I first wrote this article in my , so that later you don’t search and remember again, but since no one reads the blog, I wanted to share this information with everyone, suddenly someone will come in handy.
While working on the idea of a password reset service in SAP R / 3 systems, the question arose - how to launch the SAP GUI with the necessary parameters from the browser? Since this idea implied the use of a web service that first processes a SOAP request from the SAP GUI and sends an email with a link to a web page with a password reset script to the initial one, and then displays a message to the user about the successful password reset and displays this very initial password , then I wanted this page to also have a link to launch the SAP GUI. Moreover, for this link to open the desired system, and even, preferably, immediately with the login and password fields filled in: the user would only have to fill in a productive password twice.
Running SAP Logon was not interesting for our purpose, and when running sapgui.exe, it was impossible to specify the tenant and username, but it was possible to start a system not defined in SAP Logon. On the other hand, launching the SAP GUI with arbitrary server parameters was not particularly relevant: if we are solving the problem of resetting a user's password, then most likely he already has the necessary line in SAP Logon, with the settings he needs and does not need to climb with his own. But the SAP GUI Shortcut technology and the sapshcut.exe program itself satisfied the specified requirements, which made it possible to launch the SAP GUI using a certain “shortcut”.
Head-on solution: launching sapshcut.exe directly from the browser using an ActiveX object:
function openSAPGui(sid, client, user, password) {
var shell = new ActiveXObject("WScript.Shell");
shell.run('sapshcut.exe -system="'+sid+'" -client='+client+' -user="'+user+'" -pw="'+password+'" -language=RU');
}
The solution is bad: firstly, it only works in Internet Explorer, and secondly, it requires appropriate security settings in the browser, which can be prohibited at the domain level in an organization, and even if allowed, the browser displays a frightening warning window to the user:
Solution #2 dug up on the Internet: . Allows you to launch the application we need using a link indicating the protocol that we ourselves register in Windows in the registry in the HKEY_CLASSES_ROOT section. Since the SAP GUI Shortcut has its own subsection in this section, you can add the URL Protocol string parameter with an empty value there:
This protocol starts sapgui.exe with parameter /SHORTCUT, which is what we need:
Well, or if we want to make an arbitrary protocol in general (for example, sapshcut), then you can register it using the following reg file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOTsapshcut]
@="sapshcut Handler"
"URL Protocol"=""
[HKEY_CLASSES_ROOTsapshcutDefaultIcon]
@="sapshcut.exe"
[HKEY_CLASSES_ROOTsapshcutshell]
[HKEY_CLASSES_ROOTsapshcutshellopen]
[HKEY_CLASSES_ROOTsapshcutshellopencommand]
@="sapshcut.exe "%1""
Now, if we make a link on a web page indicating the protocol Sapgui.Shortcut.File In a similar way:
<a href='Sapgui.Shortcut.File: -system=SID -client=200'>SID200</a>
we should have a view window:
And everything seems to be fine, but when you click on the "Allow" button, we see:
Oops, the browser turned the space into %20. Well, other characters will also be encoded into their numeric code with the percent symbol. And the most annoying thing is that nothing can be done here at the browser level (everything is done according to the standard here) - the browser does not like such characters, and the Windows command interpreter does not work with such encoded values. And one more minus - the entire string is passed as a parameter, including the name of the protocol and even a colon (sapgui.shortcut.file:). Moreover, although the same sapshcut.exe can discard everything that is not a parameter for it (begins with the symbol "-", then the name, "=" and value), i.e. line like "sapgui.shortcut.file: -system=SID" still a ride, then without a space "sapgui.shortcut.file:-system=SID' is no longer working.
It turns out that, in principle, there are two options for using the URI protocol:
- Usage without parameters: We create a whole bunch of protocols for all our systems of the form SIDMANDTtype AAA200, BBB200 and so on. If you just need to start the desired system, then the option is quite working, but in our case it is not suitable, because at least you want to transfer the user's login too, but this cannot be done in this way.
