Previous Topic: SAP R3 Connection InformationNext Topic: Error: Endpoint cannot be created in this endpoint type.

Enterprise Administration GuideImplementing Shared AccountsSAM Endpoint and Shared Account CreationCreate an EndpointSAP R3 Connection InformationConfigure the SAP R3 Connector

Configure the SAP R3 Connector

Before you can use SAM to manage privileged accounts on SAP R3 endpoints, you must configure the SAP R3 connector. To configure the SAP R3 connector, install the SAP JCo library on the Enterprise Management Server or on any server that the Java Connector Server (JCS) is installed on.

Use your SAP login to download the SAP JCo library from the SAP marketplace. Verify that you select the SAP JCo library that suits the system platforms you use.

http://service.sap.com/connectors

Example: Install the SAP JCo library on Windows

The following example shows you how to install the SAP JCo library on a x86 Windows 2003 Server.

  1. Download the 32-bit JCO 2.1 bundle for Windows from SAP.
  2. Extract the sapjco-ntamd64-2.1.9.zip to a temporary directory.
  3. Copy the sapjcorfc.dll and librfc32.dll files to the Windows system32 directory.

    Note: If prompted, overwrite any existing files in this directory.

  4. Copy the sapjco.jar file to the Java Connector Server extlib directory. This directory is located at: 
    accesspath\Connector Server\extlib
  5. Restart the CA Identity Minder - Connector Server service.

    You can now use SAM to manage privileged accounts on SAP R3 endpoints.

Example: Install the SAP JCo library on Linux

  1. Download the 32-bit JCo 2.1 zip bundle for Linux from SAP and save it into a directory such as /opt/SAPJCO.
  2. Stop the JCS service: 
    /opt/CA/AccessControlServer/Connector_Server/bin/im_jcs stop.
  3. Stop the JBoss service.
  4. Install the following RPM packages if you don't have them yet:
  5. Change into /opt/SAPJCO and extract the JCo zip file.
  6. Move sapjco.jar to the /opt/CA/AccessControlServer/Connector_Server/extlib directory.
  7. Move librfccm.so to the /usr/lib directory.
  8. Change to /opt/CA/AccessControlServer/Connector_Server/bin and open the im_jcs file. Locate the ‘## Load options’ section. Copy the JVM options portion between the quotation marks into your clipboard: 
    ## Load options
JVM_OPTIONS="-Djava.security.edg=file:/dev/./urandom -Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256 -Xms256M -Xmx512M -client -Djava.awt.headless=true -Dlog4jconfiguration=../conf/log4j.properties -Djava.library.path=."
  9. Change to /opt/CA/AccessControlServer/Connector_Server/data. Create a file jvm_options.conf.
  10. Set the minimum file permissions as follows: 
    chmod 644 /opt/CA/AccessControlServer/Connector_Server/data/jvm_options.conf
  11. Edit jvm_options.conf and paste the copied JVM options into a single line, as the first line of the file, and without extra newlines at the end.

    Append the path where you have stored the SAP JCo library file (for example /opt/SAPJCO) to the java.library.path option, and save the file.

    Example:

    -Djava.security.edg=file:/dev/./urandom -Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256 -Xms256M -Xmx512M -client -Djava.awt.headless=true -Dlog4jconfiguration=../conf/log4j.properties -Djava.library.path=.:/opt/SAPJCO
  12. Change to /opt/CA/AccessControlServer/Connector_Server/bin.
  13. Set LD_LIBRARY_PATH variable to include the /usr/lib directory: 
    export LD_LIBRARY_PATH=/usr/lib.
  14. Start the JCS server from the same terminal where you set the LD_LIBRARY_PATH 
    ./im_jcs start
  15. Start the JBoss server.

More information:

SAP R3 Connection Information