA3508F0A76F8095EB647A9F3&type=0

  • Customization 5 [Optional but IMPORTANT] : Users have an option to implement their own User Management flow - create users, manage users, reset password and check user existence in a totally different user management system. By default SAP provides an implementation to manage users using the user and role administration functions of SAP NetWeaver AS ABAP. The relevant IMG is Implement User Management - IMG Activities.

  • Customization 6* : You need to maintain an RFC destination for a non co-deployed scenario. This enables the user replication on the SAP NetWeaver Gateway hub system. This is not required if IW_BEP and IW_FND component are in the same system i.e. a co-deployed scenario. The relevant IMG node is - Maintain RFC Destination for User Replication - IMG Activities. Please check the IMG documentation for more information.

  • Customization 7 : You can also define a handler for User Management notification which is executed after the user is created in the system. For example if you would like to notify the person (who has implemented the BAdI) about the user creation or applications can use this information to perform application specific logic like replication of user along with Business partner data into SAP Business Suite system. The relevant IMG node is - Define Handler for User Management Notification - IMG Activities. Please check the IMG documentation for more information.

The HTTP PUT request can be done as shown below:

So, that's it! The user is activated and created in the SAP system.

Forgot password? Reset Credential :smile:

------- ( updated )----------

UI: The first part of the UI for reset credential can be same as seen on the right side of the Figure 2.

In case the user has forgotten his/her password, there is an easy way to reset the password. There are two options available here:
  1. If the user only remembers his/her user name: A function import(service operation) named ResetUserCredential with method POST needs to be executed with the UserName as an input parameter.
  2. If the user only remembers his/her email ID: A function import(service operation) named ResetUserCredentialUsingEmail with method POST needs to be executed with the UserEmailID as an input parameter.

The function import can be executed as show below:

A new auto generated password and an activation link will be sent to the user in both the above mentioned cases, to the same e-mail id which was used to create the user. The activation link this time should have a parameter type=1 which signifies it's a link to reset the credential. The auto generated password  can be enabled by the user only upon clicking the activation link.

Activation URL example in case of Reset credential:
<applicationURL>?RequestID=005056A509D41ED2BA8EBB9F89EEEBE1&ActivationKey=47CBAC803E9B6F1FA3508F0A76F8095EB647A9F3&type=1

When the above URL is clicked, it should internally execute the OData service similar to Step 2: Activate your user (with a minor change in the request body), which would enable the password that was sent in the email. The exact process to be followed is mentioned below:

You need to execute a PUT request on the entity i.e. UserRequestActivationRequestCollection with key as RequestID. The request body while executing PUT in this case has only one property ActivationKey. RequestID and ActivationKey is present in the email link that you received earlier.

Now the user can use the same password for the next login.

-------------

Manage your Profile
Now that user is created, he/she can now access the information, update profile data, or change password easily using the OData service provided - /IWBEP/USERMANAGEMENT. This service uses the same user name(internet user) as logon credential which you had created.

UI : The sample UI can look like this:

Figure 5:

Sample URL to access profile data:

To update the profile data, use PUT operation on the above URL with a proper request body. To change the password, you can use another entity UserCredential and execute a PUT request providing UserName, Password and CurrentPassword in the request body.

And we are done! :smile:

For more info on User Self Service, check out the below video tutorial.


Feedback appreciated.
40 Comments
Labels in this area
Popular Blog Posts