PRE REFRESH TASKS FOR JAVA
1) Compare ABAP and JAVA patch levels in source vs target. Determine if the refresh will overlay/remove any patching to the target system. If so, they will need to be re-applied after the refresh is completed.
2) Backup target system database, tar /usr/sap, /sapmnt directories and sub directories 3) Verify that you know what the passwords are for the following users, which is required at the Post Tasks – Target System: SAP : Source Source Syst System: em: Orac Oracle le :
J2EE_ADMIN, SAPJSF, DDIC, SLDDSUSER, SLDAPIUSER, ADSUSER ADS_AGENT SAPSR3D SAPSR3DB B (if it it differs differs from from Target Target to to Source Source))
4) Verify that you have the Java license available, to be applied at the post tasks
EXPORT Java Schema from the TARGET System:
5) Shutdown target CI and app servers (if any exist) 6) From target system DB, as adm , create/review/modify the export parfile in /home/adm/refresh directory: (If the directory does not exist, create it via – mkdir /home/adm/refresh)/ vi/more sap_java_export.par file=/work/_java_exp.dmp log=/work/_java_exp.log userid=system/password owner=SAPSR3DB buffer=52428800 rows=y grants=y compress=Y indexes=y schema SAPSR3DB from adm: 7) Export the java schema exp parfile=/home/adm/refresh/sap_java_export.par export log (/work/_java_exp.log) for errors 8) Check the export
9) Extract each table name from the log file and put in new file (e.g. /work/_truncate.sql)
grep ‘. . exporting table’ TSID_java_exp.log > TSID_java_exp.log2
cut -c20-51 TSID_java_exp.log2 TSID_java_exp.log2 > TSID_truncate TSID_truncate
10) Edit the various file(s) with vi editor and (using substitution text command) make the following changes:
add ‘truncate ‘truncate table’ to each each table name and
‘;’ at the end of each line:
vi TSID_truncate
:1,$s/^/truncate table /g
:1,$s/$/;/g
:w! TSID_truncate_file
add the owner ‘SAPSR3DB’ to each table name: examples:
(save copy)
:1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/ :1,$s/
ADS_/SAPSR3DB.ADS_/g BC_/SAPSR3DB.BC_/g BI_/SAPSR3DB.BI_/g CAF_/SAPSR3DB.CAF_/g EP_/SAPSR3DB.EP_/g J2EE_/SAPSR3DB.J2EE_/g KMC_/SAPSR3DB.KMC_/g SDBAD/SAPSR3DB.SDBAD/g SDBAH/SAPSR3DB.SDBAH/g SP_/SAPSR3DB.SP_/g TC_/SAPSR3DB.TC_/g UME_/SAPSR3DB.UME_/g WCR_/SAPSR3DB.WCR_/g XAP_/SAPSR3DB.XAP_/g
add ‘spool TSID_truncate.log;’ as the first line of the file
:w! KPW_truncate.sql
.
11) Shutdown target DB and perform Database restore from source as usual.
IMPORT Java Schema INTO TARGET System: 1) From target DB – create/review/modify the import par file in /home/adm/refresh directory more sap_java_import.par userid=userid/password fromuser=SAPSR3DB file=/work/_java_exp.dmp log=/work/_java_imp.log buffer=52428800 rows=y ignore=y grants=N indexes=N constraints=N feedback=100 2) Truncate all java tables in java schema from ora(using the truncate table list created in ‘EXPORT Java Schema from the TARGET System’ ) sqlplus ‘/as sysdba’ SQL> @/work/_truncate.sql SQL> exit
3) Confirm there are no errors in the log
4) Import java tables from adm: imp parfile=/home/adm/refresh/sap_java_import.par 5) Review import logs for errors. If errors, please investigate
***Note Java server node will not startup until ABAP license is installed
POST REFRESH TASKS FOR JAVA:
1a) The passwords for SAPJSF and J2EE_ADMIN in SAP will need to be reset back to what the original target system had before restarting the CI, including password for user SAPSR3DB in database. 1b) Restart CI and verify JAVA starts up 2) Confirm java and portal URLs and logon to each a. https://eukfieusap01.krft.net:500 b. https://eukfieusap01.krft.net:500/irj/portal 3) Verify web dispatcher is up and functioning correctly (if web dispatcher exists) Logon as webadm to URL https://eukfieusap01.krft.net/sap/admin 4) If Kraft requests that, the target system userids are NOT exported/imported, the user passwords will need to be synced up. The passwords for the following users need to be changed via SU01: J2EE_ADMIN ,DDIC, SLDDSUSER, SLDAPIUSER, SAPJSF, ADSUSER, ADS_AGENT 5) Visual Administrator – review java parameters and JCO settings (if required) 6) Apply JAVA license via License Adaptor service in VA. 7) Verify oracle parameters and abap profile parameters (if required); also confirm patch/stack levels for java and abap – compare with prod instances; For abap compare via RSPARAM 8) Test connections (i.e. webgui) via SICF txn – s/b tested again after SSO/SSL configured 9) Modify and verify SSO/SSL - recreate PSEs in ABAP , txn STRUSTSS02. reload consumer portals (if applicable) and java certificates in ABAP - reload the ABAP and consumer portals (if applicable) certificates in Java Key Storage service
-
confirm SSL settings are correct in Java Key Storage service (service_ssl) and SSL Provider service (if applicable) confirm ticket and evaluate assertion ticket components are correct in Java Security Provider service Test the SSO config. See Appendix1 Test access to producer portal and NWA: https://eukfieusap01.krft.net:500 https://eukfieusap01.krft.net:500/irj/portal if webdispatcher exists use URLS (if applicable): https://eukfieusap01.krft.net/ https://eukfieusap01.krft.net /irj/portal
Specific SSO/SSL modifications for BI: - VA -> Cluster -> Server -> Services -> Configuration Adapter -> cluster_data -> server -> cfg -> services -> Propertysheet com.sap.security.core.ume.service: change ume.r3.mastersystem to TSIDCLNT100 - VA -> Cluster -> Server -> Services ->UME provider: modify the ume.r3.mastersystem to TSIDCLNT100
-
re-create J2EE group Administrators based on PZR setup add ume.configuration.active = true to EvaluateAssertionTicketLoginModule
-
Check settings in - https://eukfieusap01.krft.net/irj/ -> System Administration -> System Configuration -> System Landscape -> Portal Content -> Systemlandscape -> SAP_BW: ITS and Web AS host name including Protocol. SM30 -> RSPOR_T_PORTAL: Create the correct entry, delete the current one and verify the URL prefix is
correct - Execute report RSPOR_SETUP to confirm SSO for BI
10) Apply any patches to that were wiped out from the refresh (if required) 11) Modify password safe if necessary
APPENDIX 1 How to test SSO between the ABAP and Java stack of a system Test 1: Test if Java accepts the assertion ticket from ABAP ----------------------------------------------------------Close all browser windows. http://eukfieusap01.krft.net:80/sap/bc/bsp/sap/it00/default.htm Enter login and password http://eukfieusapkrw01.krft.net:500/irj if not prompted for login details after 4. above, then all is well.
Test 2: Test if ABAP accepts the assertion ticket from Java ----------------------------------------------------------Close all browser windows http://eukfieusap01.krft.net:500/irj Enter login and password http://eukfieusap01.krft.net:80/sap/bc/bsp/sap/it00/default.htm if not prompted for login details after 4, above, then all is well.