SAML Setup for BW users and Performance issues in Azure Cloud – Learning Experiences

Hi All,

I would like to share our learning experiences during the BOBJ Azure Cloud Migrations for the retail company.

1. SAML Authentication issues for SAP Users.

Hope many of you aware the SAML Implementations processes in BOBJ System.

Objective :

Implement SAML OKTA for Tomcat systems and enable the SSO for SAP Users and Enterprise Users in Azure Cloud system.

Please refer this KBA Article for SAML implementations on BOE to Tomcat – https://launchpad.support.sap.com/#/notes/2788146

After all the steps followed as per KBA. we need to work with IDP team for the Metadata file generations.

Generally,  IDP team pass the User ID or email address as a parameter in the Metadata.

In this case, we have faced the challenges with BW users to enable the OKTA and their id is not being passed as token to the SAML tomcat system.

When we are logging with our credentials in the SAP enterprise portal or SAP BOBJ LB URL , SAML SSO is not working for us.

Solution :

SAP Users has the prefix as system name before the User ID. that cause the issue in SAML token parameter.

Example : Systemname~Clientname/UserId  -> SAP ID will be like this after the users role imported from the users groups.

To fix this, we need to make SAP users as simple users(without prefix) in BOBJ System.

We have to perform the removal of system name as prefix for all global BW users in BOBJ system.

Since users count is very high for our current prod system (10000+ BW Users), We have gone with  Java script to remove the prefix system name from the User Name and then we passed the user id to IDP and SAML was working fine.

Java script converted all the BW users “SAPBW~500/123456” into Simple users like below “123456”.

Post this, All users were able to login BOBJ system and SSO was working fine.

2. Performance issues after the GO LIVE of Azure PROD BOBJ systems.

Biggest challenges we have faced after the GO LIVE from all the region users for the finance related reports executions.

Most of the users reported us that they are not able to run the report for 2 month records in Azure LB URL.

Issue is:  When the sessions getting increased and users are running the larger data set report then the system getting HUNG. ( Tomcat Java heap size also getting increased and we are not able to stop the tomcat automatically )

Also when the long running reports are being executed system behaves drastically and tomcat servers are getting HUNG.

Session not even high like 200 or more than that. When it reaches 50+ itself, CMC login page itself getting hung and overall navigations are very slow.

Note: We have increased the timeout settings in application gateway side to 30 mins as well. still the issues occurred.

Solutions;

There are various steps to be followed in order to avoid this performance issues.

  1. Since its Azure system, We have checked the NSG connectivity for each services and make sure the manual ports are assigned to all core bobj servers.
  2. In tomcat level, Increased Java heap size memory to 10 GB  and memory pool as well.
  3. Max thread has been increased to 300 in Server xml file.
  4. 4. In WebI processing servers, we also need to make ip address of BOBJ server in IPV4 in order to make better performances.

We have successfully deployed the system to Production after all these fixes and last 3 months no issues with respect to performance issues.

Conclusions :

This Article helps you to understand the Post SAML implementations for SAP BW users level.

End of this article, you will be able to understand the Performance resolutions post Azure Migrations.

Please share your comments and Like if you interested on this articles.

Thanks

Vignesh