- Using a call wrapper sapshcut.exe or sapgui.exe. The essence of this program is simple - it must take the string that the browser passes to it via the web protocol and turn it into the representation that Windows accepts, i.e. reversely turns all character codes into characters (maybe even parses the string by parameters) and already calls the SAP GUI with a guaranteed correct command. In our case, it doesn’t quite fit either (that’s why I didn’t even write it), because it’s not enough for us to add the protocol on all user PCs (within the domain, it’s still all right, although it’s also better to avoid this practice), but here we need more place the program on a PC, and even constantly make sure that it does not go away when reinstalling the software on the PC.
Those. we also reject this option as unsuitable for us.
Here I already began to think that I would have to say goodbye to the idea of launching the SAP GUI with the necessary parameters from the browser, but then the idea came to my mind that you can make a shortcut in SAP Logon and copy it to the desktop. I used this method once, but before that I did not specifically look at the shortcut file. And it turned out that this shortcut is a regular text file with the extension .sap. And if you run it in Windows, the SAP GUI will start with the parameters that are specified in this file. "Bingo!"
The format of this file is approximately the following (there may still be a startup transaction at startup, but I omitted it):
[System]
Name=SID
Client=200
[User]
Name=
Language=RU
Password=
[Function]
Title=
[Configuration]
GuiSize=Maximized
[Options]
Reuse=0
It seems to be all that is needed: both the system identifier, and the tenant, and the username, and even the password. And even additional options: Title - window title, GUISize — the size of the running window (full screen or not) and Reuse - whether it is necessary to open a new window or use an already open one with the same system. But a nuance immediately came out - it turned out that it was impossible to set a password in SAP Logon, the line was blocked. It turned out that this was done for security reasons: it stores all the shortcuts created in SAP Logon in a file sapshortcut.ini (Near saplogon.ini in the Windows user profile) and although they are encrypted there, they are not too strongly and, if desired, they can be decoded. But you can also resolve this by changing the value of one parameter in the registry (the default value is 0):
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USERSoftwareSAPSAPShortcutSecurity]
"EnablePassword"="1"
This unlocks the "Password" field for entry on the label creation form in SAP Logon:
And when entering a password in this field, it will be placed in the corresponding line
sapshortcut.ini, but when you drag the shortcut to the desktop, it does not appear there - but you can add it there manually. The password is encrypted, for 111111 it will look like this: PW_49B02219D1F6, for 222222 - PW_4AB3211AD2F5. But we are more interested in the fact that this password is encrypted in one way that does not depend on a particular PC, and if we reset the password to the initial one, then one previously known value can be used in this field. Well, if we want to use an arbitrarily generated password, then we will have to understand the algorithm of this cipher. But, judging by the examples given, it will not be difficult to do this. By the way, in SAP GUI 7.40 this field disappeared from the form altogether, but it correctly perceives a file with a filled password.
That is, it turns out that in the browser it is enough to click on the link to the file with the .sap extension and with the desired format - and it will offer to open it as a file of the SAP GUI Shortcut type (of course, on a PC with the SAP GUI installed) and open the SAP GUI window with the specified parameters (if the SID and client pair is in the SAP Logon list on this PC).
But, it is clear that no one will simply create files in advance and store them on the site - they must be generated based on the required parameters. For example, you can create a PHP script to generate shortcuts (sapshcut.php):
<?php
$queries = array();
parse_str($_SERVER['QUERY_STRING'], $queries);
$Title = $queries['Title'];
$Size = $queries['Size'];
$SID = $queries['SID'];
$Client = $queries['Client'];
if($Client == '') { $Client=200; };
$Lang = $queries['Language'];
if($Lang=='') { $Lang = 'RU'; };
$User = $queries['Username'];
if($User<>'') { $Password = $queries['Password']; };
$filename = $SID.$Client.'.sap';
header('Content-disposition: attachment; filename='.$filename);
header('Content-type: application/sap');
echo "[System]rn";
echo "Name=".$SID."rn";
echo "Client=".$Client."rn";
echo "[User]rn";
echo "Name=".$Username."rn";
echo "Language=".$Lang."rn";
if($Password<>'') echo "Password=".$Password."rn";
echo "[Function]rn";
if($Title<>'') {echo "Title=".$Title."rn";} else {echo "Title=Вход в системуrn";};
echo "[Configuration]rn";
if($Size=='max') { echo "GuiSize=Maximizedrn"; };
echo "[Options]rn";
echo "Reuse=0rn";
?>
If you do not set a username and password, we will get the following window with login and password requests:
If you send only the login, then the login field will be filled in, and the password field will be empty. If we pass both the username and password to the user, but the user on the PC has the EnablePassword key in the [HKEY_CURRENT_USERSoftwareSAPSAPShortcutSecurity] section set to 0 in the registry, then we get the same thing. And only if this key is set to 1 and we pass both the name and the initial password, the system will immediately ask you to enter a new permanent password twice. Which is what you need to get.
As a result, we have the following set of considered options as an illustration of all of the above:
<html>
<head>
<script>
function openSAPGui(sid, client, user, password) {
var shell = new ActiveXObject("WScript.Shell");
shell.run('sapshcut.exe -system="'+sid+'" -client='+client+' -user="'+user+'" -pw="'+password+'" -language=RU');
}
</script>
</head>
<body>
<a href='' onclick="javascript:openSAPGui('SID', '200', 'test', '');"/>Example 1: Execute sapshcut.exe (ActiveX)<br>
<a href='Sapgui.Shortcut.File: -system=SID -client=200'>Example 2: Open sapshcut.exe (URI)</a><br>
<a href='sapshcut.php?SID=SID&Client=200&User=test'>Example 3: Open file .sap (SAP GUI Shortcut)</a><br>
</body>
</html>
I got the last option. But instead of generating SAP shortcuts, you can also use, for example, the generation of CMD files, which, when opened from a browser, will also open the SAP GUI window for you. Below is an example (sapguicmd.php) directly launching the SAP GUI with the full connection string, without the need to have SAP Logon configured:
<?php
$queries = array();
parse_str($_SERVER['QUERY_STRING'], $queries);
$Title = $queries['Title'];
$ROUTER = $queries['ROUTER'];
$ROUTERPORT = $queries['ROUTERPORT'];
$HOST = $queries['HOST'];
$PORT = $queries['PORT'];
$MESS = $queries['MESS'];
$LG = $queries['LG'];
$filename = 'SAPGUI_';
if($MESS<>'') $filename = $filename.$MESS;
if($HOST<>'') $filename = $filename.$HOST;
if($PORT<>'') $filename = $filename.'_'.$PORT;
$filename = $filename.'.cmd';
header('Content-disposition: attachment; filename='.$filename);
header('Content-type: application/cmd');
echo "@echo offrn";
echo "chcp 1251rn";
echo "echo Вход в ".$Title."rn";
echo "set SAP_CODEPAGE=1504rn";
echo 'if exist "%ProgramFiles(x86)%SAPFrontEndSapGuisapgui.exe" set gui=%ProgramFiles(x86)%SAPFrontEndSapGuisapgui.exe'."rn";
echo 'if exist "%ProgramFiles%SAPFrontEndSapGuisapgui.exe" set gui=%ProgramFiles%SAPFrontEndSapGuisapgui.exe'."rn";
echo "set logon=";
if($ROUTER<>'') echo "/H/".$ROUTER;
if($ROUTERPORT<>'') echo "/S/".$ROUTERPORT;
if($MESS<>'') echo "/M/".$MESS;
if($HOST<>'') echo "/H/".$HOST;
if($PORT<>'') echo "/S/".$PORT;
if($LG<>'') echo "/G/".$LG;
echo "rn";
echo '"%gui%" %logon%'."rn";
?>
Source: habr.com